张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Kaige Wang,Qingyu Xiong,Chao Wu,Min Gao,Yang Yu

DOI: https://doi.org/10.1109/ijcnn48605.2020.9206663

2020-01-01

Abstract:Because social networks have become a vital part of people's lives, cyberbullying becomes the most common risk encountered by young people on social networking platforms and raised serious concerns in society. Over the past few decades, most existing work on cyberbullying has focused on text analysis. Yet, the cyberbullying develops into multi-objective, multi-channel, and multi-form. Traditional text analysis methods cannot satisfy the diversity of bullying data in social networks. To deal with the new type of cyberbullying, we propose a multi-modal detection framework that takes into multi-modal information(e.g., image, video, comments, time) on social networks. Specifically, we not only extract textual features but also use the hierarchical attention networks to capture the session feature in social networks and encode several media information(e.g., video, image). Based on these features, we model the multi-modal cyberbullying detection framework to solve the new form of cyberbullying. Experimental analysis on two real-world datasets shows that our framework outperforms several existing state-of-the-art models.

Wei Liang,Kuan-Ching Li,Jing Long,Xiaoyan Kui,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tii.2019.2946791

IF: 12.3

2020-03-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8, and the FP of detection is decreased by 8.8.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yu Guangxu

DOI: https://doi.org/10.3233/jifs-189520

2021-04-12

Abstract:The 21st century is an era of rapid development of the Internet. Internet technology is widely used in various fields. With the rapid development of network, the importance of network information security is also highlighted. The traditional network information security technology has been difficult to ensure the security of network information. Therefore, we mainly study the application of machine learning feature extraction method in situational awareness system. A feature selection method based on machine learning is proposed to extract situational features.By analyzing whether the background of network information is safe or not, and according to the current research situation at home and abroad and the trend of Internet development, this paper tries out the practical application of machine learning feature extraction method in a certain perception system. Based on the above points, a selection method based on machine learning is proposed to extract situational features. The accuracy and timeliness of situational awareness system detection are seriously affected by the high dimension, noise and redundant features of massive network traffic data.Therefore, it is of great value to further study network intrusion detection technology on the basis of machine learning.

Cheng Wang,Wei Zhang,Hao Hao,Huiling Shi

DOI: https://doi.org/10.3390/electronics13071236

IF: 2.9

2024-03-28

Electronics

Abstract:The demand for encrypted communication is increasing with the continuous development of secure and trustworthy networks. In edge computing scenarios, the requirement for data processing security is becoming increasingly high. Therefore, the accurate identification of encrypted traffic has become a prerequisite to ensure edge intelligent device security. Currently, encrypted network traffic classification relies on single-feature extraction methods. These methods have simple feature extraction, making distinguishing encrypted network data flows and designing compelling manual features challenging. This leads to low accuracy in multi-classification tasks involving encrypted network traffic. This paper proposes a hybrid deep learning model for multi-classification tasks to address this issue based on the synergy of dilated convolution and gating unit mechanisms. The model comprises a Gated Dilated Convolution (GDC) module and a CA-LSTM module. The GDC module completes the spatial feature extraction of encrypted network traffic through dilated convolution and gating unit mechanisms. In contrast, the CA-LSTM module focuses on extracting temporal network traffic features. By employing a collaborative approach to extract spatio-temporal features, the model ensures feature extraction diversity, guarantees robustness, and effectively enhances the feature extraction rate. We evaluate our multi-classification model using the ISCX VPN-nonVPN public dataset. Experimental results show that the proposed method achieves an accuracy rate of over 95% and a recall rate of over 90%, significantly outperforming existing methods.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ying Zhou,Guodong Zhao,Roobaea Alroobaea,Abdullah M. Baqasah,Rajan Miglani

DOI: https://doi.org/10.1515/jisys-2022-0037

2022-01-01

Journal of Intelligent Systems

Abstract:Abstract Due to the complexity and versatility of network security alarm data, a cloud-based network security data extraction method is proposed to address the inability to effectively understand the network security situation. The information properties of the situation are generated by creating a set of spatial characteristics classification of network security knowledge, which is then used to analyze and optimize the processing of hybrid network security situation information using cloud computing technology and co-filtering technology. Knowledge and information about the security situation of a hybrid network has been analyzed using cloud computing strategy. The simulation results show that a cyber security crash occurs in window 20, after which the protection index drops to window 500. The increase in the security index of 500 windows is consistent with the effectiveness of the concept of this document method, indicating that this document method can sense changes in the network security situation. Starting from the first attacked window, the defense index began to decrease. In order to simulate the added network defense, the network security events in the 295th time window were reduced in the original data, and the defense index increased significantly in the corresponding time period, which is consistent with the method perception results, which further verifies the effectiveness and reliability of this method on the network security event perception. This method provides high-precision knowledge of network security situations and improves the security and stability of cloud-based networks.

Gang Kou,Nian Yan,Yi Peng,Yong Shi,Zhengxin Chen

DOI: https://doi.org/10.1109/ICSSSM.2005.1500112

2005-01-01

Abstract:The early and reliable detection of malicious attacks is a crucial issue for today's network security and survivability. Different types of attacks may need different responses. Therefore, it is a meaningful task to predict the category of malicious attacks and take appropriate reactions. The goal of this research is to apply multiple-criteria linear programming (MCLP) method to the multi-group intrusion classification problem. Specifically, we first collect a multigroup network intrusion dataset using Tenable NeWT Security Scanner. Five attack types and total of 9061 data records were captured. After that, MCLP five-group model was applied to the NeWT dataset. The classification accuracy of MCLP was compared with sees, a decision-tree-based classification tool. The experimental results of this research indicate that MCLP achieves comparable classification accuracy to sees.

Xuecheng Yu,Yan Huang,Yu Zhang,Mingyang Song,Zhenhong Jia

DOI: https://doi.org/10.32604/cmc.2023.044999

2024-01-01

Abstract:With the increasing dimensionality of network traffic, extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems (IDS). However, both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features, resulting in an analysis that is not an optimal set. Therefore, in order to extract more representative traffic features as well as to improve the accuracy of traffic identification, this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T2 and a multilayer convolutional bidirectional long short-term memory (MSC_BiLSTM) classifier model for network traffic intrusion detection. This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory (BiLSTM) network, which fully considers the influence between the before and after features. The network traffic is first characteristically downscaled by principal component analysis (PCA), and then the downscaled principal components are used as input to Hotelling’s T2 to compare the differences between groups. For datasets with outliers, Hotelling’s T2 can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers. Finally, a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data. The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision, recall and F1-score juxtaposed with the prevailing techniques. The results show that the intrusion detection accuracy, precision, and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%, 95.97%, and 90.22%.

computer science, information systems,materials science, multidisciplinary

Shuaicong Yu,Changqing An,Tao Yu,Ziyi Zhao,Tianshu Li,Jilong Wang

DOI: https://doi.org/10.1109/ipccc55026.2022.9894337

2022-01-01

Abstract:Phishing detection methods are used to protect Internet users from leaking private information to phishing websites. However, the passive phishing detection method, which is widely used and based on blacklists, has limitations on timeliness and defense against zero-day phishing attacks and active phishing detection models with single-feature can be easily targeted by attackers. It is necessary to design and establish an active phishing detection model with high timeliness and strong adaptability. We propose a phishing detection method based on multi-feature extraction and deep learning technology. The model is constructed of a multilayer perceptron (MLP) for selfdefined feature, a convolutional neural network (CNN) for image feature, a recurrent neural network (RNN) for text feature to extract feature vectors, and a classification network to fuse features and make the judgement. Our model's accuracy achieves 0.9775 and recall reaches up to 0.9901. Experiment results of our model prove superior performance to those of other classification algorithms, demonstrating our model's ability to deal with complex and changeable phishing detection tasks at this stage.

Liwen Xu,Xiang Lin,Jianhua Li,Min Bai,Liejun Wang

DOI: https://doi.org/10.1109/trustcom60117.2023.00067

2024-01-01

Abstract:A multi-step targeted cyberattack refers to a sophisticated, systematic, and persistent form of attack aiming to compromise the security and integrity of a complex network system. These attacks exhibit spatial and temporal correlations in their execution sequences. However, conventional anomaly detection methods, which often focus on single facets such as network traffic or host behavior, lack the capacity to correlate and validate these steps. To address this deficiency, we introduce HiSec, a cyber threat correlation and discovery framework that leverages dynamic graph modeling and hierarchical graph neural networks. HiSec enhances the modeling of complex network systems and the analysis of spatio-temporal characteristics of multi-step targeted cyberattacks. Specifically, we introduce a novel dynamic graph modeling algorithm that employs overlapping samplers and sliding windows to establish long-term correlations among system activities. Aided by graph attention networks and the Transformer, HiSec uniquely exploits the spatio-temporal correlated edge feature representation, a capability inaccessible to traditional algorithms. Evaluation results reveal that HiSec surpasses existing benchmarks in unsupervised detection, achieving a high degree of accuracy (93.10%) and recall (94.77%). When deployed in our intranet for two rounds of evaluation, HiSec demonstrated remarkable efficiency, taking only 0.15 seconds to model 10,000 system activities occurring within approximately an hour.

Dongmei Zhao,Huiqian Song,Hong Li

DOI: https://doi.org/10.3233/jifs-189664

2021-04-12

Abstract:The element extraction from network security condition is the foundation security awareness. Its excellence directly disturbsentire security system performance. In this paper we introduce fuzzy logic based rough set theory for extracting security conditional factors. The traditional extraction method of network security situation elements relies on a lot of prior knowledge. With the purpose of solving this issue, in this paper we proposed fuzzy rough set theory based featurerank matrix of neighborhood rough set. Additionally, we propose reduction based parallel algorithm that uses the concept of conditional entropy in order to constructs the feature rank matrix as well as, constructs the core attribute by using reduction rules, takes the threshold of standard deviation as the threshold, and redefines the multi threshold neighborhood of mixed data. The attack type recognition training is carried out on lib SVM, filtered classifier, j48 and random tree classifiers respectively. The results demonstrate that the proposed reduction based parallel algorithm can increase the accuracy of classification, shorten the modeling time, and show increased recall rate and decreased false alarm rate.

Shuai Jiang,Xiaolong Xu

DOI: https://doi.org/10.1109/cyberc.2019.00039

2019-01-01

Abstract:The rapid increase of data has led to many security issues. Various new technologies and other sub-disciplines have been introduced into the research of intrusion detection system (IDS), which has become a hot topic in the current field of security. However, IDS utilizing traditional machine learning technology suffers from relatively low detection rate, large computational overhead, and high false positive rate, due to the large amount of redundancy and high correlation of network traffic data. Therefore, we select random forest (RF) to handle the classification of the network traffic data, and try the classic feature selection algorithms Extra-Trees (ET) and Chi-square (CHI) to reduce the detection time and improve the efficiency of IDS. The experimental results based on the NSL-KDD dataset indicate that ET-RF and CHI-RF outstand in accuracy and computational overhead. Meanwhile, RF with ET outperforms that with CHI.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

Qiang Qiang Chen,Jian Ping Li,Amin Ul Haq,Bless Lord Y Agbley,Arif Hussain,Inayat Khan,Riaz Ullah Khan,Jalaluddin Khan,Ijaz Ali

DOI: https://doi.org/10.1155/2023/9041355

2023-02-20

Abstract:As the network is closely related to people's daily life, network security has become an important factor affecting the physical and mental health of human beings. Network flow classification is the foundation of network security. It is the basis for providing various network services such as network security maintenance, network monitoring, and network quality of service (QoS). Therefore, this field has always been a hot spot of academic and industrial research. Existing studies have shown that through appropriate data preprocessing techniques, machine learning methods can be used to classify network flows, most of which, however, are based on manually and expert-originated feature sets; it is a time-consuming and laborious work. Moreover, only features extracted by a single model can be used in classification tasks, which can easily make the model inefficient and prone to overfitting. In order to solve the abovementioned problems, this study proposes a multimodal automatic analysis framework based on spatial and sequential features. The framework is completely based on the deep learning method and realizes automatic extraction of two types of features, which is very suitable for processing large-flow information; this improves the efficiency of network flow classification. There are two types of frameworks based on pretraining and joint-training, respectively, with analyzing the advantages and disadvantages of them in practice. In terms of evaluation, compared with the previous methods, the experimental results show that the framework has good performance in both accuracy and stability.

Guangjie Zhang,Xiaobo Tan

DOI: https://doi.org/10.1117/12.2675117

2023-05-25

Abstract:In the research of network security situational awareness, an important problem that needs to be solved urgently is that in the face of a large number of noisy multi-source data, the accuracy of obtaining network security situational awareness indicators will be affected. This paper proposes a data fusion processing method based on deep neural network to solve the above problems, which first uses natural language processing technology to process high-noise data in the data, and does a good job of word reduction of the data through the WordNetLemmatizer module. The TF-IDF feature extraction algorithm is applied to extract features through the frequency of data occurrence and the weight of the data. The experimental results show that the accuracy of obtaining network security situational awareness indicators by using the data fusion method based on deep neural network reaches more than 85% compared with the data fusion methods of other machine learning algorithms, and can be applied to the network security situational awareness model.

Computer Science,Engineering

Iftikhar Ahmad,Qazi Emad Ul Haq,Muhammad Imran,Madini O. Alassafi,Rayed A. AlGhamdi

DOI: https://doi.org/10.3390/math10030530

IF: 2.4

2022-02-08

Mathematics

Abstract:Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains.

mathematics

Lan Xia,Xuefei Xia

DOI: https://doi.org/10.1016/j.procs.2023.11.067

2023-01-01

Procedia Computer Science

Abstract:Due to the diverse and volatile nature of today's network attacks, it is difficult to achieve satisfactory results using a single detection method. This project plans to study the network intrusion detection algorithm based on Semi-Supervised Learning and active learning to improve its accuracy and effectively intercept various network attacks. First, network attack data is collected, attack characteristics are extracted, and Semi-Supervised Learning method is used to cluster attack data. Secondly, by studying the clustering data, a network intrusion detection classifier based on BP neural network was constructed, and the construction process of the classifier was improved. On this basis, the effectiveness of the algorithm was verified through simulation experiments using standard datasets. The experimental results show that the combination rate of the optimized algorithm for network intrusion detection and neural network methods is over 95%, which can meet the actual accuracy requirements of network security protection. This is because the method proposed by the author combines semi supervised technology with BP neural network, which can effectively identify different types of network intrusion behavior, thereby reducing the missed detection rate and false alarm rate of network intrusion detection, and has significant advantages.

Guangdou Zhang,Jian Li,Olusola Bamisile,Yankai Xing,Di Cao,Qi Huang

DOI: https://doi.org/10.1016/j.engappai.2023.106771

IF: 8

2023-11-01

Engineering Applications of Artificial Intelligence

Abstract:Cyber-attacks have become one of the main threats to the security, reliability, and economic operation of power systems. Detection and classification of multiple cyber-attacks pose challenges for ensuring the stability and security of power systems. To address this issue, this study proposes an automatic identification and classification method for multiple cyber-attacks based on the deep capsule convolution neural network. Spatial correlations among different nodes and temporal features from history operation status in the transmitted data packets are extracted by the convolution neural network. Capsules in the proposed structure have important implications for maintaining the topological consistency contained in the measurement matrix. Furthermore, the proposed method is model-free and avoids the impact of system parameters uncertainties on detection performance. Multiple kinds of typical cyber-attacks, including false data injection attacks, replay attacks, denial of service attacks, time-delay attacks, and deception attacks, are considered and modeled in this paper. Numerical results on the IEEE 39-bus test system show that the proposed method can achieve 99.97% detection accuracy on single cyber-attacks and 96.25% detection accuracy on multiple cyber-attacks. Comparative results illustrate the proposed method outperforms than traditional neural networks. This approach provides a solution for the problem of multiple cyber-attack detection and classification.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Daojuan Zhang,Kexiang Qian,Wenhui Wang,Fuyang fang,Chonghua Wang,Xi Luo

DOI: https://doi.org/10.1145/3444370.3444607

2020-12-04

Abstract:With the development of information technology, the scale of the network continues to expand, and the security issues continue to increase. The complexity of the network security situation is increasing and the importance of the network security situational awareness continues to increase. The data sources are wide, the type and the number are large in a large-scale network environment currently. This paper comprehensively studies the network security situational awareness technology based on multi-source heterogeneous data. In addition, this paper introduces the origin, concept and the model of the network situational awareness, as well as the characteristics of network security situational awareness based on multi-source heterogeneous data fusion. Finally, the key technologies in the security situational awareness such as the extraction of situational elements, multi-source data fusion, situation assessment, situation prediction and visual display are introduced.

Zhe Chen

DOI: https://doi.org/10.13052/jcsm2245-1439.1349

2024-06-14

Journal of Cyber Security and Mobility

Abstract:At present, the secure campus network strategy adopts technical means such as distinguishing applications and limiting them separately, but they have triggered other new problems, greatly affecting the unity of network resources and data. The relatively dispersed network architecture will inevitably limit the further development and expansion of the campus network. Therefore, when universities plan their networks, they must consider whether the network is safe, complete, smooth, and sustainable for smooth upgrading and development. In order to improve the effect of campus network security intrusion detection, this paper combines feature segmentation and deep learning technology to construct a campus network security intrusion detection model. To reduce the transmission time of query requirements in the grid, this paper improves the replica management mechanism and requires the information server to cache the Bloom Filter structure of nodes in its successor node list. Moreover, this paper uses the Compressed Bloom Filter algorithm to compress the Bloom Filter structure that needs to be transmitted, therefore reducing the network traffic generated during the update process of the Bloom Filter structure copy and avoiding network congestion. It also constructs a campus network security intrusion detection model based on feature segmentation and deep learning. Through experimental verification, the effectiveness of the system in intrusion detection, user evaluation, information processing, and other aspects is verified, and it has certain advantages compared to traditional algorithms. Through experimental research, it can be seen that the campus network security intrusion detection model based on feature segmentation and deep learning proposed in the paper can effectively improve the effect of campus network security monitoring. The method proposed in this article can not only be applied to campus network security, but also to the network security management of enterprises and other units, with certain scalability