Mayra Macas,Chunming Wu

DOI: https://doi.org/10.1109/latincom50620.2020.9282324

2020-01-01

Abstract:As the number of cyber-attacks is increasing, cybersecurity is evolving to a key concern for any business. Artificial Intelligence (AI) and Machine Learning (ML) (in particular Deep Learning - DL) can be leveraged as key enabling technologies for cyber-defense, since they can contribute in threat detection and can even provide recommended actions to cyber analysts. A partnership of industry, academia, and government on a global scale is necessary in order to advance the adoption of AI/ML to cybersecurity and create efficient cyber defense systems. In this paper, we are concerned with the investigation of the various deep learning techniques employed for network intrusion detection and we introduce a DL framework for cybersecurity applications.

Anum Talpur,Mohan Gurusamy

DOI: https://doi.org/10.1109/COMST.2021.3129079

2021-08-19

Abstract:Machine Learning (ML) has emerged as an attractive and viable technique to provide effective solutions for a wide range of application domains. An important application domain is vehicular networks wherein ML-based approaches are found to be very useful to address various problems. The use of wireless communication between vehicular nodes and/or infrastructure makes it vulnerable to different types of attacks. In this regard, ML and its variants are gaining popularity to detect attacks and deal with different kinds of security issues in vehicular communication. In this paper, we present a comprehensive survey of ML-based techniques for different security issues in vehicular networks. We first briefly introduce the basics of vehicular networks and different types of communications. Apart from the traditional vehicular networks, we also consider modern vehicular network architectures. We propose a taxonomy of security attacks in vehicular networks and discuss various security challenges and requirements. We classify the ML techniques developed in the literature according to their use in vehicular network applications. We explain the solution approaches and working principles of these ML techniques in addressing various security challenges and provide insightful discussion. The limitations and challenges in using ML-based methods in vehicular networks are discussed. Finally, we present observations and lessons learned before we conclude our work.

Machine Learning,Cryptography and Security,Networking and Internet Architecture

Song Wang,Juan Fernando Balarezo,Sithamparanathan Kandeepan,Akram Al-Hourani,Karina Gomez Chavez,Benjamin Rubinstein

DOI: https://doi.org/10.1109/access.2021.3126834

IF: 3.9

2021-01-01

IEEE Access

Abstract:Anomalies could be the threats to the network that have ever/never happened. To protect networks against malicious access is always challenging even though it has been studied for a long time. Due to the evolution of network in both new technologies and fast growth of connected devices, network attacks are getting versatile as well. Comparing to the traditional detection approaches, machine learning is a novel and flexible method to detect intrusions in the network, it is applicable to any network structure. In this paper, we introduce the challenges of anomaly detection in the traditional network, as well as in the next generation network, and review the implementation of machine learning in the anomaly detection under different network contexts. The procedure of each machine learning category is explained, as well as the methodologies and advantages are presented. The comparison of using different machine learning models is also summarised.

computer science, information systems,telecommunications,engineering, electrical & electronic

Alan Fuad Jahwar,Siddeeq Y. Ameen,,

DOI: https://doi.org/10.30880/jscdm.2021.02.02.002

2021-10-15

Journal of Soft Computing and Data Mining

Abstract:Machin learning (ML) and Deep Learning (DL) technique have been widely applied to areas like image processing and speech recognition so far. Likewise, ML and DL play a critical role in detecting and preventing in the field of cybersecurity. In this review, we focus on recent ML and DL algorithms that have been proposed in cybersecurity, network intrusion detection, malware detection. We also discuss key elements of cybersecurity, the main principle of information security, and the most common methods used to threaten cybersecurity. Finally, concluding remarks are discussed, including the possible research topics that can be taken into consideration to enhance various cyber security applications using DL and ML algorithms.

Tao Yi,Xingshu Chen,Yi Zhu,Weijing Ge,Zhenhui Han

DOI: https://doi.org/10.1016/j.jnca.2022.103580

IF: 7.574

2023-03-01

Journal of Network and Computer Applications

Abstract:With the development of new technologies such as big data, cloud computing, and the Internet of Things, network attack technology is constantly evolving and upgrading, and network attack detection technology is forced to undergo corresponding iterative evolution. Three main problems are associated with these technologies: the automatic representation of heterogeneous and complex network traffic data, the uneven network attack samples, and the contradiction between the accuracy of the anomaly detection model and the continuous evolution of attacks. Researchers have proposed several network attack detection techniques based on deep learning to address these problems. This study reviews and analyzes the studies aimed at dealing with such problems, considering multiple factors, such as models, traffic representation and feature extraction, threat detection model training, and model robustness improvement. Finally, the existing problems and challenges associated with the current research are analyzed with respect to data category imbalance, high-dimensional massive data processing, concept distribution drift, real-time interpretability of the detection model, and the security of the model.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Zhao Yifan

DOI: https://doi.org/10.1109/WCCCT52091.2021.00015

2021-01-01

Abstract:Along with the advance of science and technology, informationization society construction is gradually perfect. The development of modern information technology has driven the growth of the entire network spatial data, and network security is a matter of national security. There are several countries included in the national security strategy, with the increase of network space connected point, traditional network security space processing way already cannot adapt to the demand. Machine learning can effectively solve the problem of network security. Around the machine learning technology applied in the field of network security research results, this paper introduces the basic concept of network security situational awareness system, the basic model, and system framework. Based on machine learning, this paper elaborates the network security situation awareness technology, including data mining technology, feature extraction technology and situation prediction technology. Recursive feature elimination, decision tree algorithm, support vector machine, and future research direction in the field of network security situational awareness are also discussed.

Computer Science

Mr. J. Santhosh

DOI: https://doi.org/10.22214/ijraset.2023.53146

2023-05-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: A large number of network devices, applications, and the explosive growth of network data have made the network environment extremely complex with significant potential hazards to network security. This is due to the ongoing development of information technology. Cyber attackers are now attacking network settings with connected histories rather than just common users; examples of these environments include businesses, governments, and nations. Massive amounts of Internet data have been produced by the diversification of network services, and traditional network security systems have had trouble keeping up with the demands of network security in terms of performance and self-adaptability. The growth of concepts in the field of network security has been greatly aided by research on machine learning-based network security that has produced numerous findings, demonstrating strong skills in processing large data, automatic learning, detection, and identification. In this paper, we integrate machine learning-related technologies to enhance the performance of intrusion detection and alarm correlation automation, and we investigate key technologies such as machine learning-based network security situational awareness methods and dynamic data stream classification methods based on judgment feedback, to enhance the detection performance, adaptive and generalization capabilities of machine learning-based network security

Yang Xin,Lingshuang Kong,Zhi Liu,Yuling Chen,Yanmiao Li,Hongliang Zhu,Mingcheng Gao,Haixia Hou,Chunhua Wang

DOI: https://doi.org/10.1109/access.2018.2836950

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the development of the Internet, cyber-attacks are changing rapidly and the cyber security situation is not optimistic. This survey report describes key literature surveys on machine learning (ML) and deep learning (DL) methods for network analysis of intrusion detection and provides a brief tutorial description of each ML/DL method. Papers representing each method were indexed, read, and summarized based on their temporal or thermal correlations. Because data are so important in ML/DL methods, we describe some of the commonly used network datasets used in ML/DL, discuss the challenges of using ML/DL for cybersecurity and provide suggestions for research directions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dipankar Dasgupta,Zahid Akhtar,Sajib Sen

DOI: https://doi.org/10.1177/1548512920951275

2020-09-19

Abstract:Today’s world is highly network interconnected owing to the pervasiveness of small personal devices (e.g., smartphones) as well as large computing devices or services (e.g., cloud computing or online banking), and thereby each passing minute millions of data bytes are being generated, processed, exchanged, shared, and utilized to yield outcomes in specific applications. Thus, securing the data, machines (devices), and user’s privacy in cyberspace has become an utmost concern for individuals, business organizations, and national governments. In recent years, machine learning (ML) has been widely employed in cybersecurity, for example, intrusion or malware detection and biometric-based user authentication. However, ML algorithms are vulnerable to attacks both in the training and testing phases, which usually leads to remarkable performance decreases and security breaches. Comparatively, limited studies have been conducted to understand the essence and degree of the vulnerabilities of ML techniques against security threats and their defensive mechanisms. It is imperative to systematize recent works related to cybersecurity using ML to seek the attention of researchers, scientists, and engineers. Therefore, in this paper, we provide a comprehensive survey of the works that have been carried out most recently (from 2013 to 2018) on ML in cybersecurity, describing the basics of cyber-attacks and corresponding defenses, the basics of the most commonly used ML algorithms, and proposed ML and data mining schemes for cybersecurity in terms of features, dimensionality reduction, and classification/detection techniques. In this context, this article also provides an overview of adversarial ML, including the security characteristics of deep learning methods. Finally, open issues and challenges in cybersecurity are highlighted and potential future research directions are discussed.

Tahesin Samira Delwar,Unal Aras,Sayak Mukhopadhyay,Akshay Kumar,Ujwala Kshirsagar,Yangwon Lee,Mangal Singh,Jee-Youl Ryu

DOI: https://doi.org/10.3390/s24196377

IF: 3.9

2024-10-01

Sensors

Abstract:This study provides a thorough examination of the important intersection of Wireless Sensor Networks (WSNs) with machine learning (ML) for improving security. WSNs play critical roles in a wide range of applications, but their inherent constraints create unique security challenges. To address these problems, numerous ML algorithms have been used to improve WSN security, with a special emphasis on their advantages and disadvantages. Notable difficulties include localisation, coverage, anomaly detection, congestion control, and Quality of Service (QoS), emphasising the need for innovation. This study provides insights into the beneficial potential of ML in bolstering WSN security through a comprehensive review of existing experiments. This study emphasises the need to use ML's potential while expertly resolving subtle nuances to preserve the integrity and dependability of WSNs in the increasingly interconnected environment.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhida Li,Ana Laura Gonzalez Rios,Ljiljana Trajkovic

DOI: https://doi.org/10.1109/jsac.2021.3078497

IF: 16.4

2021-07-01

IEEE Journal on Selected Areas in Communications

Abstract:Cyber attacks are becoming more sophisticated and, hence, more difficult to detect. Using efficient and effective machine learning techniques to detect network anomalies and intrusions is an important aspect of cyber security. A variety of machine learning models have been employed to help detect malicious intentions of network users. In this paper, we evaluate performance of recurrent neural networks (Long Short-Term Memory and Gated Recurrent Unit) and Broad Learning System with its extensions to classify known network intrusions. We propose two BLS-based algorithms with and without incremental learning. The algorithms may be used to develop generalized models by using various subsets of input data and expanding the network structure. The models are trained and tested using Border Gateway Protocol routing records as well as network connection records from the NSL-KDD and Canadian Institute of Cybersecurity datasets. Performance of the models is evaluated based on selected features, accuracy, F-Score, and training time.

telecommunications,engineering, electrical & electronic

Yu Guangxu

DOI: https://doi.org/10.3233/jifs-189520

2021-04-12

Abstract:The 21st century is an era of rapid development of the Internet. Internet technology is widely used in various fields. With the rapid development of network, the importance of network information security is also highlighted. The traditional network information security technology has been difficult to ensure the security of network information. Therefore, we mainly study the application of machine learning feature extraction method in situational awareness system. A feature selection method based on machine learning is proposed to extract situational features.By analyzing whether the background of network information is safe or not, and according to the current research situation at home and abroad and the trend of Internet development, this paper tries out the practical application of machine learning feature extraction method in a certain perception system. Based on the above points, a selection method based on machine learning is proposed to extract situational features. The accuracy and timeliness of situational awareness system detection are seriously affected by the high dimension, noise and redundant features of massive network traffic data.Therefore, it is of great value to further study network intrusion detection technology on the basis of machine learning.

Mario Di Mauro,Giovanni Galatro,Antonio Liotta

DOI: https://doi.org/10.1109/TNSM.2020.3024225

2020-09-19

Abstract:The use of Machine Learning (ML) techniques in Intrusion Detection Systems (IDS) has taken a prominent role in the network security management field, due to the substantial number of sophisticated attacks that often pass undetected through classic IDSs. These are typically aimed at recognising attacks based on a specific signature, or at detecting anomalous events. However, deterministic, rule-based methods often fail to differentiate particular (rarer) network conditions (as in peak traffic during specific network situations) from actual cyber attacks. In this paper we provide an experimental-based review of neural-based methods applied to intrusion detection issues. Specifically, we i) offer a complete view of the most prominent neural-based techniques relevant to intrusion detection, including deep-based approaches or weightless neural networks, which feature surprising outcomes; ii) evaluate novel datasets (updated w.r.t. the obsolete KDD99 set) through a designed-from-scratch Python-based routine; iii) perform experimental analyses including time complexity and performance (accuracy and F-measure), considering both single-class and multi-class problems, and identifying trade-offs between resource consumption and performance. Our evaluation quantifies the value of neural networks, particularly when state-of-the-art datasets are used to train the models. This leads to interesting guidelines for security managers and computer network practitioners who are looking at the incorporation of neural-based ML into IDS.

Networking and Internet Architecture,Machine Learning

Chaitanya Gupta,Ishita Johri,Kathiravan Srinivasan,Yuh-Chung Hu,Saeed Mian Qaisar,Kuo-Yi Huang

DOI: https://doi.org/10.3390/s22052017

IF: 3.9

2022-03-04

Sensors

Abstract:Today’s advancements in wireless communication technologies have resulted in a tremendous volume of data being generated. Most of our information is part of a widespread network that connects various devices across the globe. The capabilities of electronic devices are also increasing day by day, which leads to more generation and sharing of information. Similarly, as mobile network topologies become more diverse and complicated, the incidence of security breaches has increased. It has hampered the uptake of smart mobile apps and services, which has been accentuated by the large variety of platforms that provide data, storage, computation, and application services to end-users. It becomes necessary in such scenarios to protect data and check its use and misuse. According to the research, an artificial intelligence-based security model should assure the secrecy, integrity, and authenticity of the system, its equipment, and the protocols that control the network, independent of its generation, in order to deal with such a complicated network. The open difficulties that mobile networks still face, such as unauthorised network scanning, fraud links, and so on, have been thoroughly examined. Numerous ML and DL techniques that can be utilised to create a secure environment, as well as various cyber security threats, are discussed. We address the necessity to develop new approaches to provide high security of electronic data in mobile networks because the possibilities for increasing mobile network security are inexhaustible.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Siva Karthik Devineni,,Satish Kathiriya,Abhishek Shende

DOI: https://doi.org/10.47363/jaicc/2023(2)184

2023-06-30

Abstract:Anomaly detection is crucial for the integrity and security of data across various industries. The advent and evolution of machine learning (ML) has significantly enhanced the capabilities of anomaly detection systems, offering more effective, precise, and flexible methods for identifying data irregularities. This paper discusses the application of machine learning techniques in enhancing anomaly detection, particularly in private and governmental data systems. We begin by defining anomaly detection and its importance, followed by an examination of fundamental ML models used in anomaly detection, including supervised, unsupervised, and semi-supervised learning. The paper addresses the challenges in implementing these technologies in private and government sectors, emphasizing the need to balance detection accuracy with ethical concerns like data privacy. Through case studies in IT and financial technology, we illustrate the effectiveness of ML-driven anomaly detection in network security and fraud prevention. We discuss the advancements in algorithms, computing power, and big data, and their roles in improving anomaly detection systems. Looking forward, the paper explores the future of ML in anomaly detection, shifting towards proactive and predictive models. This includes integrating AI with current security systems, applying deep learning techniques, and adapting to emerging threats. The transformative potential of ML for anomaly detection is confirmed, advocating a proactive approach in its implementation while addressing ethical and practical challenges. Ultimately, this paper advocates for the creation of a secure, efficient, and resilient digital ecosystem in both private and government sectors through the intelligent application of ML in anomaly detection.

Zaid Mustafa,Rashid Amin,Hamza Aldabbas,Naeem Ahmed

DOI: https://doi.org/10.1007/s10586-024-04430-6

2024-04-27

Cluster Computing

Abstract:There has been a discernible rise in the growth and progress of the Internet, networking, and mobile communication. The complexity of networking systems has increased due to the advancements in devices, resources, and infrastructure. A novel and developing network technology called software-defined networking (SDN), gets beyond the drawbacks of conventional networks and gives networking systems intelligent control. While SDN is the most adaptable and promising network management control solution, its implementation also introduces a number of new security risks. There is a need to deploy networking systems intelligently to manage, optimize, and organize these complex systems. Machine learning (ML) approaches have been extensively utilized to detect many attacks, and an ML technique may assist the network administrator in taking the necessary precautions to avoid intrusions. In SDN, ML techniques are used to manage the network and make Network Intrusion Detection Systems (NIDS) detect network attacks like Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. This paper comprehensively surveys ML and Deep Learning (DL) algorithms and techniques used for intrusion detection in SDN. Different studies are categorized accordingly, such as supervised, unsupervised, and deep learning models. Research studies are compared in the form of a table, and learned lessons are also leveraged for each category. Finally, this survey presents the key challenges faced in implementing different intrusion detection techniques in SDN before comprehensively highlighting future research directions.

computer science, information systems, theory & methods

Kaushik Dushyant,Garg Muskan,Annu,Ankur Gupta,Sabyasachi Pramanik

DOI: https://doi.org/10.1002/9781119795667.ch12

2022-01-14

Abstract:Machine learning (ML) and deep learning (DL) have both produced overwhelming interest and drawn unparalleled community interest recently. With a growing convergence of online activities and digital life, the way people have learned and function is evolving, but this also leads them towards significant security concerns. Protecting sensitive information, documents, networks and machine‐connected devices from unwanted cyber threats is a difficult task. Robust cybersecurity protection is necessary for this reason. For a problem solution, current innovations like machine learning and deep learning is incorporated to cyber threats. This paper also highlights the problems and benefits with using ML / DL and presents recommendations for research directions for machine learning and deep learning in cybersecurity.

Amira Mahamat Abdallah,Aysha Alkaabi,Ghaya Alameri,Saida Hafsa Rafique,Nura Shifa Musa,Thangavel Murugan

DOI: https://doi.org/10.1109/access.2024.3390844

IF: 3.9

2024-04-27

IEEE Access

Abstract:In the rapidly evolving landscape of computing and networking, the concepts of cloud networks have gained significant prominence. Although the cloud network offers on-demand access to shared resources, anomalies pose potential risks to the integrity and security of cloud networks. However, protecting the cloud network against anomalies remains a challenge. Unlike traditional detection techniques, machine learning (ML) and deep learning (DL) offer new and adaptable methods for detecting anomalies in cloud networks. The objective of this study is to comprehensively explore existing ML /DL methods for detecting different anomalies based on distributed denial of service anomaly (DDoS) and intrusion detection systems (IDS) in cloud networks. The study seeks to address the gaps in anomaly detection for cloud networks, proposing potential solutions for anomaly detection in these cloud environments. The ultimate goal is to contribute valuable insights and practical solutions to enhance the security and reliability of cloud networks through effective anomaly detection by ML/ DL techniques. Methodologies for ML/DL are explained, along with their advantages, disadvantages, and respective approaches. In addition, a summary of the comparison between different ML/ DL models is also included.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sumedha Seniaray,Rajni Jindal

DOI: https://doi.org/10.1007/s11277-024-11602-5

IF: 2.017

2024-10-05

Wireless Personal Communications

Abstract:Data and information, being a critical part of the Internet, are vital to network security. Intrusion Detection System (IDS) is required to preserve confidentiality, data integrity, and system availability from attacks. IDS collects network data from various places that may contain features that are redundant and irrelevant, leading to an increase in processing time and low detection rate. This study proposes a three-phase network-based IDS to counter this issue. Initially, network data is captured and preprocessed. In the second phase, we perform feature extraction, selection, and ranking to obtain the optimal feature set. A novel Dynamic Mutual Information-based Genetic Algorithm for feature selection (DMI-GA), aiming to enhance the performance of machine learning (ML) techniques by identifying an optimal set of features, is also proposed in this work. Finally, well-known ML models are employed to detect intrusions within this refined set of network traffic features. Experimental results demonstrate a significant improvement in detection accuracy when the ML models are trained and tested on an optimal set of features. It is also observed that DMI-GA combined with the Random Forest classifier, achieves the highest detection accuracy of 99.94%, surpassing the performance of existing state-of-the-art anomaly-based network intrusion detection systems. A comprehensive statistical analysis of these ML methods is also conducted using 10-fold and Leave-One-Out cross-validation strategies, as it mitigates overfitting and offers a thorough evaluation of the model's performance, resulting in an average accuracy of 99.91%.

telecommunications