Abstract: Network security is role of the ICT environment
because malicious users are continually growing that realm of
education, business, and then related with ICT. The network security
contravention is typically described and examined centrally based
on a security event management system. The firewalls, Intrusion
Detection System (IDS), and Intrusion Prevention System are
becoming essential to monitor or prevent of potential violations,
incidents attack, and imminent threats. In this system, the firewall
rules are set only for where the system policies are needed. Dataset
deployed in this system are derived from the testbed environment. The
traffic as in DoS and PortScan traffics are applied in the testbed with
firewall and IDS implementation. The network traffics are classified
as normal or attacks in the existing testbed environment based on
six machine learning classification methods applied in the system.
It is required to be tested to get datasets and applied for DoS and
PortScan. The dataset is based on CICIDS2017 and some features
have been added. This system tested 26 features from the applied
dataset. The system is to reduce false positive rates and to improve
accuracy in the implemented testbed design. The system also proves
good performance by selecting important features and comparing
existing a dataset by machine learning classifiers.
Abstract: The Internet of Things (IoT) will lead to the development of advanced Smart Home services that are pervasive, cost-effective, and can be accessed by home occupants from anywhere and at any time. However, advanced smart home applications will introduce grand security challenges due to the increase in the attack surface. Current approaches do not handle cybersecurity from a holistic point of view; hence, a systematic cybersecurity mechanism needs to be adopted when designing smart home applications. In this paper, we present a generic intrusion detection methodology to detect and mitigate the anomaly behaviors happened in Smart Home Systems (SHS). By utilizing our Smart Home Context Data Structure, the heterogeneous information and services acquired from SHS are mapped in context attributes which can describe the context of smart home operation precisely and accurately. Runtime models for describing usage patterns of home assets are developed based on characterization functions. A threat-aware action management methodology, used to efficiently mitigate anomaly behaviors, is proposed at the end. Our preliminary experimental results show that our methodology can be used to detect and mitigate known and unknown threats, as well as to protect SHS premises and services.
Abstract: Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanisms that is used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity, and availability of the services. The speed of the IDS is a very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The J48, MLP, and Bayes Network classifiers have been chosen for this study. It has been proven that the J48 classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type DOS, R2L, U2R, and PROBE.
Abstract: Intrusion detection systems (IDS) are the main components of network security. These systems analyze the network events for intrusion detection. The design of an IDS is through the training of normal traffic data or attack. The methods of machine learning are the best ways to design IDSs. In the method presented in this article, the pruning algorithm of C5.0 decision tree is being used to reduce the features of traffic data used and training IDS by the least square vector algorithm (LS-SVM). Then, the remaining features are arranged according to the predictor importance criterion. The least important features are eliminated in the order. The remaining features of this stage, which have created the highest level of accuracy in LS-SVM, are selected as the final features. The features obtained, compared to other similar articles which have examined the selected features in the least squared support vector machine model, are better in the accuracy, true positive rate, and false positive. The results are tested by the UNSW-NB15 dataset.
Abstract: With the increasing dependency on our computer
devices, we face the necessity of adequate, efficient and effective
mechanisms, for protecting our network. There are two main
problems that Intrusion Detection Systems (IDS) attempt to solve.
1) To detect the attack, by analyzing the incoming traffic and inspect
the network (intrusion detection). 2) To produce a prompt response
when the attack occurs (intrusion prevention). It is critical creating an
Intrusion detection model that will detect a breach in the system on
time and also challenging making it provide an automatic and with
an acceptable delay response at every single stage of the monitoring
process. We cannot afford to adopt security measures with a high
exploiting computational power, and we are not able to accept a
mechanism that will react with a delay. In this paper, we will
propose an intrusion response mechanism that is based on artificial
intelligence, and more precisely, reinforcement learning techniques
(RLT). The RLT will help us to create a decision agent, who will
control the process of interacting with the undetermined environment.
The goal is to find an optimal policy, which will represent the
intrusion response, therefore, to solve the Reinforcement learning
problem, using a Q-learning approach. Our agent will produce an
optimal immediate response, in the process of evaluating the network
traffic.This Q-learning approach will establish the balance between
exploration and exploitation and provide a unique, self-learning and
strategic artificial intelligence response mechanism for IDS.
Abstract: This study is about an algorithmic dependence of Artificial Neural Network on Multilayer Perceptron (MPL) pertaining to the classification and clustering presentations for Mobile Adhoc Network vulnerabilities. Moreover, mobile ad hoc network (MANET) is ubiquitous intelligent internetworking devices in which it has the ability to detect their environment using an autonomous system of mobile nodes that are connected via wireless links. Security affairs are the most important subject in MANET due to the easy penetrative scenarios occurred in such an auto configuration network. One of the powerful techniques used for inspecting the network packets is Intrusion Detection System (IDS); in this article, we are going to show the effectiveness of artificial neural networks used as a machine learning along with stochastic approach (information gain) to classify the malicious behaviors in simulated network with respect to different IDS techniques. The monitoring agent is responsible for detection inference engine, the audit data is collected from collecting agent by simulating the node attack and contrasted outputs with normal behaviors of the framework, whenever. In the event that there is any deviation from the ordinary behaviors then the monitoring agent is considered this event as an attack , in this article we are going to demonstrate the signature-based IDS approach in a MANET by implementing the back propagation algorithm over ensemble-based Traffic Table (TT), thus the signature of malicious behaviors or undesirable activities are often significantly prognosticated and efficiently figured out, by increasing the parametric set-up of Back propagation algorithm during the experimental results which empirically shown its effectiveness for the ratio of detection index up to 98.6 percentage. Consequently it is proved in empirical results in this article, the performance matrices are also being included in this article with Xgraph screen show by different through puts like Packet Delivery Ratio (PDR), Through Put(TP), and Average Delay(AD).
Abstract: With the increase in popularity of mobile devices,
new and varied forms of malware have emerged. Consequently,
the organizations for cyberdefense have echoed the need to deploy
more effective defensive schemes adapted to the challenges posed
by these recent monitoring environments. In order to contribute to
their development, this paper presents a malware detection strategy
for mobile devices based on sequence alignment algorithms. Unlike
the previous proposals, only the system calls performed during the
startup of applications are studied. In this way, it is possible to
efficiently study in depth, the sequences of system calls executed
by the applications just downloaded from app stores, and initialize
them in a secure and isolated environment. As demonstrated in the
performed experimentation, most of the analyzed malicious activities
were successfully identified in their boot processes.
Abstract: Smartphone users are increasing rapidly. Accordingly, many companies are running BYOD (Bring Your Own Device: Policies to bring private-smartphones to the company) policy to increase work efficiency. However, smartphones are always under the threat of malware, thus the company network that is connected smartphone is exposed to serious risks. Most smartphone malware detection techniques are to perform an independent detection (perform the detection of a single target application). In this paper, we analyzed a variety of intrusion detection techniques. Based on the results of analysis propose an agent using the network IDS.
Abstract: Cloud computing provides infrastructure to the enterprise through the Internet allowing access to cloud services at anytime and anywhere. This pervasive aspect of the services, the distributed nature of data and the wide use of information make cloud computing vulnerable to intrusions that violate the security of the cloud. This requires the use of security mechanisms to detect malicious behavior in network communications and hosts such as intrusion detection systems (IDS). In this article, we focus on the detection of intrusion into the cloud sing IDSs. We base ourselves on client authentication in the computing cloud. This technique allows to detect the abnormal use of ubiquitous service and prevents the intrusion of cloud computing. This is an approach based on client authentication data. Our IDS provides intrusion detection inside and outside cloud computing network. It is a double protection approach: The security user node and the global security cloud computing.
Abstract: One of the major developments in machine learning in the past decade is the ensemble method, which finds highly accurate classifier by combining many moderately accurate component classifiers. In this research work, new ensemble classification methods are proposed with homogeneous ensemble classifier using bagging and heterogeneous ensemble classifier using arcing and their performances are analyzed in terms of accuracy. A Classifier ensemble is designed using Radial Basis Function (RBF) and Support Vector Machine (SVM) as base classifiers. The feasibility and the benefits of the proposed approaches are demonstrated by the means of standard datasets of intrusion detection. The main originality of the proposed approach is based on three main parts: preprocessing phase, classification phase, and combining phase. A wide range of comparative experiments is conducted for standard datasets of intrusion detection. The performance of the proposed homogeneous and heterogeneous ensemble classifiers are compared to the performance of other standard homogeneous and heterogeneous ensemble methods. The standard homogeneous ensemble methods include Error correcting output codes, Dagging and heterogeneous ensemble methods include majority voting, stacking. The proposed ensemble methods provide significant improvement of accuracy compared to individual classifiers and the proposed bagged RBF and SVM performs significantly better than ECOC and Dagging and the proposed hybrid RBF-SVM performs significantly better than voting and stacking. Also heterogeneous models exhibit better results than homogeneous models for standard datasets of intrusion detection.
Abstract: Intrusion Detection Systems are an essential tool for
network security infrastructure. However, IDSs have a serious
problem which is the generating of massive number of alerts, most of
them are false positive ones which can hide true alerts and make the
analyst confused to analyze the right alerts for report the true attacks.
The purpose behind this paper is to present a formalism model to
perform correlation engine by the reduction of false positive alerts
basing on vulnerability contextual information. For that, we propose
a formalism model based on non-monotonic JClassicδє description
logic augmented with a default (δ) and an exception (є) operator that
allows a dynamic inference according to contextual information.
Abstract: In recent years, a wide variety of applications are developed with Support Vector Machines -SVM- methods and Artificial Neural Networks -ANN-. In general, these methods depend on intrusion knowledge databases such as KDD99, ISCX, and CAIDA among others. New classes of detectors are generated by machine learning techniques, trained and tested over network databases. Thereafter, detectors are employed to detect anomalies in network communication scenarios according to user’s connections behavior. The first detector based on training dataset is deployed in different real-world networks with mobile and non-mobile devices to analyze the performance and accuracy over static detection. The vulnerabilities are based on previous work in telemedicine apps that were developed on the research group. This paper presents the differences on detections results between some network scenarios by applying traditional detectors deployed with artificial neural networks and support vector machines.
Abstract: Feature selection has been used in many fields such as
classification, data mining and object recognition and proven to be
effective for removing irrelevant and redundant features from the
original dataset. In this paper, a new design of distributed intrusion
detection system using a combination feature selection model based
on bees and decision tree. Bees algorithm is used as the search
strategy to find the optimal subset of features, whereas decision tree
is used as a judgment for the selected features. Both the produced
features and the generated rules are used by Decision Making Mobile
Agent to decide whether there is an attack or not in the networks.
Decision Making Mobile Agent will migrate through the networks,
moving from node to another, if it found that there is an attack on one
of the nodes, it then alerts the user through User Interface Agent or
takes some action through Action Mobile Agent. The KDD Cup 99
dataset is used to test the effectiveness of the proposed system. The
results show that even if only four features are used, the proposed
system gives a better performance when it is compared with the
obtained results using all 41 features.
Abstract: The method of introducing the proxy interpretation for
sending and receiving requests increase the capability of the server
and our approach UDIV (User-Data Identity Security) to solve the
data and user authentication without extending size of the data makes
better than hybrid IDS (Intrusion Detection System). And at the same
time all the security stages we have framed have to pass through less
through that minimize the response time of the request. Even though
an anomaly detected, before rejecting it the proxy extracts its identity
to prevent it to enter into system. In case of false anomalies, the
request will be reshaped and transformed into legitimate request for
further response. Finally we are holding the normal and abnormal
requests in two different queues with own priorities.
Abstract: Artificial Immune Systems (AIS), inspired by the
human immune system, are algorithms and mechanisms which are
self-adaptive and self-learning classifiers capable of recognizing and
classifying by learning, long-term memory and association. Unlike
other human system inspired techniques like genetic algorithms and
neural networks, AIS includes a range of algorithms modeling on
different immune mechanism of the body. In this paper, a mechanism
of a human immune system based on apoptosis is adopted to build an
Intrusion Detection System (IDS) to protect computer networks.
Features are selected from network traffic using Fisher Score. Based
on the selected features, the record/connection is classified as either
an attack or normal traffic by the proposed methodology. Simulation
results demonstrates that the proposed AIS based on apoptosis
performs better than existing AIS for intrusion detection.
Abstract: In this paper, we have proposed a parallel IDS and
honeypot based approach to detect and analyze the unknown and
known attack taxonomy for improving the IDS performance and
protecting the network from intruders. The main theme of our
approach is to record and analyze the intruder activities by using both
the low and high interaction honeypots. Our architecture aims to
achieve the required goals by combing signature based IDS,
honeypots and generate the new signatures. The paper describes the
basic component, design and implementation of this approach and
also demonstrates the effectiveness of this approach to reduce the
probability of network attacks.
Abstract: String matching also known as pattern matching is
one of primary concept for network security. In this area the
effectiveness and efficiency of string matching algorithms is
important for applications in network security such as network
intrusion detection, virus detection, signature matching and web
content filtering system. This paper presents brief review on some of
string matching techniques used for network security.
Abstract: As internet continues to expand its usage with an
enormous number of applications, cyber-threats have significantly
increased accordingly. Thus, accurate detection of malicious traffic in
a timely manner is a critical concern in today’s Internet for security.
One approach for intrusion detection is to use Machine Learning (ML)
techniques. Several methods based on ML algorithms have been
introduced over the past years, but they are largely limited in terms of
detection accuracy and/or time and space complexity to run. In this
work, we present a novel method for intrusion detection that
incorporates a set of supervised learning algorithms. The proposed
technique provides high accuracy and outperforms existing techniques
that simply utilizes a single learning method. In addition, our
technique relies on partial flow information (rather than full
information) for detection, and thus, it is light-weight and desirable for
online operations with the property of early identification. With the
mid-Atlantic CCDC intrusion dataset publicly available, we show that
our proposed technique yields a high degree of detection rate over 99%
with a very low false alarm rate (0.4%).
Abstract: Anomaly detection techniques have been focused on two main components: data extraction and selection and the second one is the analysis performed over the obtained data. The goal of this paper is to analyze the influence that each of these components has over the system performance by evaluating detection over network scenarios with different setups. The independent variables are as follows: the number of system inputs, the way the inputs are codified and the complexity of the analysis techniques. For the analysis, some approaches of artificial neural networks are implemented with different number of layers. The obtained results show the influence that each of these variables has in the system performance.
Abstract: In recent years intrusions on computer network are the major security threat. Hence, it is important to impede such intrusions. The hindrance of such intrusions entirely relies on its detection, which is primary concern of any security tool like Intrusion detection system (IDS). Therefore, it is imperative to accurately detect network attack. Numerous intrusion detection techniques are available but the main issue is their performance. The performance of IDS can be improved by increasing the accurate detection rate and reducing false positive. The existing intrusion detection techniques have the limitation of usage of raw dataset for classification. The classifier may get jumble due to redundancy, which results incorrect classification. To minimize this problem, Principle component analysis (PCA), Linear Discriminant Analysis (LDA) and Local Binary Pattern (LBP) can be applied to transform raw features into principle features space and select the features based on their sensitivity. Eigen values can be used to determine the sensitivity. To further classify, the selected features greedy search, back elimination, and Particle Swarm Optimization (PSO) can be used to obtain a subset of features with optimal sensitivity and highest discriminatory power. This optimal feature subset is used to perform classification. For classification purpose, Support Vector Machine (SVM) and Multilayer Perceptron (MLP) are used due to its proven ability in classification. The Knowledge Discovery and Data mining (KDD’99) cup dataset was considered as a benchmark for evaluating security detection mechanisms. The proposed approach can provide an optimal intrusion detection mechanism that outperforms the existing approaches and has the capability to minimize the number of features and maximize the detection rates.