Mayra Macas,Chunming Wu

DOI: https://doi.org/10.1109/latincom50620.2020.9282324

2020-01-01

Abstract:As the number of cyber-attacks is increasing, cybersecurity is evolving to a key concern for any business. Artificial Intelligence (AI) and Machine Learning (ML) (in particular Deep Learning - DL) can be leveraged as key enabling technologies for cyber-defense, since they can contribute in threat detection and can even provide recommended actions to cyber analysts. A partnership of industry, academia, and government on a global scale is necessary in order to advance the adoption of AI/ML to cybersecurity and create efficient cyber defense systems. In this paper, we are concerned with the investigation of the various deep learning techniques employed for network intrusion detection and we introduce a DL framework for cybersecurity applications.

Jasmin Bharadiya

DOI: https://doi.org/10.47672/ejt.1486

2023-06-02

European Journal of Technology

Abstract:In the computer world, data science is the force behind the recent dramatic changes in cybersecurity's operations and technologies. The secret to making a security system automated and intelligent is to extract patterns or insights related to security incidents from cybersecurity data and construct appropriate data-driven models. Data science, also known as diverse scientific approaches, machine learning techniques, processes, and systems, is the study of actual occurrences via the use of data. Due to its distinctive qualities, such as flexibility, scalability, and the capability to quickly adapt to new and unknowable obstacles, machine learning techniques have been used in many scientific fields. Due to notable advancements in social networks, cloud and web technologies, online banking, mobile environments, smart grids, etc., cyber security is a rapidly expanding sector that requires a lot of attention. Such a broad range of computer security issues have been effectively addressed by various machine learning techniques. This article covers several machine-learning applications in cyber security. Phishing detection, network intrusion detection, keystroke dynamics authentication, cryptography, human interaction proofs, spam detection in social networks, smart meter energy consumption profiling, and security concerns with machine learning techniques themselves are all covered in this study. The methodology involves collecting a large dataset of phishing and legitimate instances, extracting relevant features such as email headers, content, and URLs, and training a machine-learning model using supervised learning algorithms. Machine learning models can effectively identify phishing emails and websites with high accuracy and low false positive rates. To enhance phishing detection, it is recommended to continuously update the training dataset to include new phishing techniques and to employ ensemble methods that combine multiple machine learning models for better performance.

Iqbal H. Sarker

DOI: https://doi.org/10.1007/s40745-022-00444-2

2022-09-19

Annals of Data Science

Abstract:Abstract Due to the digitization and Internet of Things revolutions, the present electronic world has a wealth of cybersecurity data. Efficiently resolving cyber anomalies and attacks is becoming a growing concern in today’s cyber security industry all over the world. Traditional security solutions are insufficient to address contemporary security issues due to the rapid proliferation of many sorts of cyber-attacks and threats. Utilizing artificial intelligence knowledge, especially machine learning technology, is essential to providing a dynamically enhanced, automated, and up-to-date security system through analyzing security data. In this paper, we provide an extensive view of machine learning algorithms, emphasizing how they can be employed for intelligent data analysis and automation in cybersecurity through their potential to extract valuable insights from cyber data. We also explore a number of potential real-world use cases where data-driven intelligence, automation, and decision-making enable next-generation cyber protection that is more proactive than traditional approaches. The future prospects of machine learning in cybersecurity are eventually emphasized based on our study, along with relevant research directions. Overall, our goal is to explore not only the current state of machine learning and relevant methodologies but also their applicability for future cybersecurity breakthroughs.

Azar Salih,Subhi T. Zeebaree,Sadeeq Ameen,Ahmed Alkhyyat,Hnan M. Shukur

DOI: https://doi.org/10.1109/iec52205.2021.9476132

2021-02-24

Abstract:With the growing internet services, cybersecurity becomes one of the major research problems of the modern digital era. Cybersecurity involves techniques to protect and control the systems, hardware, software, network, and electronic data from unauthorized access. It is necessary to build a cyber-security system to detect different types of attacks. Implementing various intelligent algorithms in cybersecurity led to detect and analyz attack actions occurring in field of computer networks. Cybersecurity uses artificial intelligence, machine learning, and deep learning algorithms capable of extracting optimal feature representation from the big data set. This has been applied to various cybersecurity cases, such as attacks detection, prediction, and analysis. This work aims to perform an analysis of cybersecurity attacks datasets by using intelligent approaches. It also provides a detailed comparison with the performance of algorithms, field implementation to describe network protection optimization technologies benefits.

Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

José Camacho,José Manuel García-Giménez,Noemí Marta Fuentes-García,Gabriel Maciá-Fernández

DOI: https://doi.org/10.1016/j.cose.2019.101603

2019-06-28

Abstract:The research literature on cybersecurity incident detection & response is very rich in automatic detection methodologies, in particular those based on the anomaly detection paradigm. However, very little attention has been devoted to the diagnosis ability of the methods, aimed to provide useful information on the causes of a given detected anomaly. This information is of utmost importance for the security team to reduce the time from detection to response. In this paper, we present Multivariate Big Data Analysis (MBDA), a complete intrusion detection approach based on 5 steps to effectively handle massive amounts of disparate data sources. The approach has been designed to deal with the main characteristics of Big Data, that is, the high volume, velocity and variety. The core of the approach is the Multivariate Statistical Network Monitoring (MSNM) technique proposed in a recent paper. Unlike in state of the art machine learning methodologies applied to the intrusion detection problem, when an anomaly is identified in MBDA the output of the system includes the detail of the logs of raw information associated to this anomaly, so that the security team can use this information to elucidate its root causes. MBDA is based in two open software packages available in Github: the MEDA Toolbox and the FCParser. We illustrate our approach with two case studies. The first one demonstrates the application of MBDA to semistructured sources of information, using the data from the VAST 2012 mini challenge 2. This complete case study is supplied in a virtual machine available for download. In the second case study we show the Big Data capabilities of the approach in data collected from a real network with labeled attacks.

Networking and Internet Architecture,Cryptography and Security,Machine Learning,Other Statistics

Muhammad U. Ilyas,Soltan Abed Alharbi

DOI: https://doi.org/10.1007/s00607-021-01050-5

2022-01-04

Computing

Abstract:All organizations, be they businesses, governments, infrastructure or utility providers, depend on the availability and functioning of their computers, computer networks and data centers for all or part of their operations. Network intrusion detection systems are the first line of defense that protect computing infrastructure from external attacks. In this study we develop five different Machine Learning classifiers for a number of attacks. We used the CSE-CIC-IDS2018 dataset, developed in a collaborative effort between the Communications Security Establishment and the Canadian Institute for Cybersecurity. It is an extensive network traffic trace dataset that captures multiple attacks and has become available relatively recently. The previous major dataset used for the development of network intrusion detection systems is the KDD Cup’99 dataset, now going on 22 years, which predates mobile computing, Web 2.0/3.0, social media, streaming video and widespread use of SSL. These significant Internet trends of the last two decades demand a reevaluation and redevelopment of intrusion detectors. Prior studies that designed Machine Learning classifiers using the CSE-CIC-IDS2018 dataset use a large and rich set of features, of which at least one is not dataset-invariant. Almost none have explored the appropriateness of using all available features with datasets containing only a few hundred attack class samples. The classifiers developed in this study rely on a justifiable number of features and their performance is reviewed for stability and generalization by reporting not just average performance over 10 fold cross-validation but also the degree of variation from one fold to the next.

computer science, theory & methods

Muyideen Ayodeji Alaketu,Abiodun Oguntimilehin,Kehinde Adebola Olatunji,Oluwatoyin Bunmi Abiola,Bukola Badeji-Ajisafe,Christiana Olanike Akinduyite,Stephen Eyitayo Obamiyi,Gbemisola Olutosin Babalola,Toyin Okebule

DOI: https://doi.org/10.34028/iajit/21/2/14

2024-01-01

The International Arab Journal of Information Technology

Abstract:Traditional cyber security measures are becoming less effective, leading to rise in modern attacks. However, the ability to analyze and use massive volume of data (big data) to train anomaly based systems that can learn from experience, classify attacks and make decisions can improve prediction of attacks before they actually occur. In this study, to ensure availability, integrity, and confidentiality of information systems, predictive models for intrusion detection that use Big Data and Machine Learning (ML) algorithms were proposed. The proposed approach used a big dataset (CIC-Bell-IDS2017) to independently train three ML classifiers before and after feature selection. Big data analytics tool was also employed for feature scaling and selection in order to normalize data and select the most relevant set of features. Performance evaluation and comparative analysis were done and the results showed there were improvements in the models’ prediction accuracies.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Yang Xin,Lingshuang Kong,Zhi Liu,Yuling Chen,Yanmiao Li,Hongliang Zhu,Mingcheng Gao,Haixia Hou,Chunhua Wang

DOI: https://doi.org/10.1109/access.2018.2836950

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the development of the Internet, cyber-attacks are changing rapidly and the cyber security situation is not optimistic. This survey report describes key literature surveys on machine learning (ML) and deep learning (DL) methods for network analysis of intrusion detection and provides a brief tutorial description of each ML/DL method. Papers representing each method were indexed, read, and summarized based on their temporal or thermal correlations. Because data are so important in ML/DL methods, we describe some of the commonly used network datasets used in ML/DL, discuss the challenges of using ML/DL for cybersecurity and provide suggestions for research directions.

computer science, information systems,telecommunications,engineering, electrical & electronic

NVA Pavan Kumar Inguva,Oludotun Oni,Jacob Bryant

DOI: https://doi.org/10.48175/ijarsct-19438

2024-08-26

Abstract:Cyber security is like a race between defensive and offensive capabilities. Day by day the attacks are increasing consequently the preventive mechanisms are also raising. The technological evolution must address the cyber security problem effectively. Cyber security is always the cutting-edge technology to which Machine learning added potentiality. Machine learning plays a crucial role cyber-attacks in various dimensions. The recent advancements in usage of Machine learning towards cyber security preventive and detective measures clearly indicates that the Cyber security certainly accelerates. But at the same time the threat framework also takes the advent of innovative machine learning models. In this paper we are intended to explore various machine learning algorithms to classify cyber-attacks, which are very useful in designing efficient threat defensive models

Siriporn Chimphlee,Witcha Chimphlee

DOI: https://doi.org/10.11591/ijeecs.v30.i2.pp1106-1119

2023-05-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:With the rapid growth of digital technology communications are overwhelmed by network data traffic. The demand for the internet is growing every day in today's cyber world, raising concerns about network security. Big Data are a term that describes a vast volume of complicated data that is critical for evaluating network patterns and determining what has occurred in the network. Therefore, detecting attacks in a large network is challenging. Intrusion detection system (IDS) is a promising cybersecurity research field. In this paper, we proposed an efficient classification scheme for IDS, which is divided into two procedures, on the CSE-CIC-IDS-2018 dataset, data pre-processing techniques including under-sampling, feature selection, and classifier algorithms were used to assess and decide the best performing model to classify invaders. We have implemented and compared seven classifier machine learning algorithms with various criteria. This work explored the application of the random forest (RF) for feature selection in conjunction with machine learning (ML) techniques including linear regression (LR), k-Nearest Neighbor (k-NN), classification and regression trees (CART), Bayes, RF, multi layer perceptron (MLP), and XGBoost in order to implement IDSS. The experimental results show that the MLP algorithm in the most successful with best performance with evaluation matrix.

Upakar Bhatta

2024-05-20

Abstract:The combination of cloud technology, machine learning, and data visualization techniques allows hybrid enterprise networks to hold massive volumes of data and provide employees and customers easy access to these cloud data. These massive collections of complex data sets are facing security challenges. While cloud platforms are more vulnerable to security threats and traditional security technologies are unable to cope with the rapid data explosion in cloud platforms, machine learning powered security solutions and data visualization techniques are playing instrumental roles in detecting security threat, data breaches, and automatic finding software vulnerabilities. The purpose of this paper is to present some of the widely used cloud services, machine learning techniques and data visualization approach and demonstrate how to integrate cloud service, data analytic and machine learning techniques that can be used to detect and reduce cyber risks associated with the modern cloud based infrastructure. In this paper I applied the machine learning supervised classifier to design a model based on well-known UNSW-NB15 dataset to predict the network behavior metrics and demonstrated how data analytics techniques can be integrated to visualize network traffics.

Machine Learning,Computational Engineering, Finance, and Science

Xavier Larriva-Novo,Mario Vega-Barbas,Víctor A. Villagrá,Diego Rivera,Manuel Álvarez-Campana,Julio Berrocal

DOI: https://doi.org/10.3390/app10103430

2020-05-15

Applied Sciences

Abstract:New computational and technological paradigms that currently guide developments in the information society, i.e., Internet of things, pervasive technology, or Ubicomp, favor the appearance of new intrusion vectors that can directly affect people’s daily lives. This, together with advances in techniques and methods used for developing new cyber-attacks, exponentially increases the number of cyber threats which affect the information society. Because of this, the development and improvement of technology that assists cybersecurity experts to prevent and detect attacks arose as a fundamental pillar in the field of cybersecurity. Specifically, intrusion detection systems are now a fundamental tool in the provision of services through the internet. However, these systems have certain limitations, i.e., false positives, real-time analytics, etc., which require their operation to be supervised. Therefore, it is necessary to offer architectures and systems that favor an efficient analysis of the data handled by these tools. In this sense, this paper presents a new model of data preprocessing based on a novel distributed computing architecture focused on large-scale datasets such as UGR’16. In addition, the paper analyzes the use of machine learning techniques in order to improve the response and efficiency of the proposed preprocessing model. Thus, the solution developed achieves good results in terms of computer performance. Finally, the proposal shows the adequateness of decision tree algorithms for training a machine learning model by using a large dataset when compared with a multilayer perceptron neural network.

Hao Xu,Zihan Sun,Yuan Cao,Hazrat Bilal

DOI: https://doi.org/10.1007/s00500-023-09037-4

IF: 3.732

2023-07-29

Soft Computing

Abstract:Cyber-attacks and network intrusion have surfaced as major concerns for modern days applications of the Internet of Things (IoT). The existing intrusion detection and prevention techniques have a wide range of limitations and thus are unable to precisely detect any type of attack or anomaly within the network traffic. Many machine learning-based algorithms have also been presented by the researchers, which lack performance in terms of classification accuracy, or in terms of multi-class classification. This research presents a data-driven approach for intrusion and anomaly detection, where the data is processed and filtered using different algorithms. The quality of the training dataset is improved by using Synthetic Minority Oversampling Technique (SMOTE) algorithm and mutual information. Automated machine learning is also used to detect the algorithm with auto-tuned hyper-parameters that best suit to classify the data. This technique not only saves the computational cost to test the data at run-time but also provides an optimal algorithm without the need to run calculations to tune hyper-parameters, manually. The resultant algorithm solves a multi-class classification problem with an accuracy of 99.7%, outperforming the existing algorithms by a decent margin.

computer science, artificial intelligence, interdisciplinary applications

Khloud Al Jallad,Mohamad Aljnidi,Mohammad Said Desouki

DOI: https://doi.org/10.48550/arXiv.2209.13961

2022-09-28

Cryptography and Security

Abstract:With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

Dipankar Dasgupta,Zahid Akhtar,Sajib Sen

DOI: https://doi.org/10.1177/1548512920951275

2020-09-19

Abstract:Today’s world is highly network interconnected owing to the pervasiveness of small personal devices (e.g., smartphones) as well as large computing devices or services (e.g., cloud computing or online banking), and thereby each passing minute millions of data bytes are being generated, processed, exchanged, shared, and utilized to yield outcomes in specific applications. Thus, securing the data, machines (devices), and user’s privacy in cyberspace has become an utmost concern for individuals, business organizations, and national governments. In recent years, machine learning (ML) has been widely employed in cybersecurity, for example, intrusion or malware detection and biometric-based user authentication. However, ML algorithms are vulnerable to attacks both in the training and testing phases, which usually leads to remarkable performance decreases and security breaches. Comparatively, limited studies have been conducted to understand the essence and degree of the vulnerabilities of ML techniques against security threats and their defensive mechanisms. It is imperative to systematize recent works related to cybersecurity using ML to seek the attention of researchers, scientists, and engineers. Therefore, in this paper, we provide a comprehensive survey of the works that have been carried out most recently (from 2013 to 2018) on ML in cybersecurity, describing the basics of cyber-attacks and corresponding defenses, the basics of the most commonly used ML algorithms, and proposed ML and data mining schemes for cybersecurity in terms of features, dimensionality reduction, and classification/detection techniques. In this context, this article also provides an overview of adversarial ML, including the security characteristics of deep learning methods. Finally, open issues and challenges in cybersecurity are highlighted and potential future research directions are discussed.

Mostofa Ahsan,Kendall E. Nygard,Rahul Gomes,Minhaz Chowdhury,Nafiz Rifat,Jayden F Connolly,Md Minhaz Chowdhury

DOI: https://doi.org/10.3390/jcp2030027

2022-07-10

Journal of Cybersecurity and Privacy

Abstract:Machine learning is of rising importance in cybersecurity. The primary objective of applying machine learning in cybersecurity is to make the process of malware detection more actionable, scalable and effective than traditional approaches, which require human intervention. The cybersecurity domain involves machine learning challenges that require efficient methodical and theoretical handling. Several machine learning and statistical methods, such as deep learning, support vector machines and Bayesian classification, among others, have proven effective in mitigating cyber-attacks. The detection of hidden trends and insights from network data and building of a corresponding data-driven machine learning model to prevent these attacks is vital to design intelligent security systems. In this survey, the focus is on the machine learning techniques that have been implemented on cybersecurity data to make these systems secure. Existing cybersecurity threats and how machine learning techniques have been used to mitigate these threats have been discussed. The shortcomings of these state-of-the-art models and how attack patterns have evolved over the past decade have also been presented. Our goal is to assess how effective these machine learning techniques are against the ever-increasing threat of malware that plagues our online community.

computer science, information systems, interdisciplinary applications, software engineering

T N Varunram,M B Shivaprasad,K H Aishwarya,Anush Balraj,S V Savish,S Ullas

DOI: https://doi.org/10.1109/iccca52192.2021.9666265

2021-12-17

Abstract:Intrusion Detection Systems are of paramount importance in the present-day network security environment. By analyzing and predicting the behavior of incoming data, IDS helps in classifying it as either a benign or dangerous activity. In this paper, implementation of multiple Intrusion Detection Systems is done using different machine learning algorithms like KNN, AdaBoost, SVM, Logistic Regression, Random Forest, Artificial Neural Networks and Naive Bayes. The class imbalance in the dataset, caused by innate mannerisms of network analysis, is corrected using Synthetic Minority Oversampling Technique (SMOTE). The dataset is then reduced using three different Dimensionality Reduction Techniques namely PCA, t-SNE, and UMAP. The three datasets produced by these techniques are then used to build the Intrusion Detection System, using the machine learning algorithms. The models will implement binary classification to classify the incoming attacks between benign activity and DDoS Attacks.

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning