48 research outputs found

    Artificial intelligence in the cyber domain: Offense and defense

    Get PDF
    Artificial intelligence techniques have grown rapidly in recent years, and their applications in practice can be seen in many fields, ranging from facial recognition to image analysis. In the cybersecurity domain, AI-based techniques can provide better cyber defense tools and help adversaries improve methods of attack. However, malicious actors are aware of the new prospects too and will probably attempt to use them for nefarious purposes. This survey paper aims at providing an overview of how artificial intelligence can be used in the context of cybersecurity in both offense and defense.Web of Science123art. no. 41

    A Markov-Based Intrusion Tolerance Finite Automaton

    Get PDF
    It is inevitable for networks to be invaded during operation. The intrusion tolerance technology comes into being to enable invaded networks to provide the necessary network services. This paper introduces an automatic learning mechanism of the intrusion tolerance system to update network security strategy, and derives an intrusion tolerance finite automaton model from an existing intrusion tolerance model. The proposed model was quantified by the Markov theory to compute the stable probability of each state. The calculated stable probabilities provide the theoretical guidance and basis for administrators to better safeguard network security. Verification results show that it is feasible, effective, and convenient to integrate the Markov model to the intrusion tolerance finite automaton

    A Study on Intrusion Detection System in Wireless Sensor Networks

    Get PDF
    The technology of Wireless Sensor Networks (WSNs) has become most significant in present day. WSNs are extensively used in applications like military, industry, health, smart homes and smart cities. All the applications of WSN require secure communication between the sensor nodes and the base station. Adversary compromises at the sensor nodes to introduce different attacks into WSN. Hence, suitable Intrusion Detection System (IDS) is essential in WSN to defend against the security attack. IDS approaches for WSN are classified based on the mechanism used to detect the attacks. In this paper, we present the taxonomy of security attacks, different IDS mechanisms for detecting attacks and performance metrics used to assess the IDS algorithm for WSNs. Future research directions on IDS in WSN are also discussed

    Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches

    Get PDF
    Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR'16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further

    A near-autonomous and incremental intrusion detection system through active learning of known and unknown attacks

    Full text link
    Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled. Therefore, in this paper, after highlighting these issues, we present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks. The IDS is composed of supervised and unsupervised modules, namely, a Deep Neural Network (DNN) and the K-Nearest Neighbors (KNN) algorithm, respectively. The proposed system is near-autonomous since the intervention of the expert is minimized through the active learning (AL) approach. A query strategy for the labeling process is presented, it aims at teaching the supervised module to detect unknown attacks and improve the detection of the already-known attacks. This teaching is achieved through sliding windows (SW) in an incremental fashion where the DNN is retrained when the data is available over time, thus rendering the IDS adaptive to cope with the evolutionary aspect of the network traffic. A set of experiments was conducted on the CICIDS2017 dataset in order to evaluate the performance of the IDS, promising results were obtained.Comment: 6 pages, 3 figures, 32 references, conferenc

    A Hybrid Classification Approach for Intrusion Detection in IoT Network

    Get PDF
    With the increase in number of IoT devices, the capabilities to provide reliable security and detect the malicious activities within the IoT network have become quite challenging. We propose a hybrid classification approach to detect multi-class attacks in the IoT network. In the proposed model, Principle Component Analysis (PCA) is used to extract the useful features and Linear Discriminant Analysis (LDA) is used to reduce the high dimension data set into lower dimension space by keeping less number of important features. This was assisted by use of a combination of neural network and Support Vector Machine (SVM) classifiers to improve the detection rate and decrease the false alarm rate. The neural network, a multi-class classifier, is used to classify the intruders in the network with more accuracy. The SVM is an efficient and fast learner classifier which is used to classify the unmatched behavior. The proposed method needs less computation complexity for intrusion detection. The performance of the proposed model was evaluated on two benchmark datasets for intrusion detection, i.e., NSL-KDD and UNSW-NB15. Results show that our model outperforms existing models

    A Hybrid Classification Approach for Intrusion Detection in IoT Network

    Get PDF
    809-816With the increase in number of IoT devices, the capabilities to provide reliable security and detect the malicious activities within the IoT network have become quite challenging. We propose a hybrid classification approach to detect multi-class attacks in the IoT network. In the proposed model, Principle Component Analysis (PCA) is used to extract the useful features and Linear Discriminant Analysis (LDA) is used to reduce the high dimension data set into lower dimension space by keeping less number of important features. This was assisted by use of a combination of neural network and Support Vector Machine (SVM) classifiers to improve the detection rate and decrease the false alarm rate. The neural network, a multi-class classifier, is used to classify the intruders in the network with more accuracy. The SVM is an efficient and fast learner classifier which is used to classify the unmatched behavior. The proposed method needs less computation complexity for intrusion detection. The performance of the proposed model was evaluated on two benchmark datasets for intrusion detection, i.e., NSL-KDD and UNSW-NB15. Results show that our model outperforms existing models

    A Review of the Family of Artificial Fish Swarm Algorithms: Recent Advances and Applications

    Full text link
    The Artificial Fish Swarm Algorithm (AFSA) is inspired by the ecological behaviors of fish schooling in nature, viz., the preying, swarming, following and random behaviors. Owing to a number of salient properties, which include flexibility, fast convergence, and insensitivity to the initial parameter settings, the family of AFSA has emerged as an effective Swarm Intelligence (SI) methodology that has been widely applied to solve real-world optimization problems. Since its introduction in 2002, many improved and hybrid AFSA models have been developed to tackle continuous, binary, and combinatorial optimization problems. This paper aims to present a concise review of the family of AFSA, encompassing the original ASFA and its improvements, continuous, binary, discrete, and hybrid models, as well as the associated applications. A comprehensive survey on the AFSA from its introduction to 2012 can be found in [1]. As such, we focus on a total of {\color{blue}123} articles published in high-quality journals since 2013. We also discuss possible AFSA enhancements and highlight future research directions for the family of AFSA-based models.Comment: 37 pages, 3 figure

    A New Data-Balancing Approach Based on Generative Adversarial Network for Network Intrusion Detection System

    Get PDF
    An intrusion detection system (IDS) plays a critical role in maintaining network security by continuously monitoring network traffic and host systems to detect any potential security breaches or suspicious activities. With the recent surge in cyberattacks, there is a growing need for automated and intelligent IDSs. Many of these systems are designed to learn the normal patterns of network traffic, enabling them to identify any deviations from the norm, which can be indicative of anomalous or malicious behavior. Machine learning methods have proven to be effective in detecting malicious payloads in network traffic. However, the increasing volume of data generated by IDSs poses significant security risks and emphasizes the need for stronger network security measures. The performance of traditional machine learning methods heavily relies on the dataset and its balanced distribution. Unfortunately, many IDS datasets suffer from imbalanced class distributions, which hampers the effectiveness of machine learning techniques and leads to missed detection and false alarms in conventional IDSs. To address this challenge, this paper proposes a novel model-based generative adversarial network (GAN) called TDCGAN, which aims to improve the detection rate of the minority class in imbalanced datasets while maintaining efficiency. The TDCGAN model comprises a generator and three discriminators, with an election layer incorporated at the end of the architecture. This allows for the selection of the optimal outcome from the discriminators’ outputs. The UGR’16 dataset is employed for evaluation and benchmarking purposes. Various machine learning algorithms are used for comparison to demonstrate the efficacy of the proposed TDCGAN model. Experimental results reveal that TDCGAN offers an effective solution for addressing imbalanced intrusion detection and outperforms other traditionally used oversampling techniques. By leveraging the power of GANs and incorporating an election layer, TDCGAN demonstrates superior performance in detecting security threats in imbalanced IDS datasets.PID2020-113462RB-I00, PID2020-115570GB-C22 and PID2020-115570GB-C21 granted by Ministerio Español de Economía y CompetitividadProject TED2021-129938B-I0, granted by Ministerio Español de Ciencia e Innovació
    corecore