Chunlei Fu,Qichang Duan,Li Fu,Hong Xiang,Zhongyang Xiong,Haibo Hu

2011-01-01

Abstract:Intrusion detection is not new in the area of information security. It is crucial for the intrusion alerts management system to correlate the collected intrusion alerts to reflect the causal relationships between the attack steps and construct the attack scenarios. Most of these systems, however, have been built on the relational database logging the intrusion alerts. The relational database has been proven to be a very useful model and applied in the wide area. But their persisting limitation lies in the flat structure which is not capable of representing the complex relations. An ontology is an explicit specification of a conceptualization using an agreed vocabulary. In this paper, ontology is put into use and a learning framework is presented which depicts how the intrusion alerts ontology can be learned and further enriched exploiting both the database schema and the stored data. Moreover, we introduce the vulnerabilities database to refine the ontology hierarchy and the restriction of classes and apply the ontology design pattern to represent the sequence of a series of events. The whole transitioning process is implemented in OBNAMS, an intrusion alerts management system constructed on the learned ontology automating the consisted steps.

Rohit Khedkar et al.

DOI: https://doi.org/10.52783/cienceng.v11i1.120

2023-02-18

Proceeding International Conference on Science and Engineering

Abstract:Now a days cyber crime growing and has a big effect everywhere globally. ethical hackers are normally involved in identifying flaws and recommending mitigation measures. the cyber safety international, there's a pressing need for the improvement of powerful techniques. Because of the effectiveness of machine learning in cyber security issues, machine learning for cyber security has recently become a hot topic. In cyber security, machine learning approaches have been utilized to handle important concerns such as intrusion detection, malware classification and detection, spam detection, and phishing detection. Although ML cannot fully automate a cyber-security system, it can identify cyber-security threats more efficiently than other software-oriented approaches, relieving security analysts of their burden. As a result, effective adaptive methods, such as machine learning techniques, can yield higher detection rates, lower false alarm rates, and cheaper computing and transmission costs. Our key goal is that the challenge of detecting attacks is fundamentally different from those of these other applications, making it substantially more difficult for the intrusion detection community to apply machine learning effectively. In this study, the CPS is modeled as a network of agents that move in unison with one another, with one agent acting as a leader and commanding the other agents. The proposed strategy in this study is to employ the structure of deep neural networks for the detection phase, which should tell the system of the attack's existence in the early stages of the attack. The use of robust control algorithms in the network to isolate the misbehaving agent in the leader-follower mechanism has been researched. Following the attack detection phase with a deep neural network, the control system uses the reputation algorithm to isolate the misbehaving agent in the presented control method. Experiment results show that deep learning algorithms can detect attacks more effectively than traditional methods, making cyber security simpler, more proactive, and less expensive and more expensive.

Xia Xiao-Ling,Ding Yu-Xin,Jiang Jing-Zhi,Zeng Rong

DOI: https://doi.org/10.1109/ICMLC.2017.8107737

2017-01-01

Abstract:Malware in form of Internet worms, computer viruses, and Trojan horses poses a major threat to the security of networked systems. So how to describe the behavior knowledge of malware is an interesting and meaningful work. In recent years, different ontology technologies have been proposed to represent domain knowledge. In the study, we apply ontology techniques into the field of malware detection, and propose the malware detection method based on ontology. This method is based on the behavior of malicious code, and makes a knowledge representation of the malware behaviors from a variety of perspectives. We use the common behaviors of individuals to represent the behaviors of a malware family, and use the ontology reasoning mechanism to detect unknown malware samples. Experiments show that the method has high malicious code detection rate and low false alarm rate.

Lalit Mohan Sanagavarapu,Vivek Iyer,Raghu Reddy

DOI: https://doi.org/10.48550/arXiv.2112.08554

2021-12-16

Computation and Language

Abstract:Information Security in the cyber world is a major cause for concern, with a significant increase in the number of attack surfaces. Existing information on vulnerabilities, attacks, controls, and advisories available on the web provides an opportunity to represent knowledge and perform security analytics to mitigate some of the concerns. Representing security knowledge in the form of ontology facilitates anomaly detection, threat intelligence, reasoning and relevance attribution of attacks, and many more. This necessitates dynamic and automated enrichment of information security ontologies. However, existing ontology enrichment algorithms based on natural language processing and ML models have issues with contextual extraction of concepts in words, phrases, and sentences. This motivates the need for sequential Deep Learning architectures that traverse through dependency paths in text and extract embedded vulnerabilities, threats, controls, products, and other security-related concepts and instances from learned path representations. In the proposed approach, Bidirectional LSTMs trained on a large DBpedia dataset and Wikipedia corpus of 2.8 GB along with Universal Sentence Encoder is deployed to enrich ISO 27001-based information security ontology. The model is trained and tested on a high-performance computing (HPC) environment to handle Wiki text dimensionality. The approach yielded a test accuracy of over 80% when tested with knocked-out concepts from ontology and web page instances to validate the robustness.

Yang Xin,Lingshuang Kong,Zhi Liu,Yuling Chen,Yanmiao Li,Hongliang Zhu,Mingcheng Gao,Haixia Hou,Chunhua Wang

DOI: https://doi.org/10.1109/access.2018.2836950

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the development of the Internet, cyber-attacks are changing rapidly and the cyber security situation is not optimistic. This survey report describes key literature surveys on machine learning (ML) and deep learning (DL) methods for network analysis of intrusion detection and provides a brief tutorial description of each ML/DL method. Papers representing each method were indexed, read, and summarized based on their temporal or thermal correlations. Because data are so important in ML/DL methods, we describe some of the commonly used network datasets used in ML/DL, discuss the challenges of using ML/DL for cybersecurity and provide suggestions for research directions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jun Zhang,Lei Pan,Qing-Long Han,Chao Chen,Sheng Wen,Yang Xiang

DOI: https://doi.org/10.1109/jas.2021.1004261

2022-03-01

IEEE/CAA Journal of Automatica Sinica

Abstract:With the booming of cyber attacks and cyber criminals against cyber-physical systems (CPSs), detecting these attacks remains challenging. It might be the worst of times, but it might be the best of times because of opportunities brought by machine learning (ML), in particular deep learning (DL). In general, DL delivers superior performance to ML because of its layered setting and its effective algorithm for extract useful information from training data. DL models are adopted quickly to cyber attacks against CPS systems. In this survey, a holistic view of recently proposed DL solutions is provided to cyber attack detection in the CPS context. A six-step DL driven methodology is provided to summarize and analyze the surveyed literature for applying DL methods to detect cyber attacks against CPS systems. The methodology includes CPS scenario analysis, cyber attack identification, ML problem formulation, DL model customization, data acquisition for training, and performance evaluation. The reviewed works indicate great potential to detect cyber attacks against CPS through DL modules. Moreover, excellent performance is achieved partly because of several high-quality datasets that are readily available for public use. Furthermore, challenges, opportunities, and research trends are pointed out for future research.

Qiyi He,Xiaolin Meng,Rong Qu,Ruijie Xi

DOI: https://doi.org/10.3390/math8081311

IF: 2.4

2020-01-01

Mathematics

Abstract:Connected and Autonomous Vehicle (CAV)-related initiatives have become some of the fastest expanding in recent years, and have started to affect the daily lives of people. More and more companies and research organizations have announced their initiatives, and some have started CAV road trials. Governments around the world have also introduced policies to support and accelerate the deployments of CAVs. Along these, issues such as CAV cyber security have become predominant, forming an essential part of the complications of CAV deployment. There is, however, no universally agreed upon or recognized framework for CAV cyber security. In this paper, following the UK CAV cyber security principles, we propose a UML (Unified Modeling Language)-based CAV cyber security framework, and based on which we classify the potential vulnerabilities of CAV systems. With this framework, a new CAV communication cyber-attack data set (named CAV-KDD) is generated based on the widely tested benchmark data set KDD99. This data set focuses on the communication-based CAV cyber-attacks. Two classification models are developed, using two machine learning algorithms, namely Decision Tree and Naive Bayes, based on the CAV-KDD training data set. The accuracy, precision and runtime of these two models when identifying each type of communication-based attacks are compared and analysed. It is found that the Decision Tree model requires a shorter runtime, and is more appropriate for CAV communication attack detection.

Rathish Mohan,Abhishek Vajpayee,Srikanth Gangarapu,Vishnu Vardhan Reddy Chilukoori

DOI: https://doi.org/10.22214/ijraset.2024.64150

2024-09-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: The rapidly evolving landscape of cyber threats poses significant challenges to traditional cybersecurity methods, particularly in detecting and mitigating complex attacks that combine multiple data modalities. This article introduces a novel approach utilizing Multimodal Deep Learning (MDL) to enhance cybersecurity detection and prevention capabilities. By fusing Natural Language Processing (NLP) and computer vision techniques, our proposed MDL framework demonstrates superior performance in analyzing both textual and visual data associated with potential threats. Through a series of experiments and case studies, we show that this integrated approach significantly improves detection accuracy, reduces false positives, and exhibits remarkable adaptability to emerging attack vectors. Our results indicate a 37% increase in threat detection efficiency and a 42% reduction in false positives compared to traditional unimodal methods. Furthermore, we explore the potential applications of this technology in email security, social media monitoring, and advanced malware detection. This article not only contributes to the growing body of knowledge in AI-driven cybersecurity but also provides a roadmap for future developments, including the integration of audio analysis and the application of Explainable AI (XAI) to enhance trust and transparency in MDL-based security systems.

NVA Pavan Kumar Inguva,Oludotun Oni,Jacob Bryant

DOI: https://doi.org/10.48175/ijarsct-19438

2024-08-26

Abstract:Cyber security is like a race between defensive and offensive capabilities. Day by day the attacks are increasing consequently the preventive mechanisms are also raising. The technological evolution must address the cyber security problem effectively. Cyber security is always the cutting-edge technology to which Machine learning added potentiality. Machine learning plays a crucial role cyber-attacks in various dimensions. The recent advancements in usage of Machine learning towards cyber security preventive and detective measures clearly indicates that the Cyber security certainly accelerates. But at the same time the threat framework also takes the advent of innovative machine learning models. In this paper we are intended to explore various machine learning algorithms to classify cyber-attacks, which are very useful in designing efficient threat defensive models

Zuoguang Wang,Hongsong Zhu,Peipei Liu,Limin Sun

DOI: https://doi.org/10.1186/s42400-021-00094-6

2021-08-02

Abstract:Abstract Social engineering has posed a serious threat to cyberspace security. To protect against social engineering attacks, a fundamental work is to know what constitutes social engineering. This paper first develops a domain ontology of social engineering in cybersecurity and conducts ontology evaluation by its knowledge graph application. The domain ontology defines 11 concepts of core entities that significantly constitute or affect social engineering domain, together with 22 kinds of relations describing how these entities related to each other. It provides a formal and explicit knowledge schema to understand, analyze, reuse and share domain knowledge of social engineering. Furthermore, this paper builds a knowledge graph based on 15 social engineering attack incidents and scenarios. 7 knowledge graph application examples (in 6 analysis patterns) demonstrate that the ontology together with knowledge graph is useful to 1) understand and analyze social engineering attack scenario and incident, 2) find the top ranked social engineering threat elements (e.g. the most exploited human vulnerabilities and most used attack mediums), 3) find potential social engineering threats to victims, 4) find potential targets for social engineering attackers, 5) find potential attack paths from specific attacker to specific target, and 6) analyze the same origin attacks.

computer science, information systems, interdisciplinary applications, software engineering

Shaymaa Mahmood Naser,Yossra Hussain Ali,Dhiya Al-Jumeily OBE

DOI: https://doi.org/10.3991/ijoe.v18i11.33563

2022-08-31

International Journal of Online and Biomedical Engineering (iJOE)

Abstract:Nowadays, numerous attacks can be considered high risks in terms of the security of Wireless Sensor Networks (WSN). As a result, different applications are introduced to manage the data and information exchange and related security sides to be save in transmission of data. Recently, most of the security attacks are classified as cyber ones. These attacks interest in the system halting and destroying the data rather than stealing the data. In this paper, a cyber-attacks detection system is proposed based on an intelligent hybrid model that uses deep and machine learning technologies. The proposed model improves the cyber-attack detection speed. In addition, a feature reduction model is proposed using machine learning methods (PCA and SVD) to select the most related features to the adopted classes of attacks. This can positively affect the deep-learning model complexity. The obtained results demonstrate the superiority of the proposed hybrid model-based cyber detection system in comparison to the traditional ones in reaching an accuracy of 99.98%, 100%, 100%, 100% for precision, recall, and F1-measure respectively, and reducing the time to 23s for the datasets of Message Queuing Telemetry Transport-Dataset (MQTT-DS) and Wireless Sensor Networks Dataset (WSN-DS).

Lynn Vonderhaar,Timothy Elvira,Tyler Procko,Omar Ochoa

2024-06-22

Abstract:Countless domains rely on Machine Learning (ML) models, including safety-critical domains, such as autonomous driving, which this paper focuses on. While the black box nature of ML is simply a nuisance in some domains, in safety-critical domains, this makes ML models difficult to trust. To fully utilize ML models in safety-critical domains, it would be beneficial to have a method to improve trust in model robustness and accuracy without human experts checking each decision. This research proposes a method to increase trust in ML models used in safety-critical domains by ensuring the robustness and completeness of the model's training dataset. Because ML models embody what they are trained with, ensuring the completeness of training datasets can help to increase the trust in the training of ML models. To this end, this paper proposes the use of a domain ontology and an image quality characteristic ontology to validate the domain completeness and image quality robustness of a training dataset. This research also presents an experiment as a proof of concept for this method, where ontologies are built for the emergency road vehicle domain.

Artificial Intelligence

Wan Li,Shengfeng Tian

DOI: https://doi.org/10.1016/j.eswa.2010.03.068

IF: 8.5

2010-01-01

Expert Systems with Applications

Abstract:Alert correlation techniques effectively improve the quality of alerts reported by intrusion detection systems, and are sufficient to support rapid identification of ongoing attacks or predict an intruder’s next likely goal. In our previous work, an alert correlation approach based on our XSWRL ontology has been proposed. This paper focuses on how to develop the intrusion alerts correlation system according to our alert correlation approach. At first, the multi-agent system architecture consisting of agents and sensors is shown. The sensors collect security relevant information, and the agents process the information. Then we present each modules of the system in detail. The State Sensor collects information about security state and the Local State Agent and Center State Agent preprocess the security state information and convert it to ontology. The Attack Sensor collects information about attack and the Local Alert Agent and Center Alert Agent preprocess the alert information and convert it to ontology. The Attack Correlator correlates the attacks and outputs the attack sessions.

Osama F. Zaki

2024-06-09

Abstract:In this paper I present a practical approach for coupling machine learning (ML) algorithms with knowledge bases (KB) ontology formalism. The lack of availability of prior knowledge in dynamic scenarios is without doubt a major barrier for scalable machine intelligence. My view of the interaction between the two tiers intelligence is based on the idea that when knowledge is not readily available at the knowledge base tier, more knowledge can be extracted from the other tier, which has access to trained models from machine learning algorithms. To analyse this hypothesis, I create two experiments based on different datasets, which are related directly to risk-awareness of autonomous systems, analysed by different machine learning algorithms (namely; multi-layer feedforward backpropagation, Naive Bayes, and J48 decision tree). My analysis shows that the two-tiers intelligence approach for coupling ML and KB is computationally valid and the time complexity of the algorithms during the robot mission is linear with the size of the data and knowledge.

Robotics,Artificial Intelligence

Yifan Liu,Shancang Li,Xinheng Wang,Li Xu

DOI: https://doi.org/10.32604/cmes.2024.046473

2024-01-01

Abstract:The Industrial Internet of Things (IIoT) has brought numerous benefits, such as improved efficiency, smart analytics, and increased automation. However, it also exposes connected devices, users, applications, and data generated to cyber security threats that need to be addressed. This work investigates hybrid cyber threats (HCTs), which are now working on an entirely new level with the increasingly adopted IIoT. This work focuses on emerging methods to model, detect, and defend against hybrid cyber attacks using machine learning (ML) techniques. Specifically, a novel ML-based HCT modelling and analysis framework was proposed, in which L1 regularisation and Random Forest were used to cluster features and analyse the importance and impact of each feature in both individual threats and HCTs. A grey relation analysis-based model was employed to construct the correlation between IIoT components and different threats.

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

Tong Li,Zhishuai Chen

DOI: https://doi.org/10.1016/j.jss.2020.110566

IF: 3.5

2020-01-01

Journal of Systems and Software

Abstract:Although academia has recognized the importance of explicitly specifying security requirements in early stages of system developments for years, in reality, many projects mix security requirements with other types of requirements. Thus, there is a strong need for precisely and efficiently classifying such security requirements from other requirements in requirement specifications. Existing studies leverage lexical evidence to build probabilistic classifiers, which are domain-dependent by design and cannot effectively classify security requirements from different application domains. In this paper, we propose an ontology-driven learning approach to automatically classify security requirements. Our approach consists of a conceptual layer and a linguistic layer, which understands security requirements based on not only lexical evidence but also conceptual domain knowledge. In particular, we apply a systematic approach to identify linguistic features of security requirements based on an extended security requirements ontology and linguistic knowledge, connecting the conceptual layer with the linguistic layer. Such linguistic features are then used to train domain-independent security requirements classifiers by using machine learning techniques. We have carried out a series of experiments to evaluate the performance and generalization ability of our proposal against existing approaches. The results of the experiments show that the proposed approach outperforms existing approaches with a significant increase of Fi score (0.63 VS. 0.44) when the training dataset and the testing dataset come from different application domains, i.e., the classifiers trained by our approach can be generalized to classify security requirements from different domains. (C) 2020 Elsevier Inc. All rights reserved.

Jafar Majidpour,Hiwa Hasanzadeh

DOI: https://doi.org/10.48550/arXiv.2012.08318

2020-12-13

Cryptography and Security

Abstract:Application of deep learning to enhance the accuracy of intrusion detection in modern computer networks were studied in this paper. The identification of attacks in computer networks is divided in to two categories of intrusion detection and anomaly detection in terms of the information used in the learning phase. Intrusion detection uses both routine traffic and attack traffic. Abnormal detection methods attempt to model the normal behavior of the system, and any incident that violates this model is considered to be a suspicious behavior. For example, if the web server, which is usually passive, tries to There are many addresses that are likely to be infected with the worm. The abnormal diagnostic methods are Statistical models, Secure system approach, Review protocol, Check files, Create White list, Neural Networks, Genetic Algorithm, Vector Machines, decision tree. Our results have demonstrated that our approach offers high levels of accuracy, precision and recall together with reduced training time. In our future work, the first avenue of exploration for improvement will be to assess and extend the capability of our model to handle zero-day attacks.

Sidra Abbas,Imen Bouazzi,Stephen Ojo,Abdullah Al Hejaili,Gabriel Avelino Sampedro,Ahmad Almadhor,Michal Gregus

DOI: https://doi.org/10.7717/peerj-cs.1793

2024-01-17

PeerJ Computer Science

Abstract:The Internet of Things (IoT), considered an intriguing technology with substantial potential for tackling many societal concerns, has been developing into a significant component of the future. The foundation of IoT is the capacity to manipulate and track material objects over the Internet. The IoT network infrastructure is more vulnerable to attackers/hackers as additional features are accessible online. The complexity of cyberattacks has grown to pose a bigger threat to public and private sector organizations. They undermine Internet businesses, tarnish company branding, and restrict access to data and amenities. Enterprises and academics are contemplating using machine learning (ML) and deep learning (DL) for cyberattack avoidance because ML and DL show immense potential in several domains. Several DL teachings are implemented to extract various patterns from many annotated datasets. DL can be a helpful tool for detecting cyberattacks. Early network data segregation and detection thus become more essential than ever for mitigating cyberattacks. Numerous deep-learning model variants, including deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs), are implemented in the study to detect cyberattacks on an assortment of network traffic streams. The Canadian Institute for Cybersecurity's CICDIoT2023 dataset is utilized to test the efficacy of the proposed approach. The proposed method includes data preprocessing, robust scalar and label encoding techniques for categorical variables, and model prediction using deep learning models. The experimental results demonstrate that the RNN model achieved the highest accuracy of 96.56%. The test results indicate that the proposed approach is efficient compared to other methods for identifying cyberattacks in a realistic IoT environment.

computer science, information systems, artificial intelligence, theory & methods