11,112 research outputs found
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions
One of the significant challenges that smart grid networks face is
cyber-security. Several studies have been conducted to highlight those security
challenges. However, the majority of these surveys classify attacks based on
the security requirements, confidentiality, integrity, and availability,
without taking into consideration the accountability requirement. In addition,
some of these surveys focused on the Transmission Control Protocol/Internet
Protocol (TCP/IP) model, which does not differentiate between the application,
session, and presentation and the data link and physical layers of the Open
System Interconnection (OSI) model. In this survey paper, we provide a
classification of attacks based on the OSI model and discuss in more detail the
cyber-attacks that can target the different layers of smart grid networks
communication. We also propose new classifications for the detection and
countermeasure techniques and describe existing techniques under each category.
Finally, we discuss challenges and future research directions
Advanced detection Denial of Service attack in the Internet of Things network based on MQTT protocol using fuzzy logic
Message Queuing Telemetry Transport (MQTT) is one of the popular protocols used on the Internet of Things (IoT) networks because of its lightweight nature. With the increasing number of devices connected to the internet, the number of cybercrimes on IoT networks will increase. One of the most popular attacks is the Denial of Service (DoS) attack. Standard security on MQTT uses SSL/TLS, but SSL/TLS is computationally wasteful for low-powered devices. The use of fuzzy logic algorithms with the Intrusion Detection System (IDS) scheme is suitable for detecting DoS because of its simple nature. This paper uses a fuzzy logic algorithm embedded in a node to detect DoS in the MQTT protocol with feature selection nodes. This paper's contribution is that the nodes feature selection used will monitor SUBSCRIBE and SUBACK traffic and provide this information to fuzzy input nodes to detect DoS attacks. Fuzzy performance evaluation is measured against changes in the number of nodes and attack intervals. The results obtained are that the more the number of nodes and the higher the traffic intensity, the fuzzy performance will decrease, and vice versa. However, the number of nodes and traffic intensity will affect fuzzy performance
An Integrated Cybersecurity Risk Management (I-CSRM) Framework for Critical Infrastructure Protection
Risk management plays a vital role in tackling cyber threats within the Cyber-Physical System (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This research aims for an effective Cyber Security Risk Management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and Comprehensive Assessment Model (CAM) for evaluating the effectiveness of the existing controls.
The proposed approach considers relevant CSRM concepts such as threat actor attack pattern, Tactic, Technique and Procedure (TTP), controls and assets and maps these concepts with the VERIS community dataset (VCDB) features for the purpose of risk predication. Also, the tool serves as an additional component of the proposed framework that enables asset criticality, risk and control effectiveness calculation for a continuous risk assessment. Lastly, the thesis employs a case study to validate the proposed i-CSRM framework and i-CSRMT in terms of applicability. Stakeholder feedback is collected and evaluated using critical criteria such as ease of use, relevance, and usability. The analysis results illustrate the validity and acceptability of both the framework and tool for an effective risk management practice within a real-world environment.
The experimental results reveal that using the fuzzy set theory in assessing assets' criticality, supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers’ have shown exemplary performance in predicting different risk types including denial of service, cyber espionage, and Crimeware. An accurate prediction can help organisations model uncertainty with machine learning classifiers, detect frequent cyber-attacks, affected assets, risk types, and employ the necessary corrective actions for its mitigations.
Lastly, to evaluate the effectiveness of the existing controls, the CAM approach is used, and the result shows that some controls such as network intrusion, authentication, and anti-virus show high efficacy in controlling or reducing risks. Evaluating control effectiveness helps organisations to know how effective the controls are in reducing or preventing any form of risk before an attack occurs. Also, organisations can implement new controls earlier. The main advantage of using the CAM approach is that the parameters used are objective, consistent and applicable to CPS
Shallow and deep networks intrusion detection system : a taxonomy and survey
Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on previous and current works. This taxonomy and survey reviews machine learning techniques and their performance in detecting anomalies. Feature selection which influences the effectiveness of machine learning (ML) IDS is discussed to explain the role of feature selection in the classification and training phase of ML IDS. Finally, a discussion of the false and true positive alarm rates is presented to help researchers model reliable and efficient machine learning based intrusion detection systems
Improving intrusion detection systems using data mining techniques
Recent surveys and studies have shown that cyber-attacks have caused a
lot of damage to organisations, governments, and individuals around the world.
Although developments are constantly occurring in the computer security field,
cyber-attacks still cause damage as they are developed and evolved by
hackers. This research looked at some industrial challenges in the intrusion
detection area. The research identified two main challenges; the first one is that
signature-based intrusion detection systems such as SNORT lack the capability of
detecting attacks with new signatures without human intervention. The other
challenge is related to multi-stage attack detection, it has been found that
signature-based is not efficient in this area. The novelty in this research is
presented through developing methodologies tackling the mentioned challenges.
The first challenge was handled by developing a multi-layer classification
methodology. The first layer is based on decision tree, while the second layer is a
hybrid module that uses two data mining techniques; neural network, and fuzzy
logic. The second layer will try to detect new attacks in case the first one fails to
detect. This system detects attacks with new signatures, and then updates the
SNORT signature holder automatically, without any human intervention. The
obtained results have shown that a high detection rate has been obtained with
attacks having new signatures. However, it has been found that the false positive
rate needs to be lowered. The second challenge was approached by evaluating IP
information using fuzzy logic. This approach looks at the identity of participants
in the traffic, rather than the sequence and contents of the traffic. The results have
shown that this approach can help in predicting attacks at very early stages in
some scenarios. However, it has been found that combining this approach with a
different approach that looks at the sequence and contents of the traffic, such as
event- correlation, will achieve a better performance than each approach
individually
- …