M. Fuentes-García,J. Camacho,G. Maciá-Fernández

DOI: https://doi.org/10.1109/ACCESS.2021.3067106

IF: 3.9

IEEE Access

Abstract:Network Security Monitoring (NSM) is a popular term to refer to the detection of security incidents by monitoring the network events. An NSM system is central for the security of current networks, given the escalation in sophistication of cyberwarfare. In this paper, we review the state-of-the-art in NSM, and derive a new taxonomy of the functionalities and modules in an NSM system. This taxonomy is useful to assess current NSM deployments and tools for both researchers and practitioners. We organize a list of popular tools according to this new taxonomy, and identify challenges in the application of NSM in modern network deployments, like Software Defined Network (SDN) and Internet of Things (IoT).

Engineering,Computer Science

Massimiliano Leone Itria,Enrico Schiavone,Nicola Nostro

DOI: https://doi.org/10.1109/csr51186.2021.9527928

2021-07-26

Abstract:This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.

Yating Liu,Yuantao Gu,Xinyue Shen,Qingmin Liao,Quan Yu

DOI: https://doi.org/10.1109/tnse.2022.3206353

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Anomaly detection is a crucial topic in network security which refers to automatically mining known and unknown attacks or threats. Many detectors have been proposed in the last decade. Nonetheless, a practical solution, which is able to provide a high True Positive Rate (TPR) with an acceptable False Positive Rate (FPR) without any prior information, is still challenging due to the complexity and variability of anomaly pattern. In this article, we propose a novel unsupervised detection system called MSCA which applies multiple sketches, K-means++ unsupervised clustering, and association rule mining to detect traffic anomalies and analyze anomalous features and correlations. It can blindly identify known and unknown traffic anomalies without any labeled traffic or prior signatures about data distribution. Rich traffic data is first aggregated and compacted to traffic flows by sketches, and further detected by the combination of clustering algorithm and voting strategy. Then association rule mining is finally utilized to find the anomalous frequent item-sets and association rules. Numerical experiments on MAWILAB datasets demonstrate that the proposed detection method outperforms other reference unsupervised detection methods. It achieves an accuracy of 99.86%, 99.97%, 97.08%, and 95.19% in overall four detection types including IP and port of source and destination.

Zehua Ren,Yang Liu,Huixiang Liu,Baoxiang Jiang,Xiangzhen Yao,Lin Li,Haiwen Yang,Ting Liu

DOI: https://doi.org/10.1109/infocomwkshps54753.2022.9798168

2022-01-01

Abstract:Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatio-temporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.

S. Arockia Jayadhas,S. Emalda Roslin,W. Florin

DOI: https://doi.org/10.1007/s11082-023-05659-y

IF: 3

2023-12-03

Optical and Quantum Electronics

Abstract:Wireless sensor networks (WMSNs) are becoming increasingly popular in many fields, from academia to transportation, environmental monitoring, wildlife preservation, and military espionage. Therefore, examining potential threats, power consumption, vulnerability recognition, and systemic vulnerability characteristics is essential to develop a reliable information security approach for WSNs. As a result, it is becoming increasingly crucial for the technical community to conduct intrusion recognition method evaluations. Since this is the case, using deep learning techniques in creating intrusion identification and mitigation systems for wireless multimedia sensor networks is essential. This article examines how well different machine learning and deep learning algorithms perform in attack identification systems. Testing the efficacy of different methods on the WMSN-DS database through experimentation is essential. In this work, we combine the power of a Convolutional Neural Network classifier with a Random Forest. To accomplish this, a Convolutional Neural Network with a Random Forest Classifier is used. The intrusion detection system (IDS) is a crucial technique proposed in this study for WMSN. To address this issue, the current study proposal uses deep Learning with a Random Forest classifier to detect and prevent attacks and to promote efficient forwarding in WMSNs. Multiple WMSN assaults have been investigated, and the results of these investigations have been critically evaluated.

engineering, electrical & electronic,optics,quantum science & technology

Xianghui Cao,Jiming Chen,Yan Zhang,Youxian Sun

DOI: https://doi.org/10.1016/j.isatra.2008.02.001

IF: 7.3

2008-01-01

ISA Transactions

Abstract:Wireless Sensor Network (WSN) is increasingly popular in the field of micro-environmental monitoring due to its promising capability. However, most systems using WSN for environmental monitoring reported in the literature are developed for specific applications without functions for exploiting user’s data processing methods. In this paper, a new system is designed in detail to perform micro-environmental monitoring taking the advantages of the WSN. The application-oriented hardware working style is designed, and the system platform for data acquisition, validation, processing and visualization is systematically presented. Several strategies are proposed to guarantee the system capability in terms of extracting useful information, visualizing events to their authentic time are also described. Moreover, a web-based surveillance subsystem is presented for remote control and monitoring. In addition, the system is extensible for engineers to carry their own data analysis algorithms. Experimental results are to show the path reliability and real-time characteristics, and to display the feasibility and applicability of the developed system into practical deployment.

P. García-Teodoro,J. Díaz-Verdejo,G. Maciá-Fernández,E. Vázquez

DOI: https://doi.org/10.1016/j.cose.2008.08.003

2009-02-01

Abstract:The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However, despite the variety of such methods described in the literature in recent years, security tools incorporating anomaly detection functionalities are just starting to appear, and several important problems remain to be solved. This paper begins with a review of the most well-known anomaly-based intrusion detection techniques. Then, available platforms, systems under development and research projects in the area are presented. Finally, we outline the main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.

computer science, information systems

Osama A. Khashan

DOI: https://doi.org/10.1016/j.adhoc.2024.103672

IF: 4.816

2025-01-01

Ad Hoc Networks

Abstract:Within wireless sensor networks (WSNs), a multitude of vulnerabilities can arise, particularly those originating from malicious nodes (MNs), which lead to compromised data integrity, network stability, and critical application reliability. Although security and energy efficiency remain critical, current MN detection methods are resource-intensive and time-consuming, rendering them unsuitable for constrained WSNs. Although machine learning-based methods excel at detecting MNs, they often incur significant time overhead owing to extensive data transmission and coordination, leading to increased latency and energy consumption within the network. This study introduces DSMND, a novel dual-stage MN detection scheme that harnesses machine learning to enhance MN identification in WSNs. The initial stage uses dynamic threshold detection and decision-tree algorithms at the cluster head (CH) level. This adaptive detection process optimizes CH resource levels, feature counts, and threshold values for efficient MN identification. When thresholds are exceeded, the second stage activates on the server side, employing an advanced MN detection model that seamlessly integrates a hybrid convolutional neural network and a random forest classifier to boost detection accuracy. Leveraging SensorNetGuard, a dataset with diverse node and network features, further enhances reliability. Extensive analysis shows that our scheme achieves up to 99.5 % detection accuracy at the CH level and nearly 100 % at the server side. The average execution time is 124.63 ms, making it 97 % faster than conventional methods. Additionally, DSMND reduces CH power consumption by up to 70 % and extends network lifetime by 2.7 times compared to existing methods. These results confirm the effectiveness of our approach for real-time detection and mitigation of MNs within WSNs.

computer science, information systems,telecommunications

Ghazi Al-Naymat,Mouhammd Al-kasassbeh,Eshraq Al-Hawari

DOI: https://doi.org/10.48550/arXiv.1809.02611

2018-09-04

Abstract:The exponential increase in the number of malicious threats on computer networks and Internet services due to a large number of attacks makes the network security at continuous risk. One of the most prevalent network attacks that threaten networks is Denial of Service (DoS) flooding attack. DoS attacks have recently become the most attractive type of attacks to attackers and these have posed devastating threats to network services. So, there is a need for effective approaches, which can efficiently detect any intrusion in the network. This paper presents an efficient mechanism for network attacks detection and types of attack classification using the Management Information Base (MIB) database associated with the Simple Network Management Protocol (SNMP) through machine learning techniques. This paper also investigates the impact of SNMP-MIB data on network anomalies detection. Three classifiers, namely, Random Forest, AdaboostM1 and MLP are used to build the detection model. The use of different classifiers presents a comprehensive study on the effectiveness of SNMP-MIB data in detecting different types of attack. Empirical results show that the machine learning techniques were quite successful in detecting and classifying the attacks with a high detection rate.

Networking and Internet Architecture

A.M. Mora,P. Merino,D. Hernández,P. García-Sánchez,A.J. Fernández-Ares

DOI: https://doi.org/10.1016/bs.adcom.2023.11.008

IF: 3.067

2024-01-07

Advances in Computers

Abstract:Cybersecurity is a major concern nowadays, involving big amounts of resources in security companies, as well as in the academia. One of the main research lines in this scope are Intrusion Detection Systems (IDSs), which are programs or methods designed to supervise (or analyze) network traffic in order to identify suspicious patterns or clear attacks to any node in the monitored network. MSNM (Multivariate Statistical Network Monitoring) is one of the state-of-the-art algorithms, able to detect different security threats inside real network traffic data with a very high performance in most types of attacks. However, semi-supervised MSNM strongly depends on a set of weights whose values are normally defined using a rather simple optimization algorithm. This chapter proposes the application of different Evolutionary Algorithm approaches in order to optimize these set of variables, aiming to increase the performance of MSNM against several types of attacks, including port scanning and botnets. To this end, we have considered a dataset, UGR′16, containing real network traffic flows, specially designed to test IDSs. In addition, we have analyzed the performance of a Particle Swarm Optimization approach. The obtained results are very promising and lead us to conclude that EAs are a great tool to improve the performance of this IDS.

computer science, software engineering, hardware & architecture

Samir Ifzarne,Hiba Tabbaa,Imad Hafidi,Nidal Lamghari

DOI: https://doi.org/10.1088/1742-6596/1743/1/012021

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract The number of Wireless sensor network (WSN) deployments have been growing so exponentially over the recent years. Due to their small size and cost-effective, WSN are attracting many industries to use them in various applications. Environmental monitoring, security of buildings and precision agriculture are few example among several other fields. However, WSN faces high security threats considering most of them are deployed in unattended nature and hostile environment. In the aim of providing secure data processing in the WSN, many techniques are proposed to protect the data privacy while being transferred from the sensors to the base station. This work is focusing on attack detection which is an essential task to secure the network and the data. Anomaly detection is a key challenge in order to ensure the security and prevent malicious attacks in wireless sensor networks. Various machine learning techniques have been used by researchers these days to detect anomalies using offline learning algorithms. On the other hand online learning classifiers have not been thoroughly addressed in the literature. Our aim is to provide an intrusion detection model compatible with the characteristics of WSN. This model is built based on information gain ratio and the online Passive aggressive classifier. Firstly, the information gain ratio is used to select the relevant features of the sensor data. Secondly, the online Passive aggressive algorithm is trained to detect and classify different type of Deny of Service attacks. The experiment was conducted on a wireless sensor network-detection system (WSN-DS) dataset. The proposed model ID-GOPA results detection rate of 96% determining whether the network is in its normal mode or exposed to any type of attack. The detection accuracy is 86%, 68%, 63%, and 46% for scheduling, grayhole, flooding and blackhole attacks, respectively, in addition to 99% for normal traffic. These results shows that our model based on offline learning can be providing good anomaly detection to the WSN and replace online learning in some cases.

Víctor Sámano-Ortega,Omar Arzate-Rivas,Juan Martínez-Nolasco,Juan Aguilera-Álvarez,Coral Martínez-Nolasco,Mauro Santoyo-Mora

DOI: https://doi.org/10.3390/s24041277

IF: 3.9

2024-02-17

Sensors

Abstract:Today, maintaining an Internet connection is indispensable; as an example, we can refer to IoT applications that can be found in fields such as environmental monitoring, smart manufacturing, healthcare, smart buildings, smart homes, transportation, energy, and others. The critical elements in IoT applications are both the Wireless Sensor Nodes (WSn) and the Wireless Sensor Networks. It is essential to state that designing an application demands a particular design of a WSn, which represents an important time consumption during the process. In line with this observation, our work describes the development of a modular WSn (MWSn) built with digital processing, wireless communication, and power supply subsystems. Then, we reduce the WSn-implementing process into the design of its modular sensing subsystem. This would allow the development and launching processes of IoT applications across different fields to become faster and easier. Our proposal presents a versatile communication between the sensing modules and the MWSn using one- or two-wired communication protocols, such as I2C. To validate the efficiency and versatility of our proposal, we present two IoT-based remote monitoring applications.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jose de Jesus Rubio,Jose Alberto Hernandez-Aguilar,Francisco Jacob Avila-Camacho,Juan Manuel Stein-Carrillo,Adolfo Melendez-Ramirez

DOI: https://doi.org/10.1016/J.RIIT.2016.06.006

2019-04-28

Abstract:In the tasks of environmental monitoring is of great importance to have compact and portable systems able to identify environmental contaminants that facilitate tasks related to waste management and environmental restoration. In this paper, a prototype sensor is described to identify contaminants in the environment. This prototype is made with an array of tin oxide SnO2 gas sensors used to identify chemical vapors, a step of data acquisition implemented with ARM (Advanced RISC Machine) low-cost platform (Arduino) and a neural network able to identify environmental contaminants automatically. The neural network is used to identify the composition of contaminant census. In the computer system, the heavy computational load is presented only in the training process, once the neural network has been trained, the operation is to spread the data across the network with a much lighter computational load, which consists mainly of a vector-matrix multiplication and a search table that holds the activation function to quickly identify unknown samples.

Machine Learning,Neural and Evolutionary Computing

Tahesin Samira Delwar,Unal Aras,Sayak Mukhopadhyay,Akshay Kumar,Ujwala Kshirsagar,Yangwon Lee,Mangal Singh,Jee-Youl Ryu

DOI: https://doi.org/10.3390/s24196377

IF: 3.9

2024-10-01

Sensors

Abstract:This study provides a thorough examination of the important intersection of Wireless Sensor Networks (WSNs) with machine learning (ML) for improving security. WSNs play critical roles in a wide range of applications, but their inherent constraints create unique security challenges. To address these problems, numerous ML algorithms have been used to improve WSN security, with a special emphasis on their advantages and disadvantages. Notable difficulties include localisation, coverage, anomaly detection, congestion control, and Quality of Service (QoS), emphasising the need for innovation. This study provides insights into the beneficial potential of ML in bolstering WSN security through a comprehensive review of existing experiments. This study emphasises the need to use ML's potential while expertly resolving subtle nuances to preserve the integrity and dependability of WSNs in the increasingly interconnected environment.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yanan Sun,Xiaohon Guan,Ting Liu,Yang Liu

DOI: https://doi.org/10.1109/infcomw.2013.6970712

2013-01-01

Abstract:In this demo, a cyber-physical monitoring system (CPMS) is developed to detect smart meter intrusion and bad data injection attacks. The basic idea of CPMS is based on the information fusion of cyber incidents and physical measurements. Snort is applied to monitor the traffic on all smart meters; and energy conservation is used to check the consistency of the meter readings. The experiments demonstrate that the CPMS accurately detect the attacks by associating the cyber and physical alerts.

Д.А. Міночкін,А.М. Нсер,D.A. Minochkin,,A.M. Nser,

DOI: https://doi.org/10.17721/2519-481x/2022/77-11

2022-01-01

Collection of scientific works of the Military Institute of Kyiv National Taras Shevchenko University

Abstract:The software methods for monitoring network security (NSM - Network Security Monitoring) are discussed. With the growth and rapid development of mobile communications, rich data and artificial intelligence technologies, we are entering the era of the mobile Internet. With the continuous intellectualization of network security and infrastructure, information technology is widely used in the field of industrial control, making network security more and more open, bringing a new network security control system to the traditional relatively closed industrial control system. Currently, there is an increase in the number of information threats and factors leading to the unstable operation of data transmission networks. The prerequisites for this growth are the mass application, the complication of the hierarchy of computer networks and the increase in their structural complexity, the increase in the heterogeneity of software and hardware, the complication of the functionality of network services, which leads to the emergence of various vulnerabilities. Under such conditions, the development and improvement of methods for identifying information threats are of great importance. One of the components of ensuring information protection of networks is software systems designed to detect harmful or suspicious activity - network security monitoring methods (NSM). Network security monitoring techniques (NSM) are used to monitor network 133 communications for information security events. For maximum effect, a combination of capturing the entire packet in addition to logging network activity is recommended. This article provides definitions of network security monitoring methods, their classification, phases of the method cycle and their description. Some of the best known and widely used multi-module NSM solutions have been reviewed. The best known examples of such combinations are IDS/IPS, SEM/SIEM and UTM. Network security monitoring is important because it checks if the first lines of defense are working, gives us the opportunity to eliminate threats before they cause real damage if there is a vulnerability somewhere in your system, and allows us to understand where these vulnerabilities are and how to fix them before something will happen.

Rodrigo Ivan Espinel Villalobos,Erick Ardila Triana,Henry Zarate Ceballos,Jorge Eduardo Ortiz Triviño

DOI: https://doi.org/10.15446/ing.investig.v42n1.87564

2021-07-16

Ingeniería e Investigación

Abstract:In network management and monitoring systems, or Network Management Stations (NMS), the Simple Network monitoring Protocol (SNMP) is normally used, with which it is possible to obtain information on the behavior, the values of the variables, and the status of the network architecture. network. However, for large corporate networks, the protocol can present latency in data collection and processing, thus making real-time monitoring difficult. This article proposes a multi-agent system based on layers, with three types of agents. This includes the collector agent, which uses a Management Information Base (MIB) value to collect information from the network equipment, an input table of information from the network devices for the consolidator agent to process the collected data and leave it in a consumable format, and its subsequent representation by the application agent as a web service, in this case, as a heat map.

Shafiullah Khan,Muhammad Altaf Khan,Noha Alnazzawi

DOI: https://doi.org/10.3390/s24051641

IF: 3.9

2024-03-03

Sensors

Abstract:Wireless sensor networks (WSNs) are essential in many areas, from healthcare to environmental monitoring. However, WSNs are vulnerable to routing attacks that might jeopardize network performance and data integrity due to their inherent vulnerabilities. This work suggests a unique method for enhancing WSN security through the detection of routing threats using feed-forward artificial neural networks (ANNs). The proposed solution makes use of ANNs' learning capabilities to model the network's dynamic behavior and recognize routing attacks like black-hole, gray-hole, and wormhole attacks. CICIDS2017 is a heterogeneous dataset that was used to train and test the proposed system in order to guarantee its robustness and adaptability. The system's ability to recognize both known and novel attack patterns enhances its efficacy in real-world deployment. Experimental assessments using an NS2 simulator show how well the proposed method works to improve routing protocol security. The proposed system's performance was assessed using a confusion matrix. The simulation and analysis demonstrated how much better the proposed system performs compared to the existing methods for routing attack detection. With an average detection rate of 99.21% and a high accuracy of 99.49%, the proposed system minimizes the rate of false positives. The study advances secure communication in WSNs and provides a reliable means of protecting sensitive data in resource-constrained settings.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rosario Fedele,Massimo Merenda

DOI: https://doi.org/10.3390/a13100254

2020-10-07

Algorithms

Abstract:Smart cities need technologies that can be really applied to raise the quality of life and environment. Among all the possible solutions, Internet of Things (IoT)-based Wireless Sensor Networks (WSNs) have the potentialities to satisfy multiple needs, such as offering real-time plans for emergency management (due to accidental events or inadequate asset maintenance) and managing crowds and their spatiotemporal distribution in highly populated areas (e.g., cities or parks) to face biological risks (e.g., from a virus) by using strategies such as social distancing and movement restrictions. Consequently, the objective of this study is to present an IoT system, based on an IoT-WSN and on algorithms (Neural Network, NN, and Shortest Path Finding) that are able to recognize alarms, available exits, assembly points, safest and shortest paths, and overcrowding from real-time data gathered by sensors and cameras exploiting computer vision. Subsequently, this information is sent to mobile devices using a web platform and the Near Field Communication (NFC) technology. The results refer to two different case studies (i.e., emergency and monitoring) and show that the system is able to provide customized strategies and to face different situations, and that this is also applies in the case of a connectivity shutdown.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications