Hassan Hadi Al-Maksousy,Michele C. Weigle,Cong Wang

DOI: https://doi.org/10.1109/ths.2018.8574174

2018-01-01

Abstract:Malware detection is an important problem. We propose an efficient real-time system to detect and classify malware based on network behavior using deep neural networks. We show that the splitting of the system into two neural networks, detection and analysis, is the key to increasing accuracy. Therefore, this approach allows for the construction of a real-time monitoring system with very low CPU usage. Finally, we provide a comparison analysis of four machine learning classifiers for this task.

Vladimir Ciric,Marija Milosevic,Danijel Sokolovic,Ivan Milentijevic

DOI: https://doi.org/10.1016/j.simpat.2024.102916

IF: 4.199

2024-02-01

Simulation Modelling Practice and Theory

Abstract:In an increasingly digitalized world, cybersecurity has emerged as a critical component of safeguarding sensitive information and infrastructure from malicious threats. The threat actors are often in line or even one step ahead of the defense, causing the increasing reliance of security teams on artificial intelligence while trying to detect zero-day attacks. However, most of the cybersecurity solutions based on artificial intelligence that can be found in the literature are trained and tested on reference datasets that are at least five or more years old, which gives a vague insight into their security performances. Moreover, they often tend to be designed as isolated, self-focused components. The aim of this paper is to design and implement a modular network intrusion detection architecture capable of simulating cyberattacks based on real-world scenarios while evaluating its defense capabilities. The architecture is designed as a full pipeline from real-time network data collection and transformation to threat-information presentation and visualization, with a pre-trained artificial intelligence module at its core. Well-known components like CICFlowMeter, Prometheus, and Grafana are used and modified to fit our data preparation and core modules to form the proposed architecture for real-world network traffic security monitoring. For the sake of cyberattack simulation, the proposed architecture is situated within a virtual environment, surrounded by the Kali Linux-based penetration simulation agent on one side and a vulnerable agent on the other. The intrusion detection artificial intelligence module is trained on the CICIDS-2017 dataset, and it is demonstrated using the proposed architecture that, despite being trained on an outdated dataset, the trained module is still effective in detecting sophisticated modern attacks. Two case studies are given to illustrate how modular architectures and virtual environments can be valuable tools to assess the security properties of artificial intelligence-based solutions through simulation in real-world scenarios.

computer science, interdisciplinary applications, software engineering

Emmanuel Baldwin Mbaya,Emmanuel Adetiba,Joke A. Badejo,John Simon Wejin,Oluwadamilola Oshin,Olisaemeka Isife,Surendra Colin Thakur,Sibusiso Moyo,Ezekiel F. Adebiyi

DOI: https://doi.org/10.1109/access.2023.3325992

IF: 3.9

2023-01-01

IEEE Access

Abstract:Cloud computing is a technology for efficiently using computing infrastructures and a business model for selling computing resources and services. However, intruders find such complex and distributed infrastructures appealing targets for cyber-attacks. Cyber-attacks are severe threats that can jeopardize the quality of service provided to clients and compromise data integrity, confidentiality, and availability. Cyber-attacks are becoming more complex, making it more challenging to detect intrusions effectively. Due to the high traffic and increased malicious activities on the Internet, a single Intrusion Detection System (IDS) can be overwhelmed. Despite the various Deep Learning (DL) approaches that have been proposed as alternative solutions, there are still pertinent security issues to be addressed especially in federated cloud computing domains. This work proposes a Secure Federated Intrusion Detection Model Version 1 (SecFedIDM-V1) using blockchain technology and Bidirectional Long Short-Term Memory (BiLSTM) Recurrent Neural Network (RNN). The Cobourg Intrusion Detection Dataset (CIDDS) was acquired, pre-processed and split into 60:20:20, 70:15:15, and 80:10:10 for training, testing, and validation respectively to develop the proposed intrusion traffic classification component of the proposed model. The developed SecFedIDM-V1 was later deployed as a Python-based web application that captures network packets for classifying attacks into normal or an attack type. The attack packets are recorded in a Hyperledger Fabric (a private blockchain technology) to serve as a signature database to be used by other nodes in the network. From the evaluation results of the intrusion classifier, the 80:10:10 BiLSTM network performed better than GRU with a Precision of 0.99624, Recall of 0.99906, F1 Score of 0.99614, False Positive Rate (FPR) of 0.00094, False Negative Rate (FNR) of 0.00395 and True Positive Rate (TPR) of 0.99605. The SecFedIDM-V1 can be deployed alongside Firewalls in a federated cloud computing environment to reinforce the security of the infrastructure.

computer science, information systems,telecommunications,engineering, electrical & electronic

Menghao Fang,Yixiang Wang,Liangbin Yang,Haorui Wu,Zilin Yin,Xiang Liu,Zexian Xie,Zixiao Kong

DOI: https://doi.org/10.3390/electronics13091711

IF: 2.9

2024-04-30

Electronics

Abstract:Web3.0, as the link between the physical and digital domains, faces increasing security threats due to its inherent complexity and openness. Traditional intrusion detection systems (IDSs) encounter formidable challenges in grappling with the multidimensional and nonlinear traffic data characteristic of the Web3.0 environment. Such challenges include insufficient samples of attack data, inadequate feature extraction, and resultant inaccuracies in model classification. Moreover, the scarcity of certain traffic data available for analysis by IDSs impedes the system's capacity to document instances of malicious behavior. In response to these exigencies, this paper presents a novel approach to Web3.0 intrusion detection, predicated on the utilization of cycle-consistent generative adversarial networks (CycleGANs). Leveraging the data transformation capabilities of its generator, this method facilitates bidirectional conversion between normal Web3.0 behavioral data and potentially intrusive behavioral data. This transformative process not only augments the diversity and volume of recorded intrusive behaviors but also clandestinely simulates various attack scenarios. Furthermore, through fostering mutual competition and learning between the discriminator and generator, the approach enhances the ability to discern the defining characteristics of potential intrusive behaviors, thereby bolstering the accuracy of intrusion detection. To substantiate the efficacy of the CycleGAN-based intrusion detection method, simulation experiments were conducted utilizing public datasets, including KDD CUP 1999 (KDD), CIC-DDOS2019, CIC-IDS2018, and SR-BH 2020. The experimental findings evince the method's remarkable accuracies across the four datasets, attaining rates of 99.81%, 97.79%, 89.25%, and 95.15%, respectively, while concurrently maintaining low false-positive rates. This research contributes novel insights and methodologies toward the advancement of Web3.0 intrusion detection through the application of CycleGAN technology, which is poised to play a pivotal role in fortifying the security landscape of Web3.0.

engineering, electrical & electronic,physics, applied,computer science, information systems

Alice Bizzarri,Chung-En Yu,Brian Jalaian,Fabrizio Riguzzi,Nathaniel D. Bastian

2024-06-03

Abstract:The prevailing approaches in Network Intrusion Detection Systems (NIDS) are often hampered by issues such as high resource consumption, significant computational demands, and poor interpretability. Furthermore, these systems generally struggle to identify novel, rapidly changing cyber threats. This paper delves into the potential of incorporating Neurosymbolic Artificial Intelligence (NSAI) into NIDS, combining deep learning's data-driven strengths with symbolic AI's logical reasoning to tackle the dynamic challenges in cybersecurity, which also includes detailed NSAI techniques introduction for cyber professionals to explore the potential strengths of NSAI in NIDS. The inclusion of NSAI in NIDS marks potential advancements in both the detection and interpretation of intricate network threats, benefiting from the robust pattern recognition of neural networks and the interpretive prowess of symbolic reasoning. By analyzing network traffic data types and machine learning architectures, we illustrate NSAI's distinctive capability to offer more profound insights into network behavior, thereby improving both detection performance and the adaptability of the system. This merging of technologies not only enhances the functionality of traditional NIDS but also sets the stage for future developments in building more resilient, interpretable, and dynamic defense mechanisms against advanced cyber threats. The continued progress in this area is poised to transform NIDS into a system that is both responsive to known threats and anticipatory of emerging, unseen ones.

Cryptography and Security,Artificial Intelligence,Symbolic Computation

Guru Bhandari,Andreas Lyth,Andrii Shalaginov,Tor-Morten Grønli

DOI: https://doi.org/10.3390/electronics12020298

IF: 2.9

2023-01-07

Electronics

Abstract:Cyberattacks always remain the major threats and challenging issues in the modern digital world. With the increase in the number of internet of things (IoT) devices, security challenges in these devices, such as lack of encryption, malware, ransomware, and IoT botnets, leave the devices vulnerable to attackers that can access and manipulate the important data, threaten the system, and demand ransom. The lessons from the earlier experiences of cyberattacks demand the development of the best-practices benchmark of cybersecurity, especially in modern Smart Environments. In this study, we propose an approach with a framework to discover malware attacks by using artificial intelligence (AI) methods to cover diverse and distributed scenarios. The new method facilitates proactively tracking network traffic data to detect malware and attacks in the IoT ecosystem. Moreover, the novel approach makes Smart Environments more secure and aware of possible future threats. The performance and concurrency testing of the deep neural network (DNN) model deployed in IoT devices are computed to validate the possibility of in-production implementation. By deploying the DNN model on two selected IoT gateways, we observed very promising results, with less than 30 kb/s increase in network bandwidth on average, and just a 2% increase in CPU consumption. Similarly, we noticed minimal physical memory and power consumption, with 0.42 GB and 0.2 GB memory usage for NVIDIA Jetson and Raspberry Pi devices, respectively, and an average 13.5% increase in power consumption per device with the deployed model. The ML models were able to demonstrate nearly 93% of detection accuracy and 92% f1-score on both utilized datasets. The result of the models shows that our framework detects malware and attacks in Smart Environments accurately and efficiently.

engineering, electrical & electronic,computer science, information systems,physics, applied

Guntur Dharma Putra,Volkan Dedeoglu,Abhinav Pathak,Salil S. Kanhere,Raja Jurdak

DOI: https://doi.org/10.1109/Blockchain53845.2021.00048

2021-10-21

Abstract:Intrusion Detection Systems (IDS) have been the industry standard for securing IoT networks against known attacks. To increase the capability of an IDS, researchers proposed the concept of blockchain-based Collaborative-IDS (CIDS), wherein blockchain acts as a decentralised platform allowing collaboration between CIDS nodes to share intrusion related information, such as intrusion alarms and detection rules. However, proposals in blockchain-based CIDS overlook the importance of continuous evaluation of the trustworthiness of each node and generally work based on the assumption that the nodes are always honest. In this paper, we propose a decentralised CIDS that emphasises the importance of building trust between CIDS nodes. In our proposed solution, each CIDS node exchanges detection rules to help other nodes detect new types of intrusion. Our architecture offloads the trust computation to the blockchain and utilises a decentralised storage to host the shared trustworthy detection rules, ensuring scalability. Our implementation in a lab-scale testbed shows that the our solution is feasible and performs within the expected benchmarks of the Ethereum platform.

Cryptography and Security

Junwei Xie

DOI: https://doi.org/10.1007/s44196-024-00492-x

IF: 2.259

2024-05-08

International Journal of Computational Intelligence Systems

Abstract:The intricacy of wireless network ecosystems and Internet of Things (IoT) connected devices have increased rapidly as technology advances and cyber threats increase. The existing methods cannot make sequential decisions in complex network environments, particularly in scenarios with partial observability and non-stationarity. Network awareness monitors and comprehends the network's assets, vulnerabilities, and ongoing activities in real-time. Advanced analytics, machine learning algorithms, and artificial intelligence are used to improve risk perception by analyzing massive amounts of information, identifying trends, and anticipating future security breaches. Hence, this study suggests the Deep Reinforcement Learning-assisted Network Awareness Risk Perception and Prevention Model (DRL-NARPP) for detecting malicious activity in cybersecurity. The proposed system begins with the concept of network awareness, which uses DRL algorithms to constantly monitor and evaluate the condition of the network in terms of factors like asset configurations, traffic patterns, and vulnerabilities. DRL provides autonomous learning and adaptation to changing network settings, revealing the ever-changing nature of network awareness risks in real time. Incorporating DRL into risk perception increases the system's capacity to recognize advanced attack methods while simultaneously decreasing the number of false positives and enhancing the reliability of risk assessments. DRL algorithms drive dynamic and context-aware response mechanisms, making up the adaptive network prevention component of the development. Predicting new threats and proactively deploying preventive measures, such as changing firewall rules, isolating compromised devices, or dynamically reallocating resources to reduce developing risks, is made possible by the system's ability to learn from historical data and prevailing network activity. The suggested DRL-NARPP model increases the anomaly detection rate by 98.3%, the attack prediction accuracy rate by 97.4%, and the network risk assessment ratio by 96.4%, reducing the false positive ratio by 11.2% compared to other popular methodologies.

computer science, artificial intelligence, interdisciplinary applications

Mert Nakıp,Baran Can Gül,Erol Gelenbe

2023-11-28

Abstract:Cyberattacks are increasingly threatening networked systems, often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. Such attacks can also target multiple components of a Supply Chain, which can be protected via Machine Learning (ML)-based Intrusion Detection Systems (IDSs). However, the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data, while distributed systems such as Supply Chains have multiple components, each of which must preserve its private data while being targeted by the same attack To address this issue, this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture based on the G-Network model with collaborative learning, that allows each IDS used by a specific component to learn from the experience gained in other components, in addition to its own local data, without violating the data privacy of other components. The performance evaluation results using public Kitsune and Bot-IoT datasets show that DOF-ID significantly improves the intrusion detection performance in all of the collaborating components, with acceptable computation time for online learning.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Ahmad Zainudin,Made Adi Paramartha Putra,Revin Naufal Alief,Rubina Akter,Dong-Seong Kim,Jae-Min Lee

DOI: https://doi.org/10.1109/jiot.2024.3364247

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The heterogeneous connections in metaverse environments pose vulnerabilities to cyber-attacks. To prevent and mitigate malicious network activities in a distributed metaverse, conventional intrusion detection systems (IDS) have communication overhead and privacy concerns. Federated learning (FL) techniques are widely employed to develop IDS frameworks and enable privacy-preserving collaborative learning schemes in decentralized ecosystems. However, the vanilla FL system utilizes a centralized FL aggregation technique, which introduces a single point of failure (SPoF) and potential unauthorized aggregators, allowing malicious clients to inject false data parameters, known as poisoning attacks. Furthermore, low-quality clients in the FL system can result in degraded model performance and hinder convergence. This study proposes a secure and reliable blockchain-aided federated learning (BFL)-based IDS framework using a lightweight model for securing metaverse. An authorized federated IDS is proposed to establish a trustworthy decentralized aggregation mechanism, utilizing proof-of-authority (PoA) consensus. The proposed federated IDS implemented a hybrid client selection (HCS) technique, considering the accuracy and reputation of client histories, to select high-quality metaverse edge devices. Additionally, a fairness ERC-20 token-based incentive mechanism was developed to reward selected FL clients as a token of appreciation for their contribution to the FL training processes. According to the IDS framework measurements, the proposed model performs better than the existing approaches for detecting cyber-attacks in metaverse environments, achieving an accuracy of 99.28% with trainable parameters of 1.8K and mega floating-point operations (MFLOPs) of 0.0016.

computer science, information systems,telecommunications,engineering, electrical & electronic

Krishna Kumar Ponniah,Bharathi Retnaswamy

DOI: https://doi.org/10.3233/jifs-221873

2023-10-14

Journal of Intelligent & Fuzzy Systems

Abstract:The Internet of Things (IoT) integrated Cloud (IoT-Cloud) has gotten much attention in the past decade. This technology's rapid growth makes it even more critical. As a result, it has become critical to protect data from attackers to maintain its integrity, confidentiality, protection, privacy, and the procedures required to handle it. Existing methods for detecting network anomalies are typically based on traditional machine learning (ML) models such as linear regression (LR), support vector machine (SVM), and so on. Although these methods can produce some outstanding results, they have low accuracy and rely heavily on manual traffic feature design, which has become obsolete in the age of big data. To overcome such drawbacks in intrusion detection (ID), this paper proposes a new deep learning (DL) model namely Morlet Wavelet Kernel Function included Long Short-Term Memory (MWKF-LSTM), to recognize the intrusions in the IoT-Cloud environment. Initially, to maintain a user's privacy in the network, the SHA-512 hashing mechanism incorporated a blockchain authentication (SHABA) model is developed that checks the authenticity of every device/user in the network for data uploading in the cloud. After successful authentication, the data is transmitted to the cloud through various gateways. Then the intrusion detection system (IDS) using MWKF-LSTM is implemented to identify the type of intrusions present in the received IoT data. The MWKF-LSTM classifier comes up with the Differential Evaluation based Dragonfly Algorithm (DEDFA) optimal feature selection (FS) model for increasing the performance of the classification. After ID, the non-attacked data is encrypted and stored in the cloud securely utilizing Enhanced Elliptical Curve Cryptography (E2CC) mechanism. Finally, in the data retrieval phase, the user's authentication is again checked to ensure user privacy and prevent the encrypted data in the cloud from intruders. Simulations and statistical analysis are performed, and the outcomes prove the superior performance of the presented approach over existing models.

J S Shyam Mohan,M .Thirunavukkarasu,N .Kumaran,D. Thamaraiselvi

DOI: https://doi.org/10.1016/j.suscom.2023.100955

2024-02-10

Sustainable Computing: Informatics and Systems

Abstract:Network security situation assessment (NSSA) is imperative and active defense technology in the network security situation. By examining NSSA data, one can examine the threat of network security and examine the network attack phase and hence fully grasp the complete network security situation. With the quick design of 5 G, the cloud model and Internet of things (IoT), the network platform is increasingly complicated and resulting in diversity of network threats which discover the accuracy. Thus, a new blockchain based cyber-security threat intelligence (CTI) and situational awareness system is devised for intrusion alert prediction. A blockchain-based CTI model is considered where data acquired are allowed to linear normalization. Here, the cyber situational awareness engine is used for alert segregation, which is implemented with entropy weighting power k means algorithm wherein weights generated during alert segregation are updated using Adaptive Transit Search (ATS). Then, the feature selection is implemented using hybrid Soergel and Lorentzian. The selected features are fed to Deep Maxout Network (DMN) for performing intrusion alert prediction. Finally, the cyber attack mitigation is carried out by blacklisting based on predicted result. The modified DMN outperformed with highest F-measure of 95.2%, precision of 96.9% and recall of 94.7%.

computer science, information systems, hardware & architecture

Sidra Abbas,Shtwai Alsubai,Stephen Ojo,Gabriel Avelino Sampedro,Ahmad Almadhor,Abdullah Al Hejaili,Imen Bouazzi,Abbas, Sidra,Ojo, Stephen,Sampedro, Gabriel Avelino

DOI: https://doi.org/10.1007/s11227-024-05993-2

IF: 3.3

2024-03-10

The Journal of Supercomputing

Abstract:The rapid growth of Internet of Things (IoT) devices has changed human interactions with the environment. IoT networks require specialized defense strategies distinct from traditional corporate contexts. Security measures such as anti-malware software, firewalls, authentication protocols, and encryption techniques are established but face limitations against evolving attack strategies. Therefore, this study proposes an intrusion detection approach for a realistic IoT environment, employing various variants of deep learning models such as deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs). The research tested three variants for each model: DNN1, DNN2, DNN3, CNN1, CNN2, CNN3, RNN1, RNN2, RNN3 . All these variants are customized and tuned differently to analyze the efficacy of the suggested methodology. Likewise, notable observation highlights the significance of aligning training and validation accuracy curves that indicate controlled overfitting, validating the model's reliability in accurately predicting intrusion and benign network traffic in IoT settings. Results reveal that RNN1 achieves the best results: accuracy of 98.61%, precision of 98.55%, recall of 98.61%, and F1-score of 98.57% compared with other DNN and CNN architectures and benchmark papers. This study advances intrusion detection within IoT networks through a comprehensive evaluation of deep learning models and inspires ongoing research to enhance intrusion detection systems' resilience in dynamic IoT environments.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

Sabrine Ennaji,Fabio De Gaspari,Dorjan Hitaj,Alicia Kbidi,Luigi V. Mancini

2024-10-22

Abstract:Machine learning has brought significant advances in cybersecurity, particularly in the development of Intrusion Detection Systems (IDS). These improvements are mainly attributed to the ability of machine learning algorithms to identify complex relationships between features and effectively generalize to unseen data. Deep neural networks, in particular, contributed to this progress by enabling the analysis of large amounts of training data, significantly enhancing detection performance. However, machine learning models remain vulnerable to adversarial attacks, where carefully crafted input data can mislead the model into making incorrect predictions. While adversarial threats in unstructured data, such as images and text, have been extensively studied, their impact on structured data like network traffic is less explored. This survey aims to address this gap by providing a comprehensive review of machine learning-based Network Intrusion Detection Systems (NIDS) and thoroughly analyzing their susceptibility to adversarial attacks. We critically examine existing research in NIDS, highlighting key trends, strengths, and limitations, while identifying areas that require further exploration. Additionally, we discuss emerging challenges in the field and offer insights for the development of more robust and resilient NIDS. In summary, this paper enhances the understanding of adversarial attacks and defenses in NIDS and guide future research in improving the robustness of machine learning models in cybersecurity applications.

Cryptography and Security,Emerging Technologies,Networking and Internet Architecture

Wenjuan Li,Philip Rosenberg,Mads Glisby,Michael Han

DOI: https://doi.org/10.1016/j.jisa.2024.103713

IF: 4.96

2024-01-31

Journal of Information Security and Applications

Abstract:The Internet of Things (IoT) with its evolution brings many benefits to people's routine life, while at the same time posing various security challenges, due to the lack of software updates and access control policies. For protection, collaborative/distributed detection networks are one essential security solution, which can enhance the detection capability of a separate detection node by governing a set of eligible detection nodes to share information. However, internal intruders/attacks are the main threat source to the distributed structure including both IoT and CIDNs. In the literature, the CIDNs with challenge-based trust mechanism is found to be secure under many common external threats, but would be ineffective to advanced insider threats. Motivated by this issue, this work considers the factor of energy consumption and develops an enhanced challenge-based CIDN, called EnergyCIDN. The main idea relies on the observation that advanced attacks should consume more energy than a benign node. Under the evaluation on our EnergyCIDN, we conduct a set of experiments and tests in many scenarios, including simulated network, practical IoT network, and medical network. In comparison with the existing similar approaches, our EnergyCIDN showcases better detection capability regarding both common and advanced insider attacks.

computer science, information systems

Muhammad Ashfaq Khan

DOI: https://doi.org/10.3390/pr9050834

IF: 3.5

2021-05-10

Processes

Abstract:Nowadays, network attacks are the most crucial problem of modern society. All networks, from small to large, are vulnerable to network threats. An intrusion detection (ID) system is critical for mitigating and identifying malicious threats in networks. Currently, deep learning (DL) and machine learning (ML) are being applied in different domains, especially information security, for developing effective ID systems. These ID systems are capable of detecting malicious threats automatically and on time. However, malicious threats are occurring and changing continuously, so the network requires a very advanced security solution. Thus, creating an effective and smart ID system is a massive research problem. Various ID datasets are publicly available for ID research. Due to the complex nature of malicious attacks with a constantly changing attack detection mechanism, publicly existing ID datasets must be modified systematically on a regular basis. So, in this paper, a convolutional recurrent neural network (CRNN) is used to create a DL-based hybrid ID framework that predicts and classifies malicious cyberattacks in the network. In the HCRNNIDS, the convolutional neural network (CNN) performs convolution to capture local features, and the recurrent neural network (RNN) captures temporal features to improve the ID system’s performance and prediction. To assess the efficacy of the hybrid convolutional recurrent neural network intrusion detection system (HCRNNIDS), experiments were done on publicly available ID data, specifically the modern and realistic CSE-CIC-DS2018 data. The simulation outcomes prove that the proposed HCRNNIDS substantially outperforms current ID methodologies, attaining a high malicious attack detection rate accuracy of up to 97.75% for CSE-CIC-IDS2018 data with 10-fold cross-validation.

engineering, chemical

Soroush M. Sohi,Jean-Pierre Seifert,Fatemeh Ganji

DOI: https://doi.org/10.1016/j.cose.2020.102151

2020-12-21

Abstract:Security of information passing through the Internet is threatened by today's most advanced malware ranging from orchestrated botnets to simpler polymorphic worms. These threats, as examples of zero-day attacks, are able to change their behavior several times in the early phases of their existence to bypass the network intrusion detection systems (NIDS). In fact, even well-designed, and frequently-updated signature-based NIDS cannot detect the zero-day treats due to the lack of an adequate signature database, adaptive to intelligent attacks on the Internet. More importantly, having an NIDS, it should be tested on malicious traffic dataset that not only represents known attacks, but also can to some extent reflect the characteristics of unknown, zero-day attacks. Generating such traffic is identified in the literature as one of the main obstacles for evaluating the effectiveness of NIDS. To address these issues, we introduce RNNIDS that applies Recurrent Neural Networks (RNNs) to find complex patterns in attacks and generate similar ones. In this regard, for the first time, we demonstrate that RNNs are helpful to generate new, unseen mutants of attacks as well as synthetic signatures from the most advanced malware to improve the intrusion detection rate. Besides, to further enhance the design of an NIDS, RNNs can be employed to generate malicious datasets containing, e.g., unseen mutants of a malware. To evaluate the feasibility of our approaches, we conduct extensive experiments by incorporating publicly available datasets, where we show a considerable improvement in the detection rate of an off-the-shelf NIDS (up to 16.67%).

Cryptography and Security

Nadia Chaabouni,Mohamed Mosbah,Akka Zemmari,Cyrille Sauvignac,Parvez Faruki

DOI: https://doi.org/10.1109/comst.2019.2896380

2019-01-01

Abstract:Pervasive growth of Internet of Things (IoT) is visible across the globe. The 2016 Dyn cyberattack exposed the critical fault-lines among smart networks. Security of IoT has become a critical concern. The danger exposed by infested Internet-connected Things not only affects the security of IoT but also threatens the complete Internet eco-system which can possibly exploit the vulnerable Things (smart devices) deployed as botnets. Mirai malware compromised the video surveillance devices and paralyzed Internet via distributed denial of service attacks. In the recent past, security attack vectors have evolved bothways, in terms of complexity and diversity. Hence, to identify and prevent or detect novel attacks, it is important to analyze techniques in IoT context. This survey classifies the IoT security threats and challenges for IoT networks by evaluating existing defense techniques. Our main focus is on network intrusion detection systems (NIDSs); hence, this paper reviews existing NIDS implementation tools and datasets as well as free and open-source network sniffing software. Then, it surveys, analyzes, and compares state-of-the-art NIDS proposals in the IoT context in terms of architecture, detection methodologies, validation strategies, treated threats, and algorithm deployments. The review deals with both traditional and machine learning (ML) NIDS techniques and discusses future directions. In this survey, our focus is on IoT NIDS deployed via ML since learning algorithms have a good success rate in security and privacy. The survey provides a comprehensive review of NIDSs deploying different aspects of learning techniques for IoT, unlike other top surveys targeting the traditional systems. We believe that, this paper will be useful for academia and industry research, first, to identify IoT threats and challenges, second, to implement their own NIDS and finally to propose new smart techniques in IoT context considering IoT limitations. Moreover, the s-rvey will enable security individuals differentiate IoT NIDS from traditional ones.

computer science, information systems,telecommunications