Qiumei Cheng,Chunming Wu,Haifeng Zhou,Yuhang Zhang,Rui Wang,Wei Ruan

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00149

2018-01-01

Abstract:Guarding the perimeter of cloud-based enterprise networks is a challenge due to massive traffic with dynamic nature. Current firewalls of enterprise networks in cloud are largely based on static security rule configuration or simple rule matching, which makes them inflexible, error-prone and poorly effective, bringing about severe security risks. In this paper, we propose an artificial intelligence-based software-defined networks firewall (AI-SDNF) for solving the above problems. Compared with existing SDN firewalls, AI-SDNF is able to extract and analyze the payload of data packets based on machine learning technologies rather than simply match with flow tables according to several header fields (e.g., source and destination IP/MAC addresses). Considering deciding whether a packet is benign or malicious is able to be formulated as a typical binary classification problem, we employ logistic regression for training an intelligent SDN firewall under supervised machine learning. We implement a prototype of AI-SDNF on the OpenDaylight controller and the OpenStack platform. Based on the prototype, we evaluate its performance and overheads with real dataset. The experimental results indicate that AI-SDNF achieves a relatively high detection accuracy of 96.79% with an average of 0.2ms latency.

WANG Xiaodong,ZHU Miaoliang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.055

2005-01-01

Abstract:This paper puts forward an intellective network safe guard system based on a multi-agent system structure. The purpose of the system is to defend the intrusion of campus-wide network. It is based on IDXP and the focus is blackboard. This system can deal with multi-levels and many ways of anti-intrusions, which has self-determination. It is proved to have a good performance by spot tests.

Sudipto Baral,Sajal Saha,Anwar Haque

2024-09-20

Abstract:The exponential growth of the Internet of Things (IoT) has significantly increased the complexity and volume of cybersecurity threats, necessitating the development of advanced, scalable, and interpretable security frameworks. This paper presents an innovative, comprehensive framework for real-time IoT attack detection and response that leverages Machine Learning (ML), Explainable AI (XAI), and Large Language Models (LLM). By integrating XAI techniques such as SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) with a model-independent architecture, we ensure our framework's adaptability across various ML algorithms. Additionally, the incorporation of LLMs enhances the interpretability and accessibility of detection decisions, providing system administrators with actionable, human-understandable explanations of detected threats. Our end-to-end framework not only facilitates a seamless transition from model development to deployment but also represents a real-world application capability that is often lacking in existing research. Based on our experiments with the CIC-IOT-2023 dataset \cite{neto2023ciciot2023}, Gemini and OPENAI LLMS demonstrate unique strengths in attack mitigation: Gemini offers precise, focused strategies, while OPENAI provides extensive, in-depth security measures. Incorporating SHAP and LIME algorithms within XAI provides comprehensive insights into attack detection, emphasizing opportunities for model improvement through detailed feature analysis, fine-tuning, and the adaptation of misclassifications to enhance accuracy.

Machine Learning,Cryptography and Security

Urvashi Sangwan

DOI: https://doi.org/10.52783/jes.3233

2024-05-02

Abstract:Through the network's infrastructure, the IoT can impart perception, recognition, and remote control to inanimate objects. Due to IoT's characteristics, it's possible to integrate the real world into a digital system, which improves precision, productivity, and bottom line. While traditional internet infrastructure comprises of highly capable computers and servers, IoT gadgets have limited processing power and storage space. The authentication and key agreement system SecureAuthKey is very lightweight. The suggested technique is meant to solve the security and privacy problems that plague modern constraint-based CPS programmes. A lightweight approach for authenticating cyber-physical objects is one of the expected outcomes. Adaptation and autonomy in cyber-physical systems need not be compromised by a lack of trust or security in users' data or the devices themselves, according to a new type of security algorithm. To provide flexibility and scalability, a new middleware module has been developed on the Raspberry platform to facilitate communication between CPS-based devices and services. Secure Internet of Things (IoT) evaluation methodology that may be used in a variety of contexts and is user-focused. With the suggested system, the two CPS units will be able to authenticate one another. When a network grows larger, the possibility of an attack rises. Therefore, the IoT network is much more susceptible to attacks than conventional networks. As the number of connected devices grows, so do the number of potential threats to their security. To protect the IoT ecosystem from current threats, cutting-edge technology is essential. The proposed approach must be very efficient and have low computational overheads. It creates random session keys to protect wireless transmissions. The system is protected from a variety of cyber threats. The current constraint-based CPS system requires a new lightweight security solution.

Piyush Piyush,,,,,,,Akhilesh A. Waoo,Murlidhar Prasad Singh,Piyush Kumar Pareek,Shoaib Kamal,Shraddha V. Pandit

DOI: https://doi.org/10.54216/jisiot.120215

2024-01-01

Journal of Intelligent Systems and Internet of Things

Abstract:This research introduces an algorithmic framework for enhancing the security of Internet of Things (IoT) networks. The Enhanced Anomaly Detection (EAD) algorithm initiates the process by detecting anomalies in real-time IoT data, serving as the foundational layer. The Behavior Analysis for Profiling (BAP) algorithm builds upon EAD, adding behavior analysis for profiling and adaptive identification of abnormal behavior. Signature-Based Detection (SBD) involves pre-identified attack signatures, which supports detection of known attacks and provides proactive defense measures against documented threats. The MLID, or the Machine Learning-Based Intrusion Detection, algorithm uses trained machine learning models in order to detect anomalies and the adaptability to changing security risks. The Real-Time Threat Intelligence Integration (RTI) algorithm integrates updated threat intelligence feeds, which improves the framework's responsiveness to emerging threats. The visual representations illustrate once again the idea of the new framework being very accurate at intergration, applicability, and overal security effectiveness. The research makes a standard solution which proves to be a smart and responsive way guarding the IoT networks reducing and even fighting known and potential threats in a real-time mode.

Wei Shuhan,Yu Chengzhi,Liao Xiaoxiao,Wang Siyu

DOI: https://doi.org/10.1016/j.scs.2024.105439

IF: 11.7

2024-04-24

Sustainable Cities and Society

Abstract:In the realm of securing smart cities against emerging cyber threats, this research encompasses three distinct yet interconnected initiatives. First, a pioneering data architecture design leveraging CycleGAN is proposed to counteract False Data Injection Attacks (FDIA). By cyclically transforming data distributions, CycleGAN ensures the integrity and reliability of smart city information, fortifying against malicious manipulations. Second, an innovative Internet of Things (IoT) concept is introduced, aiming to enhance real-time monitoring and context-aware threat detection within Intrusion Detection Systems (IDS). Harnessing the wealth of data generated by IoT devices, this concept provides a comprehensive understanding of network activities, fostering adaptive responses to emerging threats. Lastly, the research delves into the development of a novel IDS hyperparameter adjusting system. This system integrates the strengths of Biogeography-Based Optimization (BBO) and Whale Optimization Algorithm (WOA) to fine-tune IDS configuration parameters. Drawing inspiration from biogeographical principles and collaborative whale behavior, the hybrid optimization system balances exploration and exploitation, adapting the IDS to diverse network environments. Together, these initiatives represent a holistic approach to fortifying smart cities through cutting-edge data architecture, IoT-driven threat detection, and optimized IDS configurations, contributing to the resilience and cybersecurity of modern urban landscapes.

energy & fuels,construction & building technology,green & sustainable science & technology

S Sivamohan,S S Sridhar

DOI: https://doi.org/10.1007/s00521-023-08319-0

Abstract:Industry 4.0 enable novel business cases, such as client-specific production, real-time monitoring of process condition and progress, independent decision making and remote maintenance, to name a few. However, they are more susceptible to a broad range of cyber threats because of limited resources and heterogeneous nature. Such risks cause financial and reputational damages for businesses, well as the theft of sensitive information. The higher level of diversity in industrial network prevents the attackers from such attacks. Therefore, to efficiently detect the intrusions, a novel intrusion detection system known as Bidirectional Long Short-Term Memory based Explainable Artificial Intelligence framework (BiLSTM-XAI) is developed. Initially, the preprocessing task using data cleaning and normalization is performed to enhance the data quality for detecting network intrusions. Subsequently, the significant features are selected from the databases using the Krill herd optimization (KHO) algorithm. The proposed BiLSTM-XAI approach provides better security and privacy inside the industry networking system by detecting intrusions very precisely. In this, we utilized SHAP and LIME explainable AI algorithms to improve interpretation of prediction results. The experimental setup is made by MATLAB 2016 software using Honeypot and NSL-KDD datasets as input. The analysis result reveals that the proposed method achieves superior performance in detecting intrusions with a classification accuracy of 98.2%.

Chathuranga Sampath Kalutharage,Xiaodong Liu,Christos Chrysoulas

DOI: https://doi.org/10.1007/978-3-031-21311-3_8

2022-01-01

Abstract:Over the past few decades, Machine Learning (ML)-based intrusion detection systems (IDS) have become increasingly popular and continue to show remarkable performance in detecting attacks. However, the lack of transparency in their decision-making process and the scarcity of attack data for training purposes pose a major challenge for the development of ML-based IDS systems for Internet of Things (IoT). Therefore, employing anomaly detection methods and interpreting predicted results in terms of feature contribution or performing feature-based impact analysis can increase stakeholders confidence. To this end, this paper presents a novel framework for IoT security monitoring, combining deep autoencoder models with Explainable Artificial Intelligence (XAI), to verify the credibility and certainty of attack detection by ML-based IDSs. Our proposed approach reduces the number of black boxes in the ML decision-making process in IoT security monitoring by explaining why a prediction is made, providing quantifiable data on which features influence the prediction and to what extent, which are generated from SHaply Adaptive values exPlanations (SHAP) linking optimal credit allocation to local explanations. This was tested using the USB-IDS benchmark dataset and a detection accuracy of 84% (benign) and 100% (attack) was achieved. Our experimental results show that integrating XAI with the autoencoder model obviates the need of malicious data for training purposes, but can provide attack certainty for detected anomalies, proving the validity of the proposed methodology.

Talaya Farasat,JongWon Kim,Joachim Posegga

2024-10-24

Abstract:This paper introduces a Testbed designed for generating network traffic, leveraging the capabilities of containers, Kubernetes, and eBPF/XDP technologies. Our Testbed serves as an advanced platform for producing network traffic for machine learning based network experiments. By utilizing this Testbed, we offer small malicious network traffic dataset publically that satisfy ground truth property completely.

Cryptography and Security,Networking and Internet Architecture

Wajid Rafique,Maqbool Khan,Nadeem Sarwar,Wanchun Dou

DOI: https://doi.org/10.1007/978-3-030-30146-0_6

2019-01-01

Abstract:Managing the huge IoT infrastructure poses a vital challenge to the network community. Software Defined Networking (SDN), due to its characteristics of centralized network management has been considered as an optimal choice to manage IoT. Edge computing brings cloud recourses near the IoT to localize the cloud demands. Consequently, SDN, IoT, and edge computing can be combined into a framework to create a resourceful SDIoT-Edge architecture to efficiently orchestrate cloud services and utilize resource-limited IoT devices in a flexible way. Besides a wide adoption of IoT, the vulnerabilities present in this less secure infrastructure can be exploited by the adversaries to attack the OpenFlow channel using Distributed Denial of Service (DDoS) attacks. DDoS on OpenFlow channel have the ability to disrupt the whole network hence, providing security for the OpenFlow channel is a key challenge in SDIoT-Edge. We propose a security framework called SDIoT-Edge Security (SIESec) against the security vulnerabilities present in this architecture. SIESec prototype employs machine learning-based classification strategy, blacklist integration, and contextual network flow filtering to efficiently defend against the DDoS attacks. We perform extensive simulations using Floodlight controller and Mininet network emulator. Our results proclaim that SIESec provides extensive security against OpenFlow channel DDoS attacks and pose a very less overhead on the network.

A. Abirami,S. Palanikumar

DOI: https://doi.org/10.24996/ijs.2023.64.11.35

2023-11-30

Iraqi Journal of Science

Abstract:is at an all-time high in the modern period, and the majority of the population uses the Internet for all types of communication. It is great to be able to improvise like this. As a result of this trend, hackers have become increasingly focused on attacking the system/network in numerous ways. When a hacker commits a digital crime, it is examined in a reactive manner, which aids in the identification of the perpetrators. However, in the modern period, it is not expected to wait for an attack to occur. The user anticipates being able to predict a cyberattack before it causes damage to the system. This can be accomplished with the assistance of the proactive forensic framework presented in this study. The proposed system combines a reactive and proactive framework. The proactive part will use machine learning-based classification algorithms to forecast the attack. Once the assault has been predicted, the reactive element of the proposed framework is used to investigate who is attempting to initiate the attack. The suggested system further emphasizes integrity and confidentiality by proposing an encryption method that encrypts the proactive module's report before decrypting it in the reactive module. The suggested elliptical curve cryptography-based security model was compared to several existing security methods in this paper.A comparison of multiple machine learning-based categorization algorithms is also performed in order to determine which is the most suitable for the proposed Network Forensic Framework. Accuracy, recall, precision, and F1 value are the performance metrics used to evaluate the various machine learning-based algorithms. According to the analysis, the suggested Network Forensic Framework is best implemented using the Extreme Gradient Boosting (XGB) technique.

Fan Yang,Shasha Zhang,Shuyu Song,Rongpeng Li,Zhifeng Zhao,Honggang Zhang

DOI: https://doi.org/10.1145/3321408.3321610

2019-01-01

Abstract:In this paper, we propose an IntelligentSDS testbed, which is based on a novel Software Defined Security (SDS) framework powered with Artificial Intelligence. In particular, IntelligentSDS aims to flexibly deploy multiple security agents to white-box devices, so as to automatically learn ongoing threats and proactively protect the network. In particular, we discuss the design and realization of OpenStack-based intelligentSDS cloud, software-defined firewall, intelligent autodetection and defense system, and honeynet.

Mohamad Hasan,Tania Malik

DOI: https://doi.org/10.34190/eccws.23.1.2505

2024-06-21

Abstract:In today's digital age, ensuring network privacy and integrity is of utmost importance. To address this, our work proposed an advanced VPN security framework that integrates open-source threat intelligence and machine learning (ML) to enhance cyber defences. By combining Wazuh for threat detection and analysis, and pfsense for firewall capabilities, with state-of-the-art ML algorithms, we present a robust VPN security solution to the challenges presented by the evolving landscape of cyber threats, representing a significant advancement in securing digital networks. This framework is strengthened by the integration of four ML algorithms— Gradient Boosted Trees (GBT), Random Forest (RF), K-Nearest Neighbors (KNN), and Dense Deep Learning (DDL)— chosen for their classification efficacy and their ability to process complex security data, thereby improving the efficiency and accuracy of threat detection. Results indicated significant improvements in threat detection accuracy following the integration of ML algorithms. The Random Forest (RF) algorithm, in particular, stood out for its exceptional accuracy and ability to handle various threat scenarios, showcasing its efficacy in identifying sophisticated cyber threats through network traffic pattern analysis. Further performance benchmarking confirmed the feasibility of deploying the advanced VPN security framework, demonstrating minimal impact on network latency and throughput.

Aamir Shahzad,Malrey Lee,Neal Naixue Xiong,Gisung Jeong,Young-Keun Lee,Jae-Young Choi,Abdul Wheed Mahesar,Iftikhar Ahmad

DOI: https://doi.org/10.3390/s16030322

2016-03-03

Abstract:In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.

Ali Alqahtani,Abdulaziz A. Alsulami,Nayef Alqahtani,Badraddin Alturki,Bandar M. Alghamdi

DOI: https://doi.org/10.3390/sym16091121

2024-09-01

Symmetry

Abstract:The Internet of Things (IoT) is an important component of the smart environment, which produces a large volume of data that is considered challenging to handle. In addition, the IoT architecture is vulnerable to many cyberattacks that can target operational devices. Therefore, there is a need for monitoring IoT traffic to analyze, detect malicious activity, and classify cyberattack types. This research proposes a security framework to monitor asymmetrical network traffic in an IoT environment. The framework offers a network intrusion detection system (NIDS) to detect and classify cyberattacks, implemented using a machine learning (ML) model residing in the middleware layer of the IoT architecture. A dimensionality reduction technique known as principal component analysis (PCA) is utilized to facilitate data transmission, which is intended to be sent from the middleware layer to the cloud layer with reduced complexity and fewer unnecessary inputs without compromising the information content. Therefore, the reduced IoT traffic data are sent to the cloud and the PCA data are retransformed to approximate the original data for visualizing the IoT traffic. The NIDS is responsible for reporting the attack type to the cloud in the event of an attack. Our findings indicate that the proposed framework has promising results in classifying the attack type, which achieved a classification accuracy of 98%. In addition, the dimension of the IoT traffic data is reduced by around 50% and it has a similarity of around 90% compared to the original data.

multidisciplinary sciences

Keke Gai,Longfei Qiu,Min Chen,Hui Zhao,Meikang Qiu

DOI: https://doi.org/10.1145/2979677

2017-01-01

ACM Transactions on Embedded Computing Systems

Abstract:The expected advanced network explorations and the growing demand for mobile data sharing and transferring have driven numerous novel applications in Cyber-Physical Systems (CPSs), such as Intelligent Transportation Systems (ITSs). However, current ITS implementations are restricted by the conflicts between security and communication efficiency. Focusing on this issue, this article proposes a Security-Aware Efficient Data Sharing and Transferring (SA-EAST) model, which is designed for securing cloud-based ITS implementations. In applying this approach, we aim to obtain secure real-time multimedia data sharing and transferring. Our experimental evaluation has shown that our proposed model provides an effective performance in securing communications for ITS.

Osvaldo Arreche,Tanish R. Guntur,Jack W. Roberts,Mustafa Abdallah

DOI: https://doi.org/10.1109/access.2024.3365140

IF: 3.9

2024-02-20

IEEE Access

Abstract:The exponential growth of intrusions on networked systems inspires new research directions on developing artificial intelligence (AI) techniques for intrusion detection systems (IDS). In particular, the need to understand and explain these AI models to security analysts (managing these IDS to safeguard their networks) motivates the usage of explainable AI (XAI) methods in real-world IDS. In this work, we propose an end-to-end framework to evaluate black-box XAI methods for network IDS. We evaluate both global and local scopes for these black-box XAI methods for network intrusion detection. We analyze six different evaluation metrics for two popular black-box XAI techniques, namely SHAP and LIME. These metrics are descriptive accuracy, sparsity, stability, efficiency, robustness, and completeness. They cover main metrics from network security and AI domains. We evaluate our XAI evaluation framework using three popular network intrusion datasets and seven AI methods with different characteristics. We release our codes for the network security community to access it as a baseline XAI framework for network IDS. Our framework shows the limitations and strengths of current black-box XAI methods when applied to network IDS.

computer science, information systems,telecommunications,engineering, electrical & electronic

Alex Mathew

DOI: https://doi.org/10.30574/wjarr.2024.22.1.1305

2024-04-30

World Journal of Advanced Research and Reviews

Abstract:This paper will delve into the integration of Artificial Intelligence (AI) and extended Berkeley Packet Filter (eBPF) technology to enhance cyber defense capability. The most important aspect of AI is detection of threats where it employs sophisticated algorithms in the analysis of large data sets to identify any form of pattern which signals a threat in cyberspace. It enhances behavioral analysis in the monitoring of user and system behavior to identify suspicious activities. AI also helps to instantly react against the threats by automatically taking actions like isolating an infected machine or blocking the suspicious network traffic in order to minimize the response time and consequent damage. AI can predict the attacks based on historical data and current trends and design proactive defense strategies. On the other hand. eBPF technology complements AI by providing programmable kernel tracing, real-time monitoring, low overhead, and security enhancements. Attaching eBPF programs to kernel hooks provides insights into network traffic, system events, and application behavior, intrusion detection, performance monitoring, and troubleshooting. Its implementation is still optimal with less performance impact on the system. The system retains its robust security stance due to the deployment of eBPF, enforcement of kernel-level security policies, and detection of malicious activities. This synergy between AI and eBPF would mean smarter cybersecurity solutions that can change adeptly with each emerging threat and help raise defenses for the organization.

Xuanyu Duan,Mengmeng Ge,Triet Huynh Minh Le,Faheem Ullah,Shang Gao,Xuequan Lu,M. Ali Babar

DOI: https://doi.org/10.1109/prdc53464.2021.00016

2021-12-01

Abstract:Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and poten-tial vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

Jahanzaib Malik,Adnan Akhunzada,Iram Bibi,Muhammad Talha,Mian Ahmad Jan,Muhammad Usman

DOI: https://doi.org/10.1109/jsen.2020.3012046

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:Intelligent transportation systems have been envisioned to bring more intelligence and cooperative sensing to meet the imminent demands of overall improved autonomous transportation. However, dynamic era of modern applications and fixed architecture of legacy Internet needs flexible, innovative, adaptive, and programmable software defined intelligent transportation systems (SD-ITS). The centralized control intelligence of SD-ITS can be a potential primary target of the prevalent cyber threats and attacks that can simply throw the entire network into chaos. The authors propose a DL-driven multi-vector scalable attack detection framework leveraging graphical processing unit (GPU) empowered Bidirectional Long Short-Term Memory (BLSTM) to efficiently tackle exponentially growing diverse sophisticated attacks that primarily target the control unit of the SD-ITS. The proposed technique has been rigorously evaluated with current state-of-the-art publicly available Flow-based dataset (i.e., CICIDS2017) using standard performance metrics. Further, the proposed mechanism is compared with contemporary benchmarks (i.e., DL algorithms). Extensive experimental results exhibit out-performance of the proposed technique in term of detection accuracy with a trivial trade-off computational complexity. Finally, the study also employed 10-fold cross validation to explicitly show unbiased results.