Fawaz Waselallah Alsaade,Mosleh Hmoud Al-Adhaileh

DOI: https://doi.org/10.3390/s23084086

2023-04-18

Abstract:Connected and autonomous vehicles (CAVs) present exciting opportunities for the improvement of both the mobility of people and the efficiency of transportation systems. The small computers in autonomous vehicles (CAVs) are referred to as electronic control units (ECUs) and are often perceived as being a component of a broader cyber-physical system. Subsystems of ECUs are often networked together via a variety of in-vehicle networks (IVNs) so that data may be exchanged, and the vehicle can operate more efficiently. The purpose of this work is to explore the use of machine learning and deep learning methods in defence against cyber threats to autonomous cars. Our primary emphasis is on identifying erroneous information implanted in the data buses of various automobiles. In order to categorise this type of erroneous data, the gradient boosting method is used, providing a productive illustration of machine learning. To examine the performance of the proposed model, two real datasets, namely the Car-Hacking and UNSE-NB15 datasets, were used. Real automated vehicle network datasets were used in the verification process of the proposed security solution. These datasets included spoofing, flooding and replay attacks, as well as benign packets. The categorical data were transformed into numerical form via pre-processing. Machine learning and deep learning algorithms, namely k-nearest neighbour (KNN) and decision trees, long short-term memory (LSTM), and deep autoencoders, were employed to detect CAN attacks. According to the findings of the experiments, using the decision tree and KNN algorithms as machine learning approaches resulted in accuracy levels of 98.80% and 99%, respectively. On the other hand, the use of LSTM and deep autoencoder algorithms as deep learning approaches resulted in accuracy levels of 96% and 99.98%, respectively. The maximum accuracy was achieved when using the decision tree and deep autoencoder algorithms. Statistical analysis methods were used to analyse the results of the classification algorithms, and the determination coefficient measurement for the deep autoencoder was found to reach a value of R2 = 95%. The performance of all of the models that were built in this way surpassed that of those already in use, with almost perfect levels of accuracy being achieved. The system developed is able to overcome security issues in IVNs.

Qasem Abu Al-Haija,Charles McCurry,Saleh Zein-Sabatto

DOI: https://doi.org/10.20944/preprints202011.0508.v1

2020-11-19

Abstract:With the rapid expansion of intelligent resource-constrained devices and high-speed communication technologies, Internet of Things (IoT) has earned a wide recognition as the primary standard for low-power lossy networks (LLNs). Nevertheless, IoT infrastructures are vulnerable to cyber-attacks due to the constraints in computation, storage, and communication capacity of the endpoint devices. From one side, the majority of newly developed cyber-attacks are formed by slightly mutating formerly established cyber-attacks to produce a new attack tending to be treated as a normal traffic through the IoT network. From the other side, the influence of coupling the deep learning techniques with cybersecurity field has become a recent inclination of many security applications due to their impressive performance. In this paper, we provide a comprehensive development of a new intelligent and autonomous deep learning-based detection and classification system for cyber-attacks in IoT communication networks leveraging the power of convolutional neural networks, abbreviated as (IoT-IDCS-CNN). The proposed IoT-IDCS-CNN makes use of the high-performance computing employing the robust CUDA based Nvidia GPUs and the parallel processing employing the high-speed I9-Cores based Intel CPUs. In particular, the proposed system is composed of three subsystems: Feature Engineering subsystem, Feature Learning subsystem and Traffic classification subsystem. All subsystems are developed, verified, integrated, and validated in this research. To evaluate the developed system, we employed the NSL-KDD dataset which includes all the key attacks in the IoT computing. The simulation results demonstrated more than 99.3% and 98.2% of cyber-attacks’ classification accuracy for the binary-class classifier (normal vs anomaly) and the multi-class classifier (five categories) respectively. The proposed system was validated using k-fold cross validation method and was evaluated using the confusion matrix parameters (i.e., TN, TP, FN, FP) along with other classification performance metrics including precision, recall, F1-score, and false alarm rate. The test and evaluation results of the IoT-IDCS-CNN system outperformed many recent machine-learning based IDCS systems in the same area of study.

Dr. V. Gokula Krishnan,S. Hemamalini,Praneeth Cheraku,K. Hema Priya,Sangeetha Ganesan,Dr. R. Balamanigandan

DOI: https://doi.org/10.37391/ijeer.110209

2023-05-30

International Journal of Electrical and Electronics Research

Abstract:Decentralized wireless networks that may connect without a central hub are named Mobile Ad-hoc Networks (MANET). Attacks and threats of the most common kind can easily penetrate MANETs. Malware, APTs, and Distributed Denial of Service (DDoS) assaults all work together to make Internet services less reliable and less secure. Existing methods have been created to counter these assaults, but they either need more hardware, result in significant delivery delays, or fall short in other key areas like as energy consumption. This research therefore provides an intelligent agent system that can automatically choose and classify features to identify DDoS assaults. In this study, we provide an automated attack detector for MANETs based on a multilayer, (1D) convolutional neural network (CNN). Grey relational analysis classifiers are employed to screen attack levels in the classification layer because of their simple mathematical operation. The sunflower optimization technique is also used to fine-tune the classifier's weight. The research suggested a supervised feature classifier and fed the compressed data from an unsupervised auto encoder to it. In our experiment, conducted on the custom-generated dataset CICDDoS2018, the system outperformed state-of-the-art deep learning-based DDoS attack finding methods by a factor of 98%. Our suggested technique utilizes the freshest CICDDoS2018 dataset in combination with automated feature selection and classification to achieve state-of-the-art detection accuracy at a fraction of the processing time.

Theyazn H H Aldhyani,Hasan Alkahtani

DOI: https://doi.org/10.3390/s22010360

2022-01-04

Abstract:Rapid technological development has changed drastically the automotive industry. Network communication has improved, helping the vehicles transition from completely machine- to software-controlled technologies. The autonomous vehicle network is controlled by the controller area network (CAN) bus protocol. Nevertheless, the autonomous vehicle network still has issues and weaknesses concerning cybersecurity due to the complexity of data and traffic behaviors that benefit the unauthorized intrusion to a CAN bus and several types of attacks. Therefore, developing systems to rapidly detect message attacks in CAN is one of the biggest challenges. This study presents a high-performance system with an artificial intelligence approach that protects the vehicle network from cyber threats. The system secures the autonomous vehicle from intrusions by using deep learning approaches. The proposed security system was verified by using a real automatic vehicle network dataset, including spoofing, flood, replaying attacks, and benign packets. Preprocessing was applied to convert the categorical data into numerical. This dataset was processed by using the convolution neural network (CNN) and a hybrid network combining CNN and long short-term memory (CNN-LSTM) models to identify attack messages. The results revealed that the model achieved high performance, as evaluated by the metrics of precision, recall, F1 score, and accuracy. The proposed system achieved high accuracy (97.30%). Along with the empirical demonstration, the proposed system enhanced the detection and classification accuracy compared with the existing systems and was proven to have superior performance for real-time CAN bus security.

Mohammed Saeed Alzahrani,Fawaz Waselallah Alsaade

DOI: https://doi.org/10.1155/2022/4705325

2022-03-18

Abstract:The Internet plays a fundamental part in relentless correspondence, so its applicability can decrease the impact of intrusions. Intrusions are defined as movements that unfavorably influence the focus of a computer. Intrusions may sacrifice the reputability, integrity, privacy, and accessibility of the assets attacked. A computer security system will be traded off when an intrusion happens. The novelty of the proposed intelligent cybersecurity system is its ability to protect Internet of Things (IoT) devices and any networks from incoming attacks. In this research, various machine learning and deep learning algorithms, namely, the quantum support vector machine (QSVM), k-nearest neighbor (KNN), linear discriminant and quadratic discriminant long short-term memory (LSTM), and autoencoder algorithms, were applied to detect attacks from signature databases. The correlation method was used to select important network features by finding the features with a high-percentage relationship between the dataset features and classes. As a result, nine features were selected. A one-hot encoding method was applied to convert the categorical features into numerical features. The validation of the system was verified by employing the benchmark KDD Cup database. Statistical analysis methods were applied to evaluate the results of the proposed study. Binary and multiple classifications were conducted to classify the normal and attack packets. Experimental results demonstrated that KNN and LSTM algorithms achieved better classification performance for developing intrusion detection systems; the accuracy of KNN and LSTM algorithms for binary classification was 98.55% and 97.28%, whereas the KNN and LSTM attained a high accuracy for multiple classification (98.28% and 970.7%). Finally, the KNN and LSTM algorithms are fitting-based intrusion detection systems.

Sidra Abbas,Imen Bouazzi,Stephen Ojo,Abdullah Al Hejaili,Gabriel Avelino Sampedro,Ahmad Almadhor,Michal Gregus

DOI: https://doi.org/10.7717/peerj-cs.1793

2024-01-17

PeerJ Computer Science

Abstract:The Internet of Things (IoT), considered an intriguing technology with substantial potential for tackling many societal concerns, has been developing into a significant component of the future. The foundation of IoT is the capacity to manipulate and track material objects over the Internet. The IoT network infrastructure is more vulnerable to attackers/hackers as additional features are accessible online. The complexity of cyberattacks has grown to pose a bigger threat to public and private sector organizations. They undermine Internet businesses, tarnish company branding, and restrict access to data and amenities. Enterprises and academics are contemplating using machine learning (ML) and deep learning (DL) for cyberattack avoidance because ML and DL show immense potential in several domains. Several DL teachings are implemented to extract various patterns from many annotated datasets. DL can be a helpful tool for detecting cyberattacks. Early network data segregation and detection thus become more essential than ever for mitigating cyberattacks. Numerous deep-learning model variants, including deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs), are implemented in the study to detect cyberattacks on an assortment of network traffic streams. The Canadian Institute for Cybersecurity's CICDIoT2023 dataset is utilized to test the efficacy of the proposed approach. The proposed method includes data preprocessing, robust scalar and label encoding techniques for categorical variables, and model prediction using deep learning models. The experimental results demonstrate that the RNN model achieved the highest accuracy of 96.56%. The test results indicate that the proposed approach is efficient compared to other methods for identifying cyberattacks in a realistic IoT environment.

computer science, information systems, artificial intelligence, theory & methods

Vedanth Ramanathan,Krish Mahadevan,Sejal Dua

DOI: https://doi.org/10.48550/arXiv.2309.05646

2023-09-12

Abstract:Cybersecurity attacks are becoming increasingly sophisticated and pose a growing threat to individuals, and private and public sectors. Distributed Denial of Service attacks are one of the most harmful of these threats in today's internet, disrupting the availability of essential services. This project presents a novel deep learning-based approach for detecting DDoS attacks in network traffic using the industry-recognized DDoS evaluation dataset from the University of New Brunswick, which contains packet captures from real-time DDoS attacks, creating a broader and more applicable model for the real world. The algorithm employed in this study exploits the properties of Convolutional Neural Networks (CNN) and common deep learning algorithms to build a novel mitigation technique that classifies benign and malicious traffic. The proposed model preprocesses the data by extracting packet flows and normalizing them to a fixed length which is fed into a custom architecture containing layers regulating node dropout, normalization, and a sigmoid activation function to out a binary classification. This allows for the model to process the flows effectively and look for the nodes that contribute to DDoS attacks while dropping the "noise" or the distractors. The results of this study demonstrate the effectiveness of the proposed algorithm in detecting DDOS attacks, achieving an accuracy of .9883 on 2000 unseen flows in network traffic, while being scalable for any network environment.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Azar Abid Salih,Maiwan Bahjat Abdulrazaq

DOI: https://doi.org/10.32604/cmc.2023.046101

2024-01-01

Abstract:Cyberspace is extremely dynamic, with new attacks arising daily. Protecting cybersecurity controls is vital for network security. Deep Learning (DL) models find widespread use across various fields, with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts. The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns. This study presents novel lightweight DL models, known as Cybernet models, for the detection and recognition of various cyber Distributed Denial of Service (DDoS) attacks. These models were constructed to have a reasonable number of learnable parameters, i.e., less than 225,000, hence the name “lightweight.” This not only helps reduce the number of computations required but also results in faster training and inference times. Additionally, these models were designed to extract features in parallel from 1D Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM), which makes them unique compared to earlier existing architectures and results in better performance measures. To validate their robustness and effectiveness, they were tested on the CIC-DDoS2019 dataset, which is an imbalanced and large dataset that contains different types of DDoS attacks. Experimental results revealed that both models yielded promising results, with 99.99% for the detection model and 99.76% for the recognition model in terms of accuracy, precision, recall, and F1 score. Furthermore, they outperformed the existing state-of-the-art models proposed for the same task. Thus, the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.

computer science, information systems,materials science, multidisciplinary

B. Karthiga,Danalakshmi Durairaj,Nishad Nawaz,Thiruppathy Kesavan Venkatasamy,Gopi Ramasamy,A. Hariharasudan

DOI: https://doi.org/10.1155/2022/5069104

2022-10-15

Wireless Communications and Mobile Computing

Abstract:Detecting the attacks in Vehicular Ad hoc Network (VANET) system is very important to provide more secure and reliable communication between all vehicles in the system. In this article, an effective Intelligent Intrusion Detection System (IDS) is proposed using machine learning and deep learning approaches such as Adaptive Neuro Fuzzy Inference System (ANFIS) and Convolutional Neural Networks (CNN), respectively. The existing methods focus on detecting only the known attacks in VANET environment. This limitation is overcome by proposing the Intelligent IDS system using soft computing techniques. The proposed method consists of Known IDS (KIDS) and Unknown IDS (UIDS) modules, which detect both known attacks and unknown attacks. The KIDS module uses ANFIS classification module to detect the known malicious attacks, whereas the UIDS module uses a deep learning algorithm to detect the unknown attacks in VANET. Modified LeeNET (MLNET) architecture is proposed in this article to identify the type of unknown attacks. In this work, DoS attacks, Botnet attacks, PortScan attacks, and Brute Force attacks are detected using this hybrid learning algorithm. The proposed system obtains 96.9% of Pr, 98.3% of Se, 98.7% of Sp, and 98.6% of Acc and consumed 1.75 s for detecting the DoS attack on i-VANET dataset. The proposed system obtains 98.1% of Pr, 98.9% of Se, 98.1% of Sp, and 98.1% of Acc and consumed 0.95 s for detecting the Botnet attack. The proposed system obtains 98.7% of Pr, 99.1% of Se, 98.9% of Sp, and 99.2% of Acc and consumed 1.38 s for detecting the PortScan attack. The proposed system obtains 99.1of Pr, 97.8% of Se, 98.7% of Sp, and 98.5% of Acc and consumed 1.29 s for detecting the Brute Force attack. The developed methodology is tested on the real-time CIC-IDS 2017 dataset, and the experimental results are compared with other state-of-the-art methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

NVA Pavan Kumar Inguva,Oludotun Oni,Jacob Bryant

DOI: https://doi.org/10.48175/ijarsct-19438

2024-08-26

Abstract:Cyber security is like a race between defensive and offensive capabilities. Day by day the attacks are increasing consequently the preventive mechanisms are also raising. The technological evolution must address the cyber security problem effectively. Cyber security is always the cutting-edge technology to which Machine learning added potentiality. Machine learning plays a crucial role cyber-attacks in various dimensions. The recent advancements in usage of Machine learning towards cyber security preventive and detective measures clearly indicates that the Cyber security certainly accelerates. But at the same time the threat framework also takes the advent of innovative machine learning models. In this paper we are intended to explore various machine learning algorithms to classify cyber-attacks, which are very useful in designing efficient threat defensive models

Ömer KASIM

DOI: https://doi.org/10.1016/j.comnet.2020.107390

IF: 5.493

2020-10-01

Computer Networks

Abstract:<p>The number of devices connected to the Internet is increasing day by day. This increase causes cyber-attacks to be larger and more complex. It is important to sdetect the anomalies rapidly when there is a cyber-attack. In detecting anomalies, high false positive rate is obtained by using feature extraction based on statistical calculations and machine learning algorithms. In proposed approach, the measured values obtained from the network are normalized between 0 and 1. These values applied to autoencoder model trained with optimum hyper parameters. This model contributes to feature learning and dimensional reduction. Support vector machines effectively differentiate between normal and DDOS attack traffic by using these features. The CICIDS dataset and virtually generated DDOS traffic are used to validate the proposed approach and measure its performance. The results show that the proposed approach speeds up training and testing times and performs better classification performance metrics than most previous approaches. The novelty of the study is that AE-SVM trained with CICIDS successfully captures virtually generated DDOS traffic data. Despite the unbalanced data set, 99.1% test success was achieved in detection of DDOS ​​traffic which is produced with Kali Linux. This success contributed to the solution of the high false-positive problem compared to other models.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

V. Kanimozhi,T. Prem Jacob

DOI: https://doi.org/10.1016/j.icte.2020.12.004

IF: 4.754

2021-09-01

ICT Express

Abstract:Our paramount task is to examine and detect network attacks, is one of the daunting tasks because the variety of attacks are day by day existing in colossal number. The program proposed detects botnet attacks using the newest CSE-CIC-IDS2018 cyber dataset published by the Canadian Cybersecurity Establishment (CIC). The cyber dataset can be accessed on AWS (Amazon Web Services). The realistic network dataset consists of all the modern and existing attacks such as Brute-force attacks and password cracking, Heartbleed, Botnet, DoS (Denial of Service), DDoS also known as Distributed Denial of Service, Web attacks i.e. vulnerable web app attacks, and infiltration of the network from inside. The objective of the proposed research is to identify a classification of Botnet attacks. Botnet attack is a Trojan Horse malware attack that poses a serious security threat to the banking and financial sectors. Since a specific classifier could possibly work for such datasets so it is crucial to finish a comparative examination of classifiers in order to achieve the most noteworthy execution in such basic detection of network attacks. The proposed framework is to incorporate different classifier methods such as KNearset Neighbor classifier, Naïve Bayes, Adaboost with Decision Tree, Support Vector Machine classifier, Random Forest classifier, and Artificial Intelligence to distinguish a portrayal of botnet attacks on the recent and realistic cyber dataset CSE-CIC-IDS2018. The results of the classification are given as precise precision for the specific classifiers.And furthermore, the proposed framework uses the Calibration curve is a standard approach in analytical methods which generates reliability diagrams to check the predicted probabilities of various classifiers are well-calibrated or not. Finally, the displayed graph proves how well the artificial intelligence technique outperforms all other classifiers. which generates reliability diagrams to check the predicted probabilities of various classifiers are well-calibrated or not.

computer science, information systems,telecommunications

Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

Ankit Manderna,Sushil Kumar,Upasana Dohare,Mohammad Aljaidi,Omprakash Kaiwartya,Jaime Lloret

DOI: https://doi.org/10.3390/s23218772

2023-10-27

Abstract:Vehicle malfunctions have a direct impact on both human and road safety, making vehicle network security an important and critical challenge. Vehicular ad hoc networks (VANETs) have grown to be indispensable in recent years for enabling intelligent transport systems, guaranteeing traffic safety, and averting collisions. However, because of numerous types of assaults, such as Distributed Denial of Service (DDoS) and Denial of Service (DoS), VANETs have significant difficulties. A powerful Network Intrusion Detection System (NIDS) powered by Artificial Intelligence (AI) is required to overcome these security issues. This research presents an innovative method for creating an AI-based NIDS that uses Deep Learning methods. The suggested model specifically incorporates the Self Attention-Based Bidirectional Long Short-Term Memory (SA-BiLSTM) for classification and the Cascaded Convolution Neural Network (CCNN) for learning high-level features. The Multi-variant Gradient-Based Optimization algorithm (MV-GBO) is applied to improve CCNN and SA-BiLSTM further to enhance the model's performance. Additionally, information gained using MV-GBO-based feature extraction is employed to enhance feature learning. The effectiveness of the proposed model is evaluated on reliable datasets such as KDD-CUP99, ToN-IoT, and VeReMi, which are utilized on the MATLAB platform. The proposed model achieved 99% accuracy on all the datasets.

Qasem Abu Al-Haija,Charles D. McCurry,Saleh Zein-Sabatto

DOI: https://doi.org/10.1007/978-3-030-64758-2_8

2021-01-01

Abstract:Internet of Things (IoT) is a promising profound technology with tremendous expansion and effect. However, IoT infrastructures are vulnerable to cyber-attacks due to the constraints in computation, storage, and communication capacity for the endpoint devices such as thermostat, home appliance, etc. It was reported that 99% of the cyber-attacks are developed by slightly mutating previously known attacks to generate a new attack tending to be handled as a benign traffic through the IoT network. In this research, we developed a new intelligent self-reliant system that can detect mutations of IoT cyber-attacks using deep convolutional neural network (CNN) leveraging the power of CUDA based Nvidia-Quad GPUs for parallel computation and processing. Specifically, the proposed system is composed of three subsystems: Feature Engineering subsystem, Feature Learning subsystem and Traffic classification subsystem. All subsystems are developed, verified, integrated, and validated in this research. To evaluate the developed system, we employed the NSL-KDD dataset which includes all the key attacks in the IoT computing. The simulation results showed a superior attacks’ classification accuracy over the state-of-art machine learning based intrusion detection systems employing similar dataset. The obtained results showed more than 99.3% and 98.2% of attacks’ classification accuracy for both binary-class classifier (normal vs anomaly) and multi-class classifier (five categories) respectively. All development steps and testing and verification results of the developed system are reported in the paper.

Hajar Hameed Addeen,Yang Xiao,Tieshan Li

DOI: https://doi.org/10.1109/access.2024.3384295

IF: 3.9

2024-04-09

IEEE Access

Abstract:Modern technologies adopt Internet of Things (IoT) devices to increase water management efficiency and enhance water quality services. However, the limitations of IoT devices, such as small sizes and poor security, weaken the Water Distribution System (WDS) security, and many attackers compromise the critical components of WDS. Cyber-physical attacks (CPAs) are considered one of the biggest challenges that decrease the security factors in WDS by disrupting normal operations and tampering with the critical data of the water system. For instance, an attacker can change the water pump's speed, disrupting the service. An attacker can also alter the data of water quality parameters to contaminate the water. It is important to propose solutions to increase security in the WDS and defend against CPAs and security threats. Although several intrusion detection methods were proposed in the literature to detect WDS CPAs, many issues still need solutions, such as detecting attacks with smaller false alarms, minimizing the time to disclose the attacks, determining the location of the compromising components, and recovering solutions for the attacked components. Therefore, this paper proposes a model based on a deep learning algorithm called a Conditional variational Autoencoder (CVAE) to disclose CPAs and mitigate their bad effects on WDS. The proposed method consists of a neural network, an encoder to compress data, and a decoder to decompress data. The objective goal is to minimize the reconstruction error between the encoded-decoded data and the initial data. We apply the CVAE on some well-known datasets. The experiment results show that our proposed CVAE method performs better than others. After analyzing the CVAE model with other existing models, we get the highest performance by reaching %98 accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Adel Binbusayyis,Thavavel Vaiyapuri

DOI: https://doi.org/10.1007/s10489-021-02205-9

IF: 5.3

2021-02-24

Applied Intelligence

Abstract:With the rapid advancement in network technologies, the need for cybersecurity has gained increasing momentum in recent years. As a primary defense mechanism, an intrusion detection system (IDS) is expected to adapt and secure the computing infrastructures from the ever-changing sophisticated threat landscape. Many deep learning approaches have recently been proposed; however, these techniques face significant challenges in identifying all types of attacks, especially rare attacks due to network traffic imbalances and the lack of a sufficient number of abnormal traffic samples for model training. To overcome these shortcomings and improve detection performance, this paper presents an unsupervised deep learning approach for intrusion detection. Unlike the existing IDS model that extracts features and trains a classifier in two separate stages, a single-stage IDS approach that integrates a one-dimensional convolutional autoencoder (1D CAE) and a one-class support vector machine (OCSVM) as a classifier into a joint optimization framework is introduced in this paper for the first time. Using only the normal traffic samples, the approach simultaneously optimizes the 1D CAE for compact feature representation and the OCSVM for classification by defining a unified objective function combining reconstruction error with classification error. Thus, the generated compact feature representation has not only reconstruction ability but also discriminative ability for classification. An in-depth ablation analysis validates the design decisions and provides further insight of the proposed approach. An extensive set of experiments on two benchmark intrusion datasets, NSL-KDD and UNSW-NB15, demonstrates the generalization ability of the proposed model for unseen attacks and confirms it as a competitive approach over the recent state-of-the-art intrusion detection baselines. Overall, the obtained results emphasize that the proposed approach has potential to serve as a baseline for building an effective IDS.

computer science, artificial intelligence

Johan Note,Maaruf Ali

DOI: https://doi.org/10.33166/aetic.2022.03.003

2022-07-01

Annals of Emerging Technologies in Computing

Abstract:Attacks against computer networks, “cyber-attacks”, are now common place affecting almost every Internet connected device on a daily basis. Organisations are now using machine learning and deep learning to thwart these types of attacks for their effectiveness without the need for human intervention. Machine learning offers the biggest advantage in their ability to detect, curtail, prevent, recover and even deal with untrained types of attacks without being explicitly programmed. This research will show the many different types of algorithms that are employed to fight against the different types of cyber-attacks, which are also explained. The classification algorithms, their implementation, accuracy and testing time are presented. The algorithms employed for this experiment were the Gaussian Naïve-Bayes algorithm, Logistic Regression Algorithm, SVM (Support Vector Machine) Algorithm, Stochastic Gradient Descent Algorithm, Decision Tree Algorithm, Random Forest Algorithm, Gradient Boosting Algorithm, K-Nearest Neighbour Algorithm, ANN (Artificial Neural Network) (here we also employed the Multilevel Perceptron Algorithm), Convolutional Neural Network (CNN) Algorithm and the Recurrent Neural Network (RNN) Algorithm. The study concluded that amongst the various machine learning algorithms, the Logistic Regression and Decision tree classifiers all took a very short time to be implemented giving an accuracy of over 90% for malware detection inside various test datasets. The Gaussian Naïve-Bayes classifier, though fast to implement, only gave an accuracy between 51-88%. The Multilevel Perceptron, non-linear SVM and Gradient Boosting algorithms all took a very long time to be implemented. The algorithm that performed with the greatest accuracy was the Random Forest Classification algorithm.

Vibekananda Dutta,Michał Choraś,Marek Pawlicki,Rafał Kozik

DOI: https://doi.org/10.3390/s20164583

2020-08-15

Abstract:Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection.

Kanthimathi S,Shravan Venkatraman,Jayasankar K S,Pranay Jiljith T,Jashwanth R

DOI: https://doi.org/10.1109/ACCESS.2024.3478764

2024-10-12

Abstract:Distributed Denial of Service (DDoS) attacks are a major concern in network security, as they overwhelm systems with excessive traffic, compromise sensitive data, and disrupt network services. Accurately detecting these attacks is crucial to protecting network infrastructure. Traditional approaches, such as single Convolutional Neural Networks (CNNs) or conventional Machine Learning (ML) algorithms like Decision Trees (DTs) and Support Vector Machines (SVMs), struggle to extract the diverse features needed for precise classification, resulting in suboptimal performance. This research addresses this gap by introducing a novel approach for DDoS attack detection. The proposed method combines three distinct CNN architectures: SA-Enabled CNN with XGBoost, SA-Enabled CNN with LSTM, and SA-Enabled CNN with Random Forest. Each model extracts features at multiple scales, while self-attention mechanisms enhance feature integration and relevance. The weighted ensemble approach ensures that both prominent and subtle features contribute to the final classification, improving adaptability to evolving attack patterns and novel threats. The proposed method achieves a precision of 98.71%, an F1-score of 98.66%, a recall of 98.63%, and an accuracy of 98.69%, outperforming traditional methods and setting a new benchmark in DDoS attack detection. This innovative approach addresses critical limitations in current models and advances the state of the art in network security.

Cryptography and Security,Artificial Intelligence,Machine Learning