An Autonomous Intrusion Detection System Using an Ensemble of Advanced Learners

An intrusion detection system (IDS) is a vital security component of modern computer networks. With the increasing amount of sensitive services that use computer network-based infrastructures, IDSs need to be more intelligent and autonomous. Aside from autonomy, another important feature for an IDS is its ability to detect zero-day attacks. To address these issues, in this paper, we propose an IDS which reduces the amount of manual interaction and needed expert knowledge and is able to yield acceptable performance under zero-day attacks. Our approach is to use three learning techniques in parallel: gated recurrent unit (GRU), convolutional neural network as deep techniques and random forest as an ensemble technique. These systems are trained in parallel and the results are combined under two logics: majority vote and "OR" logic. We use the NSL-KDD dataset to verify the proficiency of our proposed system. Simulation results show that the system has the potential to operate with a very low technician interaction under the zero-day attacks. We achieved 87:28% accuracy on the NSL-KDD's "KDDTest+" dataset and 76:61% accuracy on the challenging "KDDTest-21" with lower training time and lower needed computational resources.Comment: 5 page

Enhancing Flight Delay Prediction through Feature Engineering in Machine Learning Classifiers: A Real Time Data Streams Case Study

The process of creating and selecting features from raw data to enhance the accuracy of machine learning models is referred to as feature engineering. In the context of real-time data streams, feature engineering becomes particularly important because the data is constantly changing and the model must be able to adapt quickly. A case study of using feature engineering in a flight information system is described in this paper. We used feature engineering to improve the performance of machine learning classifiers for predicting flight delays and describe various techniques for extracting and constructing features from the raw data, including time-based features, trend-based features, and error-based features. Before applying these techniques, we applied feature pre-processing techniques, including the CTAO algorithm for feature pre-processing, followed by the SCSO (Sand cat swarm optimization) algorithm for feature extraction and the Enhanced harmony search for feature optimization. The resultant feature set contained the 9 most relevant features for deciding whether a flight would be delayed or not. Additionally, we evaluate the performance of various classifiers using these engineered features and contrast the results with those obtained using raw features. The results show that feature engineering significantly improves the performance of the classifiers and allows for more accurate prediction of flight delays in real-time

RESEARCH ON IIOT SECURITY: NOVEL MACHINE LEARNING-BASED INTRUSION DETECTION USING TCP/IP PACKETS

The Industrial Internet of Things (IIoT) explosive expansion has raised questions regarding the safety of industrial systems. Networks like these are crucially protected from a variety of cyber threats by intrusion detection systems (IDSs). In order to detect intrusions in the IIoT environment utilizing TCP/IP packets, this work introduces a novel Hybrid Deep Convolutional Autoencoder and Splinted Decision Tree (HDCA-SDT) technique. High-level features are extracted from the unprocessed TCP/IP packet data using the DCA. The retrieved features are then classified using the SDT algorithm into various intrusion categories. In order to enable quicker decision-making yet preserve accurate results, the SDT technique effectively divides the feature space. The NSL-KDD dataset is used to train and assess the model. The efficiency of the suggested hybrid strategy is shown by experimental findings. Comparing the proposed hybrid approach to conventional intrusion detection methods, it acquired higher detection accuracy. The model also demonstrates robustness to fluctuations in traffic on the network and possesses the ability to identify known and unidentified intrusions with high recall rates

A Framework for Improving Intrusion Detection Systems by Combining Artificial Intelligence and Situational Awareness

The vast majority of companies do not have the requisite tools and analysis to make use of the data obtained from security incidents in order to protect themselves from attacks and lower their risk. Intrusion Detection Systems (IDS) are deployed by numerous businesses to lessen the impact of network attacks. This is mostly attributable to the fact that these systems are able to provide a situational picture of network traffic regardless of the method or technology that is used to generate alerts. In this paper, a framework is proposed for improving the performance of contemporary IDSs by incorporating Artificial Intelligence (AI) into multiple layers, presenting the appropriate abstraction and accumulation of information, and generating valuable logs and metrics for security analysts to use in order to make the most informed decisions possible. This is further enabled by including Situational Awareness (SA) at the fundamental levels of the framework. Keywords: Intrusion Detection System, Machine Learning, Deep Learning, Shallow Learning, Security Operation Center, Situational Awarenes

A Framework for Improving Intrusion Detection Systems by Combining Artificial Intelligence and Situational Awareness

The vast majority of companies do not have the requisite tools and analysis to make use of the data obtained from security incidents in order to protect themselves from attacks and lower their risk. Intrusion Detection Systems (IDS) are deployed by numerous businesses to lessen the impact of network attacks. This is mostly attributable to the fact that these systems are able to provide a situational picture of network traffic regardless of the method or technology that is used to generate alerts. In this paper, a framework is proposed for improving the performance of contemporary IDSs by incorporating Artificial Intelligence (AI) into multiple layers, presenting the appropriate abstraction and accumulation of information, and generating valuable logs and metrics for security analysts to use in order to make the most informed decisions possible. This is further enabled by including Situational Awareness (SA) at the fundamental levels of the framework. Keywords: Intrusion Detection System, Machine Learning, Deep Learning, Shallow Learning, Security Operation Center, Situational Awarenes

Network Intrusion Detection System using Deep Learning Technique

The rise in the usage of the internet in this recent time had led to tremendous development in computer networks with large volumes of information transported daily. This development has generated lots of security threats and privacy concerns on networks and data. To tackle these issues, several protective measures have been developed including the Intrusion Detection Systems (IDSs). IDS plays a major backbone in network security and provides an extra layer of security to other security defence mechanisms in a network. However, existing IDS built on a signature base such as snort and the likes are unable to detect unknown and novel threats. Anomaly detection-based IDSs that use Machine Learning (ML) approaches are not scalable when enormous data are presented, and during modelling, the runtime increases as the dataset size increases which needs high computational resources to fulfil the runtime requirements. This thesis proposes a Feedforward Deep Neural Network (FFDNN) for an intrusion detection system that performs a binary classification on the popular NSL-Knowledge discovery and data mining (NSL-KDD) dataset. The model was developed from Keras API integrated into TensorFlow in Google's colaboratory software environment. Three variants of FFDNNs were trained using the NSL-KDD dataset and the network architecture consisted of two hidden layers with 64 and 32; 32 and 16; 512 and 256 neurons respectively, and each with the ReLu activation function. The sigmoid activation function for binary classification was used in the output layer and the prediction loss function used was the binary cross-entropy. Regularization was set to a dropout rate of 0.2 and the Adam optimizer was used. The deep neural networks were trained for 16, 20, 20 epochs respectively for batch sizes of 256, 64, and 128. After evaluating the performances of the FFDNNs on the training data, the prediction was made on test data, and accuracies of 89%, 84%, and 87% were achieved. The experiment was also conducted on the same training dataset (NSL-KDD) using the conventional machine learning algorithms (Random Forest; K-nearest neighbor; Logistic regression; Decision tree; and Naïve Bayes) and predictions of each algorithm on the test data gave different performance accuracies of 81%, 76%, 77%, 77%, 77%, respectively. The performance results of the FFDNNs were calculated based on some important metrics (FPR, FAR, F1 Measure, Precision), and these were compared to the conventional ML algorithms and the outcome shows that the deep neural networks performed best due to their dense architecture that made it scalable with the large size of the dataset and also offered a faster run time during training in contrast to the slow run time of the Conventional ML. This implies that when the dataset is large and a faster computation is required, then FFDNN is a better choice for best performance accuracy

Deep Learning -Powered Computational Intelligence for Cyber-Attacks Detection and Mitigation in 5G-Enabled Electric Vehicle Charging Station

An electric vehicle charging station (EVCS) infrastructure is the backbone of transportation electrification. However, the EVCS has various cyber-attack vulnerabilities in software, hardware, supply chain, and incumbent legacy technologies such as network, communication, and control. Therefore, proactively monitoring, detecting, and defending against these attacks is very important. The state-of-the-art approaches are not agile and intelligent enough to detect, mitigate, and defend against various cyber-physical attacks in the EVCS system. To overcome these limitations, this dissertation primarily designs, develops, implements, and tests the data-driven deep learning-powered computational intelligence to detect and mitigate cyber-physical attacks at the network and physical layers of 5G-enabled EVCS infrastructure. Also, the 5G slicing application to ensure the security and service level agreement (SLA) in the EVCS ecosystem has been studied. Various cyber-attacks such as distributed denial of services (DDoS), False data injection (FDI), advanced persistent threats (APT), and ransomware attacks on the network in a standalone 5G-enabled EVCS environment have been considered. Mathematical models for the mentioned cyber-attacks have been developed. The impact of cyber-attacks on the EVCS operation has been analyzed. Various deep learning-powered intrusion detection systems have been proposed to detect attacks using local electrical and network fingerprints. Furthermore, a novel detection framework has been designed and developed to deal with ransomware threats in high-speed, high-dimensional, multimodal data and assets from eccentric stakeholders of the connected automated vehicle (CAV) ecosystem. To mitigate the adverse effects of cyber-attacks on EVCS controllers, novel data-driven digital clones based on Twin Delayed Deep Deterministic Policy Gradient (TD3) Deep Reinforcement Learning (DRL) has been developed. Also, various Bruteforce, Controller clones-based methods have been devised and tested to aid the defense and mitigation of the impact of the attacks of the EVCS operation. The performance of the proposed mitigation method has been compared with that of a benchmark Deep Deterministic Policy Gradient (DDPG)-based digital clones approach. Simulation results obtained from the Python, Matlab/Simulink, and NetSim software demonstrate that the cyber-attacks are disruptive and detrimental to the operation of EVCS. The proposed detection and mitigation methods are effective and perform better than the conventional and benchmark techniques for the 5G-enabled EVCS

Bases de dados e classificador baseado em redes neuronais

O aumento crescente de ciberataques tem se tornado um problema cada vez mais grave num mundo cada vez mais digital e dependente de dispositivos conectados e vulneráveis. Os ciberataques estão a tornar-se cada vez mais sofisticados e frequentes, representando uma ameaça significativa para governos, empresas e indivíduos. A proteção contra estes ataques é crucial para a integridade dos sistemas e a privacidade das informações. A utilização de técnicas avançadas, como a aprendizagem de máquina, desempenha um papel fundamental na deteção e prevenção de ciberataques, permitindo uma resposta mais eficiente e proativa diante das ameaças digitais. Portanto, a pesquisa realizada nesta dissertação contribui para o avanço da cibersegurança, oferecendo soluções para a proteção contra ciberataques no contexto da Marinha Portuguesa. A presente dissertação faz parte do projeto Ciberrange da Escola Naval, e que tem como foco o estudo de bases de dados e a construção de classificadores para deteção de ciberataques. Além disso, enquadra o presente trabalho na literatura existente nas temáticas de ataques e ameaças, técnicas de aprendizagem de máquina e métodos de avaliação da solução. Também é realizado um estudo das bases de dados open-source disponíveis na área da cibersegurança. O trabalho é enquadrado no contexto da segurança organizacional, mais especificamente na Marinha Portuguesa. Destacam-se os pontos-chave fundamentais que um ciberrange deve ter, de acordo com os interesses de uma organização que visa proteger-se a si mesma e aos seus membros. Por fim, a dissertação desenvolve, analisa e compara classificadores baseados em redes neurais com o objetivo de detetar ciberataques, utilizando como suporte a base de dados UNSW-NB15. Os resultados obtidos mostram uma precisão de 0.9301 na classificação binária, 0.8211 na classificação multi-classe e 0.8358 na classificação multi-classe com redução de ataques minoritários.The increasing rise of cyberattacks has become an increasingly serious problem in an increasingly digital world that is dependent on connected and vulnerable devices. Cyberattacks are becoming more sophisticated and frequent, posing a significant threat to governments, companies, and individuals. Protection against these attacks is crucial for system integrity and information privacy. The use of advanced techniques such as machine learning plays a fundamental role in detecting and preventing cyberattacks, enabling a more efficient and proactive response to digital threats. Therefore, the research conducted in this dissertation contributes to the advancement of cybersecurity by offering solutions for protection against cyberattacks in the context of the Portuguese Navy. This dissertation is part of the “Ciberrange da Escola Naval” and focuses on database analysis and classifier construction for cyberattack detection. It also contextualizes this work within the existing literature on attack and threat analysis, machine learning techniques, and solution evaluation methods. Additionally, an examination of open-source databases available in the field of cybersecurity is conducted. The work is framed within the context of organizational security, specifically the Portuguese Navy. Key fundamental points that a cyber range should have are highlighted, according to the interests of an organization seeking to protect itself and its members. Finally, the dissertation develops, analyzes, and compares neural network-based classifiers with the objective of detecting cyberattacks, using the UNSW-NB15 database as support. The results obtained show an accuracy of 0.9301 in binary classification, 0.8211 in multi-class classification, and 0.8358 in multi-class classification with the reduction of minority attacks

Application of data analytics for predictive maintenance in aerospace: an approach to imbalanced learning.

The use of aircraft operational logs to predict potential failure that may lead to disruption poses many challenges and has yet to be fully explored. These logs are captured during each flight and contain streamed data from various aircraft subsystems relating to status and warning indicators. They may, therefore, be regarded as complex multivariate time-series data. Given that aircraft are high-integrity assets, failures are extremely rare, and hence the distribution of relevant data containing prior indicators will be highly skewed to the normal (healthy) case. This will present a significant challenge in using data-driven techniques to 'learning' relationships/patterns that depict fault scenarios since the model will be biased to the heavily weighted no-fault outcomes. This thesis aims to develop a predictive model for aircraft component failure utilising data from the aircraft central maintenance system (ACMS). The initial objective is to determine the suitability of the ACMS data for predictive maintenance modelling. An exploratory analysis of the data revealed several inherent irregularities, including an extreme data imbalance problem, irregular patterns and trends, class overlapping, and small class disjunct, all of which are significant drawbacks for traditional machine learning algorithms, resulting in low-performance models. Four novel advanced imbalanced classification techniques are developed to handle the identified data irregularities. The first algorithm focuses on pattern extraction and uses bootstrapping to oversample the minority class; the second algorithm employs the balanced calibrated hybrid ensemble technique to overcome class overlapping and small class disjunct; the third algorithm uses a derived loss function and new network architecture to handle extremely imbalanced ratios in deep neural networks; and finally, a deep reinforcement learning approach for imbalanced classification problems in log- based datasets is developed. An ACMS dataset and its accompanying maintenance records were used to validate the proposed algorithms. The research's overall finding indicates that an advanced method for handling extremely imbalanced problems using the log-based ACMS datasets is viable for developing robust data-driven predictive maintenance models for aircraft component failure. When the four implementations were compared, deep reinforcement learning (DRL) strategies, specifically the proposed double deep State-action-reward-state-action with prioritised experience reply memory (DDSARSA+PER), outperformed other methods in terms of false-positive and false-negative rates for all the components considered. The validation result further suggests that the DDSARSA+PER model is capable of predicting around 90% of aircraft component replacements with a 0.005 false-negative rate in both A330 and A320 aircraft families studied in this researchPhD in Transport System