Your search keyword '"attack classification"' showing total 88 results

1. AResNet Model Using Deep Learning Approach for Enhancing the Internet of Things (IoT) Forensic Readiness Framework.

Author

Rizal, Randi, Selamat, Siti Rahayu, Mas'ud, Mohd. Zaki, and Rahmatulloh, Alam

Subjects

ARTIFICIAL neural networks, SWARM intelligence, PARTICLE swarm optimization, FORENSIC sciences, DATA libraries

Abstract

The rapid growth in the usage of the Internet of Things (IoT) has expanded both in size and scope. The automation and real-time services provided by IoT devices have increased their vulnerability to ongoing attacks. One of the significant challenges in forensic analysis is the limited computational capability and storage capacity of IoT devices, which complicates the process of collecting and identifying various attack types during forensic readiness investigations process. This research proposed an Advanced Residual Network (AResNet) as an integrated model for all IoT devices, incorporating performance improvements from previous research to enhance the IoT forensic readiness framework. Explains the phase of collecting attack data into a forensic repository to identify and analyze types of attacks on IoT networks using a deep learning approach. The proposed forensic IoT readiness framework has three novel functions. First, the repository serves as a secure storage solution for data on various attacks targeting IoT devices, ensuring data integrity and providing a reliable reference source for valid digital evidence. Second, utilizes Particle Swarm Optimization (PSO) algorithms to determine the best and optimal hyperparameters, resulting in a significant improvement in the performance of the deep learning model. Third, it involves the development of the Advanced Residual Network algorithm based on deep neural networks with the collective intelligence of PSO, functioning as an Early Warning System. This system is designed to identify various types of attacks on different IoT devices with a high degree of accuracy. The AResNet model was trained and evaluated using the N-BaIoT dataset, and its performance was compared with various other deep learning models, including RNN, LSTM, CNN, 1D-CNN, and CNN-LSTM. The experimental results clearly demonstrate that the proposed model significantly outperforms previous methodologies in identifying and classifying types of attacks across all IoT devices directly, achieving an accuracy of 0.92, precision of 1.00, and recall of 1.00. Consequently, having a greatly impact on the effectiveness of the IoT forensic readiness investigation process. [ABSTRACT FROM AUTHOR]

Published

2024

2. Random forest with differential privacy in federated learning framework for network attack detection and classification.

Author

Markovic, Tijana, Leon, Miguel, Buffoni, David, and Punnekkat, Sasikumar

Subjects

FEDERATED learning, RANDOM forest algorithms, DIGITAL technology, COMPUTER networks, SMART cities

Abstract

Communication networks are crucial components of the underlying digital infrastructure in any smart city setup. The increasing usage of computer networks brings additional cyber security concerns, and every organization has to implement preventive measures to protect valuable data and business processes. Due to the inherent distributed nature of the city infrastructures as well as the critical nature of its resources and data, any solution to the attack detection calls for distributed, efficient and privacy preserving solutions. In this paper, we extend the evaluation of our federated learning framework for network attacks detection and classification based on random forest. Previously the framework was evaluated only for attack detection using four well-known intrusion detection datasets (KDD, NSL-KDD, UNSW-NB15, and CIC-IDS-2017). In this paper, we extend the evaluation for attack classification. We also evaluate how adding differential privacy into random forest, as an additional protective mechanism, affects the framework performances. The results show that the framework outperforms the average performance of independent random forests on clients for both attack detection and classification. Adding differential privacy penalizes the performance of random forest, as expected, but the use of the proposed framework still brings benefits in comparison to the use of independent local models. The code used in this paper is publicly available, to enable transparency and facilitate reproducibility within the research community. [ABSTRACT FROM AUTHOR]

Published

2024

3. Optimization of Intrusion Detection with Deep Learning: A Study Based on the KDD Cup 99 Database.

Author

Amine, Agalit Mohamed and Khamlichi, Youness Idrissi

Subjects

ARTIFICIAL neural networks, DEEP learning, DATABASES, COMPUTER network security, DATA analysis, CYBERTERRORISM

Abstract

With the exponential increase in cyberattacks, the need for effective and scalable network intrusion detection systems (IDS) is critical. This study evaluates the effectiveness of applying a deep neural network model designed for network attack classification using the KDD Cup 99 database. Our approach involves meticulous data preparation and model training optimization, which leads to notable improvements in the accuracy of detecting various types of attacks. The results highlight the potential of deep learning techniques to significantly enhance IDS performance. This study provides valuable insights into the practical application of deep learning in network security and suggests avenues for future research aimed at improving IDS capabilities and adapting to emerging cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

4. An end-to-end intrusion detection system with IoT dataset using deep learning with unsupervised feature extraction.

Author

Kunang, Yesi Novaria, Nurmaini, Siti, Stiawan, Deris, and Suprapto, Bhakti Yudho

Subjects

*DEEP learning, *FEATURE extraction, *MACHINE learning, *INTERNET of things

Abstract

The rapid growth of the Internet of things (IoT) platform has implications on security vulnerabilities that need to be resolved. This requires an intrusion detection system (IDS) to secure attacks on the platforms. In line with this, numerous machine and deep learning algorithms have been adopted to detect cyber-attacks. Real-time IoT devices transmit massive amounts of heterogeneous data, which affects the network. Traffic networks generate redundant and large amounts of data that must be reduced before processing. This study proposed a hybrid deep learning model for an IDS on the IoT platform. We used unsupervised approaches to extract data dimensions and features, then a neural network for classification. Several approaches were used to determine the effectiveness of the deep learning-based IoT IDS with two scenarios of feature extraction. The first case used autoencoder variants such as deep autoencoder (DAE), deep LSTM autoencoder (LSTM-DAE), and deep convolutional autoencoder. The second case used stacked models for feature extraction, including stacked autoencoder and deep belief network. The feature extraction output from the five models was fine-tuned to the fully connected layer using the BoT-IoT dataset. The results showed a good detection performance of almost 100% and a false positive rate (FPR) of nearly 0%. On the CSE-CIC-IDS2018 dataset, the proposed deep learning model was evaluated using a transfer learning approach with the highest detection rate of 99.17% and the lowest FPR of 0.18%. The model developed from the feature extraction process recognized attacks significantly better than the previous approach. [ABSTRACT FROM AUTHOR]

Published

2024

5. A detailed study of resampling algorithms for cyberattack classification in engineering applications.

Author

Mogollón Gutiérrez, Óscar, Sancho Núñez, José Carlos, Ávila, Mar, and Caro, Andrés

Subjects

CLASSIFICATION algorithms, KNOWLEDGE representation (Information theory), INDUSTRIALISM, ENGINEERING, INTERNET security

Abstract

The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it's crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one-vs-rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks. [ABSTRACT FROM AUTHOR]

Published

2024

6. Enhancing IoT security: A comparative study of feature reduction techniques for intrusion detection system

Author

Jing Li, Hewan Chen, Mohd Othman Shahizan, and Lizawati Mi Yusuf

Subjects

Internet of things, Intrusion detection, Feature reduction, Machine learning, Attack classification, Cybernetics, Q300-390, Electronic computers. Computer science, QA75.5-76.95

Abstract

Internet of Things (IoT) devices are extensively utilized but are susceptible to cyberattacks, posing significant security challenges. To mitigate these threats, machine learning techniques have been implemented for network intrusion detection in IoT environments. These techniques commonly employ various feature reduction methods, prior to inputting data into models, in order to enhance the efficiency of detection processes to meet real-time requirements. This study provides a comprehensive comparison of feature selection (FS) and feature extraction (FE) techniques for network intrusion detection systems (NIDS) in IoT environments, utilizing the TON-IoT and BoT-IoT datasets for both binary and multi-class classification tasks. We evaluated FS methods, including Pearson correlation and Chi-square, and FE methods, such as Principal Component Analysis (PCA) and Autoencoders (AE), across five classic machine learning models: Decision Tree (DT), Random Forest (RF), Naive Bayes (NB), k-Nearest Neighbors (kNN), and Multi-Layer Perceptron (MLP). Our analysis revealed that FE techniques generally achieve higher accuracy and robustness compared to FS methods, with RF paired with AE delivering superior performance despite higher computational demands. DTs are most effective with smaller feature sets, while MLPs excel with larger sets. Chi-square is identified as the most efficient FS method, balancing performance and computational efficiency, whereas PCA outperforms AE in runtime efficiency. The study also highlights that FE methods are more effective for complex datasets and less sensitive to feature set size, whereas FS methods show significant performance improvements with more informative features. Despite the higher computational costs of FE methods, they demonstrate a greater capability to detect diverse attack types, making them particularly suitable for complex IoT environments. These findings are crucial for both academic research and industry applications, providing insights into optimizing detection performance and computational efficiency in NIDS for IoT networks.

Published

2024

7. ADVANCES IN NETWORK SECURITY FOR A RESILIENT DIGITAL CYBERSPACE INFRASTRUCTURE.

Author

Udutha, Rajender, Kumar, Sunil, Rao, Allanki Sanyasi, and Dhanikonda, Srinivasa Rao

Subjects

DIGITAL technology, COMPUTER network security, HUFFMAN codes, DATA compression, DIGITAL watermarking, INFRASTRUCTURE (Economics), INTRUSION detection systems (Computer security), CYBERSPACE

Abstract

In network security, safeguarding digital cyberspace infrastructure against malicious intrusions remains a paramount concern. This study addresses this imperative by proposing a novel approach that integrates digital watermarking, Huffman coding, and sophisticated attack classification techniques within the Controller Area Network (CAN) protocol framework. The proliferation of interconnected systems and the increasing sophistication of cyber threats necessitate novel strategies to fortify network defenses and ensure resilience in the face of adversarial activities. The research problem revolves around the need to develop an effective method for detecting and categorizing reconnaissance and violent attacks within cyberspace networks, particularly those utilizing the CAN protocol. Despite advancements in security protocols and intrusion detection systems, existing methodologies often fall short in accurately distinguishing between benign and malicious network activities, leaving critical infrastructure vulnerable to exploitation. This research uses digital watermarking to embed metadata within network packets, Huffman coding for efficient data compression, and advanced attack classification algorithms for real-time threat identification. The experimental results demonstrate the efficacy of the proposed approach in accurately differentiating between reconnaissance probes and violent attacks, thereby enabling timely and targeted responses to mitigate security threats. [ABSTRACT FROM AUTHOR]

Published

2024

8. Optimizing IoT intrusion detection system: feature selection versus feature extraction in machine learning.

Author

Li, Jing, Othman, Mohd Shahizan, Chen, Hewan, and Yusuf, Lizawati Mi

Subjects

INTRUSION detection systems (Computer security), FEATURE selection, FEATURE extraction, MACHINE learning, INTERNET of things, CYBERTERRORISM

Abstract

Internet of Things (IoT) devices are widely used but also vulnerable to cyberattacks that can cause security issues. To protect against this, machine learning approaches have been developed for network intrusion detection in IoT. These often use feature reduction techniques like feature selection or extraction before feeding data to models. This helps make detection efficient for real-time needs. This paper thoroughly compares feature extraction and selection for IoT network intrusion detection in machine learning-based attack classification framework. It looks at performance metrics like accuracy, f1-score, and runtime, etc. on the heterogenous IoT dataset named Network TON-IoT using binary and multiclass classification. Overall, feature extraction gives better detection performance than feature selection as the number of features is small. Moreover, extraction shows less feature reduction compared with that of selection, and is less sensitive to changes in the number of features. However, feature selection achieves less model training and inference time compared with its counterpart. Also, more space to improve the accuracy for selection than extraction when the number of features changes. This holds for both binary and multiclass classification. The study provides guidelines for selecting appropriate intrusion detection methods for particular scenarios. Before, the TON-IoT heterogeneous IoT dataset comparison and recommendations were overlooked. Overall, the research presents a thorough comparison of feature reduction techniques for machine learning-driven intrusion detection in IoT networks. [ABSTRACT FROM AUTHOR]

Published

2024

9. A detailed study of resampling algorithms for cyberattack classification in engineering applications

Author

Óscar Mogollón Gutiérrez, José Carlos Sancho Núñez, Mar Ávila, and Andrés Caro

Subjects

Imbalanced learning, Cyber-physical systems, Intrusion detection, Attack classification, UNSW-NB15, Electronic computers. Computer science, QA75.5-76.95

Abstract

The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it’s crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one-vs-rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.

Published

2024

10. Recurrence Plots-Based Network Attack Classification Using CNN-Autoencoders

Author

D’Angelo, Gianni, Farsimadan, Eslam, Palmieri, Francesco, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Gervasi, Osvaldo, editor, Murgante, Beniamino, editor, Rocha, Ana Maria A. C., editor, Garau, Chiara, editor, Scorza, Francesco, editor, Karaca, Yeliz, editor, and Torre, Carmelo M., editor

Published

2023

11. A Comprehensive Survey of V2X Cybersecurity Mechanisms and Future Research Paths

Author

Roshan Sedar, Charalampos Kalalas, Francisco Vazquez-Gallego, Luis Alonso, and Jesus Alonso-Zarate

Subjects

Artificial intelligence, attack classification, cybersecurity solutions, machine learning, misbehavior detection, privacy preservation, Telecommunication, TK5101-6720, Transportation and communications, HE1-9990

Abstract

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field.

Published

2023

12. A Novel 3D Intelligent Cluster Method for Malicious Traffic Fine-Grained Classification

Author

Zhao, Baokang, Lin, Murao, Wei, Ziling, Xin, Qin, Su, Jinshu, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Lai, Yongxuan, editor, Wang, Tian, editor, Jiang, Min, editor, Xu, Guangquan, editor, Liang, Wei, editor, and Castiglione, Aniello, editor

Published

2022

13. Intelligent Approach for Analysis and Diagnosis of Attack, Fault and Load Variation in SCADA Systems: A Power System Application

Author

Sunku Mohan, Vamshi, Sankaran, Sriram, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Malik, Hasmat, editor, Ahmad, Md. Waseem, editor, and Kothari, D.P., editor

Published

2022

14. ATiPreTA: AN Analytical Model for Time–Dependent Prediction of Terrorist Attacks

Author

Kebir Oussama, Nouaouri Issam, Rejeb Lilia, and Ben Said Lamjed

Subjects

terrorist attacks, attack classification, mathematical modeling, dynamic behavior simulation, damage prediction, Mathematics, QA1-939, Electronic computers. Computer science, QA75.5-76.95

Abstract

In counter-terrorism actions, commanders are confronted with difficult and important challenges. Their decision-making processes follow military instructions and must consider the humanitarian aspect of the mission. In this paper, we aim to respond to the question: What would the casualties be if governmental forces reacted in a given way with given resources? Within a similar context, decision-support systems are required due to the variety and complexity of modern attacks as well as the enormous quantity of information that must be treated in real time. The majority of mathematical models are not suitable for real-time events. Therefore, we propose an analytical model for a time-dependent prediction of terrorist attacks (ATiPreTA). The output of our model is consistent with casualty data from two important terrorist events known in Tunisia: Bardo and Sousse attacks. The sensitivity and experimental analyses show that the results are significant. Some operational insights are also discussed.

Published

2022

15. Hunting Network Anomalies in a Railway Axle Counter System.

Author

Kuchar, Karel, Holasova, Eva, Pospisil, Ondrej, Ruotsalainen, Henri, Fujdiak, Radek, and Wagner, Adrian

Subjects

*JOINT use of railroad facilities, *CYBERTERRORISM, *AXLES

Abstract

This paper presents a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. In contrast to the state-of-the-art works, our experimental results are validated with testbed-based real-world axle counting components. Furthermore, we aimed to detect targeted attacks on axle counting systems, which have higher impacts than conventional network attacks. We present a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. According to our findings, the proposed machine learning-based models were able to categorize six different network states (normal and under attack). The overall accuracy of the initial models was ca. 70–100% for the test data set in laboratory conditions. In operational conditions, the accuracy decreased to under 50%. To increase the accuracy, we introduce a novel input data-preprocessing method with the denoted gamma parameter. This increased the accuracy of the deep neural network model to 69.52% for six labels, 85.11% for five labels, and 92.02% for two labels. The gamma parameter also removed the dependence on the time series, enabled relevant classification of data in the real network, and increased the accuracy of the model in real operations. This parameter is influenced by simulated attacks and, thus, allows the classification of traffic into specified classes. [ABSTRACT FROM AUTHOR]

Published

2023

16. An intrusion detection system based on hybrid machine learning classifier.

Author

Reji, M., Joseph, Christeena, Nancy, P., and Lourdes Mary, A.

Subjects

*MACHINE learning, *INTRUSION detection systems (Computer security), *METAHEURISTIC algorithms, *FEATURE selection, *COMPUTER network security, *IP networks

Abstract

Intrusion detection systems (IDS) can be used to detect irregularities in network traffic to improve network security and protect data and systems. From 2.4 times in 2018 to three times in 2023, the number of devices linked to IP networks is predicted to outnumber the total population of the world. In 2020, approximately 1.5 billion cyber-attacks on Internet of Things (IoT) devices have been reported. Classification of these attacks in the IoT network is the major objective of this research. This research proposes a hybrid machine learning model using Seagull Optimization Algorithm (SOA) and Extreme Learning Machine (ELM) classifier to classify and detect attacks in IoT networks. The CIC-IDS-2018 dataset is used in this work to evaluate the proposed model. The SOA is implemented for feature selection from the dataset, and the ELM is used to classify attacks from the selected features. The dataset has 80 features, in the proposed model used only 22 features with higher scores than the original dataset. The dataset is divided into 80% for training and 20% for testing. The proposed SOA-ELM model obtained 94.22% accuracy, 92.95% precision, 93.45% detection rate, and 91.26% f1-score. [ABSTRACT FROM AUTHOR]

Published

2023

17. Argumentation Frameworks with Attack Classification.

Author

Vassiliades, Alexandros, Flouris, Giorgos, Patkos, Theodore, Bikakis, Antonis, Bassiliades, Nick, and Plexousakis, Dimitris

Subjects

WEB-based user interfaces, MANURES, CLASSIFICATION, SEMANTICS

Abstract

Abstract argumentation frameworks (AAFs), introduced by Dung (1995, Artif. Intell. , 228, 321–357), enabled a new way of reasoning with arguments, which does not take into account the internal structure of arguments but only how they are related to each other. The only form of relation considered in AAFs is a binary attack relation on the set of arguments. From the definitions of acceptability semantics of AAFs, it is obvious that attacks actually have a dual role: on the one hand, they generate conflicts; on the other hand, they can defend other arguments from attacks. In this paper, we propose a framework, where the modeller can explicitly specify the role of each attack. For this purpose, we define a set of conflict-generating attacks |${\mathcal {R}_{C}}$| and a set of defending attacks |${\mathcal {R}_{d}}$|⁠ , as well as a family of semantics that considers the role of each attack while determining which arguments are attacked, which are defended and which will be included in each extension. We study the formal properties of the proposed framework and semantics, show that our framework is a generalization of AAFs and assess its semantics against a set of principles. Finally, we present a web application that provides an interface for creating custom argumentation frameworks and uses ASP to compute their extensions. [ABSTRACT FROM AUTHOR]

Published

2023

18. Efficient Deep Learning Approach To IoT Intrusion Detection.

Author

Cao, Jin, Lin, Liwei, Ma, Ruhui, Guan, Haibing, Tian, Mengke, and Wang, Yong

Subjects

*DEEP learning, *INTERNET of things, *COMPUTER network security, *COMPUTER performance, *ELECTRONIC data processing, *STIMULUS & response (Psychology)

Abstract

With the rapid development of the Internet of Things (IoT), network security challenges are becoming more and more complex, and the scale of intrusion attacks against the network is gradually increasing. Therefore, researchers have proposed Intrusion Detection Systems and constantly designed more effective systems to defend against attacks. One issue to consider is using limited computing power to process complex network data efficiently. In this paper, we take the AWID dataset as an example, propose an efficient data processing method to mitigate the interference caused by redundant data and design a lightweight deep learning-based model to analyze and predict the data category. Finally, we achieve an overall accuracy of 99.77% and an accuracy of 97.95% for attacks on the AWID dataset, with a detection rate of 99.98% for the injection attack. Our model has low computational overhead and a fast response time after training, ensuring the feasibility of applying to edge nodes with weak computational power in the IoT. [ABSTRACT FROM AUTHOR]

Published

2022

19. NBcoded: Network Attack Classifiers Based on Encoder and Naive Bayes Model for Resource Limited Devices

Author

Segurola-Gil, Lander, Zola, Francesco, Echeberria-Barrio, Xabier, Orduna-Urrutia, Raul, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Kamp, Michael, editor, Koprinska, Irena, editor, Bibal, Adrien, editor, Bouadi, Tassadit, editor, Frénay, Benoît, editor, Galárraga, Luis, editor, Oramas, José, editor, Adilova, Linara, editor, Krishnamurthy, Yamuna, editor, Kang, Bo, editor, Largeron, Christine, editor, Lijffijt, Jefrey, editor, Viard, Tiphaine, editor, Welke, Pascal, editor, Ruocco, Massimiliano, editor, Aune, Erlend, editor, Gallicchio, Claudio, editor, Schiele, Gregor, editor, Pernkopf, Franz, editor, Blott, Michaela, editor, Fröning, Holger, editor, Schindler, Günther, editor, Guidotti, Riccardo, editor, Monreale, Anna, editor, Rinzivillo, Salvatore, editor, Biecek, Przemyslaw, editor, Ntoutsi, Eirini, editor, Pechenizkiy, Mykola, editor, Rosenhahn, Bodo, editor, Buckley, Christopher, editor, Cialfi, Daniela, editor, Lanillos, Pablo, editor, Ramstead, Maxwell, editor, Verbelen, Tim, editor, Ferreira, Pedro M., editor, Andresini, Giuseppina, editor, Malerba, Donato, editor, Medeiros, Ibéria, editor, Fournier-Viger, Philippe, editor, Nawaz, M. Saqib, editor, Ventura, Sebastian, editor, Sun, Meng, editor, Zhou, Min, editor, Bitetta, Valerio, editor, Bordino, Ilaria, editor, Ferretti, Andrea, editor, Gullo, Francesco, editor, Ponti, Giovanni, editor, Severini, Lorenzo, editor, Ribeiro, Rita, editor, Gama, João, editor, Gavaldà, Ricard, editor, Cooper, Lee, editor, Ghazaleh, Naghmeh, editor, Richiardi, Jonas, editor, Roqueiro, Damian, editor, Saldana Miranda, Diego, editor, Sechidis, Konstantinos, editor, and Graça, Guilherme, editor

Published

2021

20. SQL Injection Attacks and Mitigation Strategies: The Latest Comprehension

Author

Bayyapu, Neelima, Daimi, Kevin, editor, and Peoples, Cathryn, editor

Published

2021

21. Anomaly Detection and Attack Classification for Train Real-Time Ethernet

Author

Ruifeng Duo, Xiaobo Nie, Ning Yang, Chuan Yue, and Yongxiang Wang

Subjects

Train communication network, real-time Ethernet, intrusion detection system, attack classification, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Real-time Ethernet has been applied to train control and management system (TCMS) of 250km/h Fuxing Electric Multiple Units (EMUs) and some urban rail vehicles. The openness of the Ethernet communication protocol poses a risk of intrusion attacks on the train communication network. It is, therefore, necessary that a safety protection technology is introduced to the train communication network based on real-time Ethernet. In this paper, a train communication network intrusion detection system based on anomaly detection and attack classification is proposed. Firstly, the paper built an anomaly detection model based on support vector machines (SVM). The particle swarm optimization-support vector machines (PSO-SVM), and genetic algorithm-support vector machines (GA-SVM) optimization algorithms are used to optimize the kernel function parameters of SVM. Secondly, the paper built two attack classification models based on random forest. They are iterative dichotomiser3 (ID3) and classification and regression tree (CART). And then, the built intrusion detection and attack classification model is tested by using the public data set knowledge discovery and data mining-99(KDD-99) and the data set of the simulation train real-time Ethernet test bench. PSO-SVM improves the intrusion detection accuracy from 90.3% to 95.75%, GA-SVM improves the detection accuracy from 90.3% to 95.85%. The training time of the PSO-SVM algorithm was higher than that of the GA-SVM algorithm, and much higher than that of the SVM, without optimization. Both ID3 and CART models are verified valid in the attack classification, while the ID3 algorithm obtained 100% accuracy on the training set, and only 32.89% accuracy on the test set, ID3 has a poor classification accuracy of the data outside of the training set. Also, the classification time is very long for ID3 compared with CART. So the comprehensive experimental results show that the intrusion detection system of train real-time Ethernet can use the GA-SVM model for detection of abnormal data. After passing the normal data, the CART model can be used to distinguish between the types of attacks to better complete subsequent responses and operations. Compared with the anomaly detection model based on SVM, the proposed model improves intrusion detection accuracy. And the proposed attack classification algorithm based on CART can improve the computing speed while ensuring the precision of classification.

Published

2021

22. Hunting Network Anomalies in a Railway Axle Counter System

Author

Karel Kuchar, Eva Holasova, Ondrej Pospisil, Henri Ruotsalainen, Radek Fujdiak, and Adrian Wagner

Subjects

attack classification, axle counter, feature selection, ICS, neural network, OT, Chemical technology, TP1-1185

Abstract

This paper presents a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. In contrast to the state-of-the-art works, our experimental results are validated with testbed-based real-world axle counting components. Furthermore, we aimed to detect targeted attacks on axle counting systems, which have higher impacts than conventional network attacks. We present a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. According to our findings, the proposed machine learning-based models were able to categorize six different network states (normal and under attack). The overall accuracy of the initial models was ca. 70–100% for the test data set in laboratory conditions. In operational conditions, the accuracy decreased to under 50%. To increase the accuracy, we introduce a novel input data-preprocessing method with the denoted gamma parameter. This increased the accuracy of the deep neural network model to 69.52% for six labels, 85.11% for five labels, and 92.02% for two labels. The gamma parameter also removed the dependence on the time series, enabled relevant classification of data in the real network, and increased the accuracy of the model in real operations. This parameter is influenced by simulated attacks and, thus, allows the classification of traffic into specified classes.

Published

2023

23. Machine learning with digital forensics for attack classification in cloud network environment.

Author

Sachdeva, Shaweta and Ali, Aleem

Abstract

In this paper, various Distributed Denial of service attacks like Internet Control Message Protocol Attack, Transmission Control Protocol Sync Attack, and User Datagram Protocol Attack were considered for data classification. With digital forensics, attack detection faced a new challenge by the exponential growth of network traffic and its many forms on the Internet. The highest True Negative Rate, accuracy, and precision are calculated in this paper. We propose an Attack Classification in Cloud Network Environment method based on machine learning with a digital forensic process. True Negative Rate, accuracy, and precision are all excellent in our detection process, according to our findings. Therefore, our proposed fusion (Digital Forensics based on deep learning) algorithm works well as a data classification detective. Our model performed state-of-the-art attack detection techniques in terms of overall detection performance, detection stability, and system generalization capability. [ABSTRACT FROM AUTHOR]

Published

2022

24. Smart Intrusion Detection with Expert Systems

Author

Amato, Flora, Moscato, Francesco, Xhafa, Fatos, Vivenzio, Emilio, Xhafa, Fatos, Series Editor, Leu, Fang-Yie, editor, Ficco, Massimo, editor, and Yang, Chao-Tung, editor

Published

2019

25. Effective combining of feature selection techniques for machine learning-enabled IoT intrusion detection.

Author

Rahman, Md Arafatur, Asyhari, A. Taufiq, Wen, Ong Wei, Ajra, Husnul, Ahmed, Yussuf, and Anwar, Farhat

Subjects

FEATURE selection, DEEP learning, ARTIFICIAL neural networks, MACHINE learning, INTERNET of things, WIRELESS Internet

Abstract

The rapid advancement of technologies has enabled businesses to carryout their activities seamlessly and revolutionised communications across the globe. There is a significant growth in the amount and complexity of Internet of Things devices that are deployed in a wider range of environments. These devices mostly communicate through Wi-Fi networks and particularly in smart environments. Besides the benefits, these devices also introduce security challenges. In this paper, we investigate and leverage effective feature selection techniques to improve intrusion detection using machine learning methods. The proposed approach is based on a centralised intrusion detection system, which uses the deep feature abstraction, feature selection and classification to train the model for detecting the malicious and anomalous actions in the traffic. The deep feature abstraction uses deep learning techniques of artificial neural network in the form of unsupervised autoencoder to construct more features for the traffic. Based on the availability of cumulative features, the system then employs a variety of wrapper-based feature selection techniques ranging from SVM and decision tree to Naive Bayes for selecting high-ranked features, which are then combined and fed into an artificial neural network classifier for distinguishing attack and normal behaviors. The experimental results reveal the effectiveness of the proposed method on Aegean Wi-Fi Intrusion Dataset, which achieves high detection accuracy of up to 99.95%, relatively competitive to the existing machine learning works for the same dataset. [ABSTRACT FROM AUTHOR]

Published

2021

26. Deep learning with focal loss approach for attacks classification.

Author

Kunang, Yesi Novaria, Nurmaini, Siti, Stiawan, Deris, and Suprapto, Bhakti Yudho

Subjects

*DEEP learning, *FEATURE extraction, *CLASSIFICATION

Abstract

The rapid development of deep learning improves the detection and classification of attacks on intrusion detection systems. However, the unbalanced data issue increases the complexity of the architecture model. This study proposes a novel deep learning model to overcome the problem of classifying multi-class attacks. The deep learning model consists of two stages. The pre-tuning stage uses automatic feature extraction with a deep autoencoder. The second stage is fine-tuning using deep neural network classifiers with fully connected layers. To reduce imbalanced class data, the feature extraction was implemented using the deep autoencoder and improved focal loss function in the classifier. The model was evaluated using 3 loss functions, including cross-entropy, weighted cross-entropy, and focal losses. The results could correct the class imbalance in deep learning-based classifications. Attack classification was achieved using automatic extraction with the focal loss on the CSE-CIC-IDS2018 dataset is a high-quality classifier with 98.38% precision, 98.27% sensitivity, and 99.82% specificity. [ABSTRACT FROM AUTHOR]

Published

2021

27. An Efficient Vector Quantization Based Watermarking Method for Image Integrity Authentication

Author

Tiwari, Archana, Sharma, Manisha, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, Sa, Pankaj Kumar, editor, Sahoo, Manmath Narayan, editor, Murugappan, M., editor, Wu, Yulei, editor, and Majhi, Banshidhar, editor

Published

2018

28. Computational intelligence techniques for automatic detection of Wi-Fi attacks in wireless IoT networks.

Author

Nivaashini, M. and Thangaraj, P.

Subjects

*INTERNET of things, *COMPUTATIONAL intelligence, *MACHINE learning, *WIRELESS Internet, *ZIGBEE, *ALGORITHMS

Abstract

These days, number of smart products based on Internet-of-Things (IoT) has been increased. These products are unified via various wireless technologies like, Bluetooth, Z-wave, Wi-Fi, Zigbee, etc. While the need on the wireless networks has improved, the assaults against them throughout the time have expanded on top. In order to identify these assaults, an intrusion detection system (IDS) with a prominent precision and low identification time is required. In this work, a machine learning (ML) based wireless intrusion detection system (WIDS) for wireless networks to effectively identify assaults against them has been proposed. A ML prototype has been implemented to categorize the wireless network records into ordinary or one of the particular assault categories. The operation of an IDS is extensively enhanced when the attributes are more discriminative and delegate. Different attribute selection methods have been investigated to identify the best set of attributes for the WIDS. The proposed model is evaluated on aegean wireless intrusion dataset using various parameters like attack detection rate, detection time, precision, F-measure, etc. The experimental evaluation is carried out in the tools like, Weka, Rstudio and Anaconda Navigator Python. Finally, the experimental result shows the best performing ML algorithm with best set of reduced attributes. [ABSTRACT FROM AUTHOR]

Published

2021

29. Security Incident Response: Towards a Novel Decision-Making System

Author

Souissi, Samih, Serhrouchni, Ahmed, Sliman, Layth, Charroux, Benoit, Madureira, Ana Maria, editor, Abraham, Ajith, editor, Gamboa, Dorabela, editor, and Novais, Paulo, editor

Published

2017

30. An adaptive LeNet-5 model for anomaly detection.

Author

Cui, Wenchao, Lu, Qiong, Qureshi, Asif Moin, Li, Wei, and Wu, Kehe

Subjects

*CONVOLUTIONAL neural networks, *ANOMALY detection (Computer security), *INTRUSION detection systems (Computer security), *RANDOM forest algorithms, *FEATURE selection, *ALGORITHMS

Abstract

This paper introduced a feature selection algorithm, used a random forest classifier for recursive feature elimination, and selected the top 49 features according to the order of feature importance ranking, then proposed an attack detection model based on LeNet-5 convolutional neural network and named it as LeNet-4 network model. In its network structure, the first pooling layer and the last fully connection layer of the original LeNet-5 network were removed, which reduced the model's computational load and network complexity, and the network self-learning ability was strengthened through the structure of the double convolutional layer and the single pooling layer. This paper used the CICIDS2017 dataset to evaluate the proposed model, we used all instances in the dataset for comprehensive detection. The experimental results show that on the LeNet-4 network model, the introduction of a recursive feature elimination algorithm has improved the accuracy of attack detection while reducing the time cost. Multi-class attack classification achieved an accuracy rate of 97.8%, and the binary attack classification achieved an accuracy rate of 98.5%. [ABSTRACT FROM AUTHOR]

Published

2021

31. Hunting Network Anomalies in a Railway Axle Counter System

Abstract

This paper presents a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. In contrast to the state-of-the-art works, our experimental results are validated with testbed-based real-world axle counting components. Furthermore, we aimed to detect targeted attacks on axle counting systems, which have higher impacts than conventional network attacks. W present a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. According to our findings, the proposed machine learning-based models were able to categorize six different network states (normal and under attack). The overall accuracy of the initial models was ca. 70–100% for the test data set in laboratory conditions. In operational conditions, the accuracy decreased to under 50%. To increase the accuracy, we introduce a novel input data-preprocessing method with the denoted gamma parameter. This increased the accuracy of the deep neural network model to 69.52% for six labels, 85.11% for five labels, and 92.02% for two labels. The gamma parameter also removed the dependence on the time series, enabled relevant classification of data in the real network, and increased the accuracy of the model in real operations. This parameter is influenced by simulated attacks and, thus, allows the classification of traffic into specified classes.

Published

2023

32. Hunting Network Anomalies in a Railway Axle Counter System

Abstract

This paper presents a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. In contrast to the state-of-the-art works, our experimental results are validated with testbed-based real-world axle counting components. Furthermore, we aimed to detect targeted attacks on axle counting systems, which have higher impacts than conventional network attacks. W present a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. According to our findings, the proposed machine learning-based models were able to categorize six different network states (normal and under attack). The overall accuracy of the initial models was ca. 70–100% for the test data set in laboratory conditions. In operational conditions, the accuracy decreased to under 50%. To increase the accuracy, we introduce a novel input data-preprocessing method with the denoted gamma parameter. This increased the accuracy of the deep neural network model to 69.52% for six labels, 85.11% for five labels, and 92.02% for two labels. The gamma parameter also removed the dependence on the time series, enabled relevant classification of data in the real network, and increased the accuracy of the model in real operations. This parameter is influenced by simulated attacks and, thus, allows the classification of traffic into specified classes.

Published

2023

33. Hunting Network Anomalies in a Railway Axle Counter System

Abstract

This paper presents a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. In contrast to the state-of-the-art works, our experimental results are validated with testbed-based real-world axle counting components. Furthermore, we aimed to detect targeted attacks on axle counting systems, which have higher impacts than conventional network attacks. W present a comprehensive investigation of machine learning-based intrusion detection methods to reveal cyber attacks in railway axle counting networks. According to our findings, the proposed machine learning-based models were able to categorize six different network states (normal and under attack). The overall accuracy of the initial models was ca. 70–100% for the test data set in laboratory conditions. In operational conditions, the accuracy decreased to under 50%. To increase the accuracy, we introduce a novel input data-preprocessing method with the denoted gamma parameter. This increased the accuracy of the deep neural network model to 69.52% for six labels, 85.11% for five labels, and 92.02% for two labels. The gamma parameter also removed the dependence on the time series, enabled relevant classification of data in the real network, and increased the accuracy of the model in real operations. This parameter is influenced by simulated attacks and, thus, allows the classification of traffic into specified classes.

Published

2023

34. A comprehensive survey of V2X cybersecurity mechanisms and future research paths

Abstract

Recent advancements in vehicle-to-everything (V2X) communication have notably improved existing transport systems by enabling increased connectivity and driving autonomy levels. The remarkable benefits of V2X connectivity come inadvertently with challenges which involve security vulnerabilities and breaches. Addressing security concerns is essential for seamless and safe operation of mission-critical V2X use cases. This paper surveys current literature on V2X security and provides a systematic and comprehensive review of the most relevant security enhancements to date. An in-depth classification of V2X attacks is first performed according to key security and privacy requirements. Our methodology resumes with a taxonomy of security mechanisms based on their proactive/reactive defensive approach, which helps identify strengths and limitations of state-of-the-art countermeasures for V2X attacks. In addition, this paper delves into the potential of emerging security approaches leveraging artificial intelligence tools to meet security objectives. Promising data-driven solutions tailored to tackle security, privacy and trust issues are thoroughly discussed along with new threat vectors introduced inevitably by these enablers. The lessons learned from the detailed review of existing works are also compiled and highlighted. We conclude this survey with a structured synthesis of open challenges and future research directions to foster contributions in this prominent field., This work is supported by the H2020-INSPIRE-5Gplus project (under Grant agreement No. 871808), the ”Ministerio de Asuntos Económicos y Transformacion Digital” and the European Union-NextGenerationEU in the frameworks of the ”Plan de Recuperación, Transformación y Resiliencia” and of the ”Mecanismo de Recuperación y Resiliencia” under references TSI-063000-2021-39/40/41, and the CHIST-ERA-17-BDSI-003 FIREMAN project funded by the Spanish National Foundation (Grant PCI2019-103780)., Peer Reviewed, Postprint (published version)

Published

2023

35. An Image Authentication Algorithm Using Combined Approach of Watermarking and Vector Quantization

Author

Tiwari Archana and Sharma Manisha

Subjects

authentication, vector quantization, robust watermarking, semifragile watermarking, attack classification, Science, Electronic computers. Computer science, QA75.5-76.95

Abstract

This paper presents a two-stage watermarking technique for image authentication adapting the advantages of vector quantization (VQ). In the proposed algorithm, robust watermark and semifragile watermark are embedded independently in two successive stages. Robust watermark and VQ enhance the security of the system by providing double protection to the designed system, while semifragile watermark helps in authenticating the received image. Watermarks of varying sizes are embedded in the cover image, and their performance is measured in terms of peak signal-to-noise ratio (PSNR), weighted PSNR, and bit error rate. A threshold-based approach is suggested for identification of attacks as acceptable or malicious. The experimental results demonstrate the capabilities of the method in classifying attacks and correctly locating the tampered area. It is possible to detect and determine tampering with very high sensitivity. The present scheme outperforms previous algorithms in terms of imperceptibility, attack classification criteria, robustness feature, and tamper detection feature.

Published

2018

36. A comprehensive novel model for network speech anomaly detection system using deep learning approach.

Author

Manimaran, A., Chandramohan, D., Shrinivas, S. G., and Arulkumar, N.

Subjects

ANOMALY detection (Computer security), DEEP learning, CONVOLUTIONAL neural networks, INFORMATION technology security, AUTOMATIC speech recognition, MACHINE learning, BOLTZMANN machine

Abstract

Network Intrusion Detection System (NIDS) is the key technology for information security, and it plays significant role for classifying various attacks in the networks accurately. An NIDS gains an understanding of normal and anomalous behavior by examining the network traffic and can identify unknown and new attacks. Analyzing and Identifying unfamiliar attacks are one of the big challenges in Network IDS research. A huge response has been given to deep learning over the past several years and novelty in deep learning techniques are also improved regularly. Deep learning based Network Intrusion Detection approach is highly essential for improved performance. Nowadays, Machine learning algorithms made a revolution in the area of human computer interaction and achieved significant advancement in imitating human brain exactly. Convolutional Neural Network (CNN) is a powerful learning algorithm in deep learning model for improving the machine learning ability in order to achieve high attack classification accuracy and low false alarm rate. In this article, an overview of deep learning methodologies for commonly used NIDS such as Auto Encoder (AE), Deep Belief Network (DBN), Deep Neural Network (DNN), Restricted Boltzmann Machine (RBN). Moreover, the article introduces the most recent work on network anomaly detection using deep learning techniques for better understanding to choose appropriate method while implementing NIDS through widespread literature analysis. The experimental results designate that the accuracy, false alarm rate, and timeliness of the proposed CNN-NIDS model are superior than the traditional algorithms. [ABSTRACT FROM AUTHOR]

Published

2020

37. Naming Content on the Network Layer: A Security Analysis of the Information-Centric Network Model.

Author

MANNES, ELISA and MAZIERO, CARLOS

Subjects

*INVESTMENT analysis, *COMPUTER network security, *INTERNET speed, *WIRELESS communications, *SCALABILITY, *WIRELESS Internet

Abstract

The Information-Centric Network (ICN) paradigm is a future Internet approach aiming to tackle the Internet architectural problems and inefficiencies, by swapping the main entity of the network architecture from hosts to content items. In ICN, content names play a central role: Each content gets a unique name at the network layer, and this name is used for routing the content over the network. This paradigm change potentially enables a future Internet with better performance, reliability, scalability, and suitability for wireless and mobile communication. It also provides new intrinsic means to deal with some popular attacks on the Internet architecture, such as denial of service. However, this new paradigm also represents new challenges related to security that need to be addressed, to ensure its capability to support current and future Internet requirements. This article surveys and summarizes ongoing research concerning security aspects of ICNs, discussing vulnerabilities, attacks, and proposed solutions to mitigate them. We also discuss open challenges and propose future directions regarding research in ICN security. [ABSTRACT FROM AUTHOR]

Published

2020

38. Classification of Logical Vulnerability Based on Group Attacking Method.

Author

Nabi, Faisal, Yong, Jianming, and Tao, Xiaohui

Subjects

WEB-based user interfaces, CLASSIFICATION

Abstract

New advancement in the field of e-commerce software technology has also brought many benefits, at the same time developing process always face different sort of problems from design phase to implement phase. Software faults and defects increases the issues of reliability and security, that's reason why a solution of this problem is required to fortify these issues. The paper addresses the problem associated with lack of clear component-based web application related classification of logical vulnerabilities through identifying Attack Group Method by categorizing two different types of vulnerabilities in component-based web applications. A new classification scheme of logical group attack method is proposed and developed by using a Posteriori Empirically methodology. [ABSTRACT FROM AUTHOR]

Published

2020

39. A Review of the Advancement in Intrusion Detection Datasets.

Author

Thakkar, Ankit and Lohiya, Ritika

Subjects

COMPUTER systems, DATA integrity, DATA mining, MACHINE learning, COMPUTER crimes, INTERNET security

Abstract

The research in the field of Cyber Security has raised the need to address the issue of cybercrimes that have caused the requisition of the intellectual properties such as break down of computer systems, impairment of important data, compromising the confidentiality, authenticity, and integrity of the user. Considering these scenarios, it is essential to secure the computer systems and the user using an Intrusion Detection System (IDS). The performance of IDS studied by developing an IDS dataset, consisting of network traffic features to learn the attack patterns. Intrusion detection is a classification problem, wherein various Machine Learning (ML) and Data Mining (DM) techniques applied to classify the network data into normal and attack traffic. Moreover, the types of network attacks changed over the years, and therefore, there is a need to update the datasets used for evaluating IDS. This paper list the different IDS datasets used for the evaluation of IDS model. The paper presents an overview of the ML and DM techniques used for IDS along with the discussion on CIC-IDS-2017 and CSE-CIC-IDS-2018. These are recent datasets consisting of network attack features and include new attacks categories. This paper discusses the recent advancement in the IDS datasets that can be used by various research communities as the manifesto for using the new IDS datasets for developing efficient and effective ML and DM based IDS. [ABSTRACT FROM AUTHOR]

Published

2020

40. A Novel Security Architecture Based on Multi-level Rule Expression Language

Author

Souissi, Samih, Sliman, Layth, Charroux, Benoit, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, Abraham, Ajith, editor, Han, Sang Yong, editor, Al-Sharhan, Salah A., editor, and Liu, Hongbo, editor

Published

2016

41. DHCP attacking tools: an analysis

Author

Aldaoud, Manar, Al-Abri, Dawood, Al Maashri, Ahmed, and Kausar, Firdous

Published

2021

42. Comparative Evaluation of Machine Learning Algorithms for Network Intrusion Detection and Attack Classification

Abstract

With the increasing use of the internet and reliance on computer-based systems for our daily lives, any vulnerability in those systems is one of the most important issues for the community. For this reason, the need for intelligent models that detect malicious intrusions is important to keep our personal information safe. In this paper, we investigate several supervised (Artificial Neural Network, Support Vector Machine, Random Forest, Linear Discriminant Analysis, and K-Nearest Neighbors) and unsupervised (K-means, Mean-shift, and DBSCAN) machine learning algorithms, in the context of anomaly-based Intrusion Detection Systems. We are using four different IDS benchmark datasets (KDD99, NSL-KDD, UNSW-NB15, and CIC-IDS-2017) to evaluate the performance of the selected machine learning algorithms for both intrusion detection and attack classification. The results have shown that Random Forest is the most suitable algorithm regarding model accuracy and execution time.

Published

2022

43. Network Intrusion Prevention by Using Hierarchical Self-Organizing Maps and Probability-Based Labeling

Author

Ortiz, Andres, Ortega, Julio, Díaz, Antonio F., Prieto, Alberto, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Cabestany, Joan, editor, Rojas, Ignacio, editor, and Joya, Gonzalo, editor

Published

2011

44. Identifying localization attacks in wireless sensor networks using deep learning.

Author

Wang, Hua, Wen, Yingyou, Zhao, Dazhe, Tiwari, Shailesh, Trivedi, Munesh, and Kohle, Mohan L.

Subjects

*DEEP learning, *WIRELESS sensor networks, *LOCALIZATION (Mathematics), *SIGNAL denoising, *COMPUTER architecture, *ANOMALY detection (Computer security)

Abstract

Wireless Sensor Networks (WSNs) are vulnerable to various localization attacks where attackers intended to provide improper beacons or manipulate the location determination. Attack classification for localization in WSNs is not only the condition, prerequisite and premise of threat analysis, but, more significantly, a vital part of the security anomaly detection. In this paper, a localization attack recognition method using a deep learning architecture was proposed. To enhance the classification performance, a good feature representation was established through combining location features with topological indexes based on the complex network theory. The ability of Stacked Denoising Autoencoder (SDA) to learn the underlying features from input data was exploited. Back-propagation algorithm was performed to update weights through a stochastic gradient descent method. The proposed approach could efficiently distinguish the Sybil attacks, Replay attacks, Interference attacks, Collusion attacks and normal beacons. Extensive experiments demonstrated that the proposed algorithm can achieve an average classification accuracy of 94.39% and was more robust and efficient even in the existent of huge baneful beacons. [ABSTRACT FROM AUTHOR]

Published

2018

45. Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems

Author

Bolzoni, Damiano, Etalle, Sandro, Hartel, Pieter H., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Kirda, Engin, editor, Jha, Somesh, editor, and Balzarotti, Davide, editor

Published

2009

46. Data driven intrusion detection for 6LoWPAN based IoT systems.

Author

Örs, Faik Kerem and Levi, Albert

Subjects

INTRUSION detection systems (Computer security), INTERNET of things, CYBERTERRORISM, FEATURE extraction, MACHINE learning, PROOF of concept

Abstract

Wide adoption of Internet of Things (IoT) devices and their limitations in terms of hardware cause them to be easy targets for attackers. This, in turn, requires monitoring such systems using intrusion detection systems and take mitigative actions against insider and outsider attackers. Recent studies have explored that machine learning based intrusion detection systems are quite successful in detecting different types of cyber threats targeting IoT systems. However, the proposed systems in these studies incurred limitations in terms of the characteristics of their datasets and detection models. Specifically, a big proportion of the proposed models were developed using simulation-based data generated through specific simulators. Some of these studies also used previously published testbed data that contain the samples of outdated IoT attacks and vulnerabilities. Furthermore, they focused on a lower attack variety and proposed binary classifiers which do not scale in multi-attack scenarios. In this study, we propose a machine learning based multi-class classifier that can classify 6 attack types together with the benign traffic. Our node based feature extraction and detection methodology allows locating the network addresses of the attackers, rather than a rough network level attack existence information, by modeling their traffic characteristics over a sliding time window. For training and testing our models, we also propose an intrusion detection dataset generated using the traffic data collected from real IoT devices running with 6LoWPAN and RPL protocols. Besides having RPL routing attacks in the dataset, we leverage Mirai botnet, employed frequently to target IoT devices. The results show that the proposed intrusion detection system can detect 6 attack types with high recall scores ranging from 79% to 100%. We also illustrate the practicality of the developed model via deployment in a proof of concept implementation over a testbed. [ABSTRACT FROM AUTHOR]

Published

2023

47. An Attack Classification Mechanism Based on Multiple Support Vector Machines

Author

Seo, Jungtaek, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Gervasi, Osvaldo, editor, and Gavrilova, Marina L., editor

Published

2007

48. Anomaly Detection and Attack Classification for Train Real-Time Ethernet

Author

Chuan Yue, Yongxiang Wang, Ruifeng Duo, Ning Yang, and Xiaobo Nie

Subjects

Ethernet, General Computer Science, Train communication network, Computer science, 02 engineering and technology, Intrusion detection system, computer.software_genre, 01 natural sciences, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, 0101 mathematics, attack classification, 010102 general mathematics, General Engineering, real-time Ethernet, Random forest, Support vector machine, Statistical classification, ComputingMethodologies_PATTERNRECOGNITION, Test set, intrusion detection system, 020201 artificial intelligence & image processing, Anomaly detection, Data mining, lcsh:Electrical engineering. Electronics. Nuclear engineering, computer, lcsh:TK1-9971

Abstract

Real-time Ethernet has been applied to train control and management system (TCMS) of 250km/h Fuxing Electric Multiple Units (EMUs) and some urban rail vehicles. The openness of the Ethernet communication protocol poses a risk of intrusion attacks on the train communication network. It is, therefore, necessary that a safety protection technology is introduced to the train communication network based on real-time Ethernet. In this paper, a train communication network intrusion detection system based on anomaly detection and attack classification is proposed. Firstly, the paper built an anomaly detection model based on support vector machines (SVM). The particle swarm optimization-support vector machines (PSO-SVM), and genetic algorithm-support vector machines (GA-SVM) optimization algorithms are used to optimize the kernel function parameters of SVM. Secondly, the paper built two attack classification models based on random forest. They are iterative dichotomiser3 (ID3) and classification and regression tree (CART). And then, the built intrusion detection and attack classification model is tested by using the public data set knowledge discovery and data mining-99(KDD-99) and the data set of the simulation train real-time Ethernet test bench. PSO-SVM improves the intrusion detection accuracy from 90.3% to 95.75%, GA-SVM improves the detection accuracy from 90.3% to 95.85%. The training time of the PSO-SVM algorithm was higher than that of the GA-SVM algorithm, and much higher than that of the SVM, without optimization. Both ID3 and CART models are verified valid in the attack classification, while the ID3 algorithm obtained 100% accuracy on the training set, and only 32.89% accuracy on the test set, ID3 has a poor classification accuracy of the data outside of the training set. Also, the classification time is very long for ID3 compared with CART. So the comprehensive experimental results show that the intrusion detection system of train real-time Ethernet can use the GA-SVM model for detection of abnormal data. After passing the normal data, the CART model can be used to distinguish between the types of attacks to better complete subsequent responses and operations. Compared with the anomaly detection model based on SVM, the proposed model improves intrusion detection accuracy. And the proposed attack classification algorithm based on CART can improve the computing speed while ensuring the precision of classification.

Published

2021

49. Watermarking based image authentication and tamper detection algorithm using vector quantization approach.

Author

Tiwari, Archana, Sharma, Manisha, and Tamrakar, Raunak Kumar

Subjects

*DIGITAL image watermarking, *IMAGE reconstruction algorithms, *VECTOR quantization, *ROBUST control, *SIGNAL-to-noise ratio

Abstract

In the present work, a novel image watermarking algorithm using vector quantization (VQ) approach is presented for digital image authentication. Watermarks are embedded in two successive stages for image integrity verification and authentication. In the first stage, a key based approach is used to embed robust zero level watermark using properties of indices of vector quantized image. In the second stage, semifragile watermark is embedded by using modified index key based (MIKB) method. Random keys are used to improve the integrity and security of the designed system. Further, to classify an attack quantitatively as acceptable or as a malicious attack, pixel neighbourhood clustering approach is introduced. Proposed approach is evaluated on 250 standard test images using performance measures such as peak signal to noise ratio (PSNR) and normalized hamming similarity (NHS). The experimental results shows that propose approach achieve average false positive rate 0.00024 and the average false negative rate 0.0012. Further, the average PSNR and tamper detection/localization accuracy of watermarked image is 42 dB and 99.8% respectively; while tamper localization sensitivity is very high. The proposed model is found to be robust to common content preserving attacks while fragile to content altering attacks. [ABSTRACT FROM AUTHOR]

Published

2017

50. Automatic Classification of Attacks on IP Telephony

Author

Jakub Safarik, Pavol Partila, Filip Rezac, Lukas Macura, and Miroslav Voznak

Subjects

attack classification, neural network, security, sip attacks, voip attacks., Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

This article proposes an algorithm for automatic analysis of attack data in IP telephony network with a neural network. Data for the analysis is gathered from variable monitoring application running in the network. These monitoring systems are a typical part of nowadays network. Information from them is usually used after attack. It is possible to use an automatic classification of IP telephony attacks for nearly real-time classification and counter attack or mitigation of potential attacks. The classification use proposed neural network, and the article covers design of a neural network and its practical implementation. It contains also methods for neural network learning and data gathering functions from honeypot application.

Published

2013