1,633 research outputs found
Intrusion-aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks
Existing anomaly and intrusion detection schemes of wireless sensor networks
have mainly focused on the detection of intrusions. Once the intrusion is
detected, an alerts or claims will be generated. However, any unidentified
malicious nodes in the network could send faulty anomaly and intrusion claims
about the legitimate nodes to the other nodes. Verifying the validity of such
claims is a critical and challenging issue that is not considered in the
existing cooperative-based distributed anomaly and intrusion detection schemes
of wireless sensor networks. In this paper, we propose a validation algorithm
that addresses this problem. This algorithm utilizes the concept of
intrusion-aware reliability that helps to provide adequate reliability at a
modest communication cost. In this paper, we also provide a security resiliency
analysis of the proposed intrusion-aware alert validation algorithm.Comment: 19 pages, 7 figure
Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems
SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds
Recommended from our members
A survey of intrusion detection techniques in Cloud
Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks
Thirty Years of Machine Learning: The Road to Pareto-Optimal Wireless Networks
Future wireless networks have a substantial potential in terms of supporting
a broad range of complex compelling applications both in military and civilian
fields, where the users are able to enjoy high-rate, low-latency, low-cost and
reliable information services. Achieving this ambitious goal requires new radio
techniques for adaptive learning and intelligent decision making because of the
complex heterogeneous nature of the network structures and wireless services.
Machine learning (ML) algorithms have great success in supporting big data
analytics, efficient parameter estimation and interactive decision making.
Hence, in this article, we review the thirty-year history of ML by elaborating
on supervised learning, unsupervised learning, reinforcement learning and deep
learning. Furthermore, we investigate their employment in the compelling
applications of wireless networks, including heterogeneous networks (HetNets),
cognitive radios (CR), Internet of things (IoT), machine to machine networks
(M2M), and so on. This article aims for assisting the readers in clarifying the
motivation and methodology of the various ML algorithms, so as to invoke them
for hitherto unexplored services as well as scenarios of future wireless
networks.Comment: 46 pages, 22 fig
Clustered Federated Learning Architecture for Network Anomaly Detection in Large Scale Heterogeneous IoT Networks
There is a growing trend of cyberattacks against Internet of Things (IoT)
devices; moreover, the sophistication and motivation of those attacks is
increasing. The vast scale of IoT, diverse hardware and software, and being
typically placed in uncontrolled environments make traditional IT security
mechanisms such as signature-based intrusion detection and prevention systems
challenging to integrate. They also struggle to cope with the rapidly evolving
IoT threat landscape due to long delays between the analysis and publication of
the detection rules. Machine learning methods have shown faster response to
emerging threats; however, model training architectures like cloud or edge
computing face multiple drawbacks in IoT settings, including network overhead
and data isolation arising from the large scale and heterogeneity that
characterizes these networks.
This work presents an architecture for training unsupervised models for
network intrusion detection in large, distributed IoT and Industrial IoT (IIoT)
deployments. We leverage Federated Learning (FL) to collaboratively train
between peers and reduce isolation and network overhead problems. We build upon
it to include an unsupervised device clustering algorithm fully integrated into
the FL pipeline to address the heterogeneity issues that arise in FL settings.
The architecture is implemented and evaluated using a testbed that includes
various emulated IoT/IIoT devices and attackers interacting in a complex
network topology comprising 100 emulated devices, 30 switches and 10 routers.
The anomaly detection models are evaluated on real attacks performed by the
testbed's threat actors, including the entire Mirai malware lifecycle, an
additional botnet based on the Merlin command and control server and other
red-teaming tools performing scanning activities and multiple attacks targeting
the emulated devices
- …