Intrusion Detection: Embedded Software Machine Learning and Hardware Rules Based Co-Designs

Security of innovative technologies in future generation networks such as (Cyber Physical Systems (CPS) and Wi-Fi has become a critical universal issue for individuals, economy, enterprises, organizations and governments. The rate of cyber-attacks has increased dramatically, and the tactics used by the attackers are continuing to evolve and have become ingenious during the attacks. Intrusion Detection is one of the solutions against these attacks. One approach in designing an intrusion detection system (IDS) is software-based machine learning. Such approach can predict and detect threats before they result in major security incidents. Moreover, despite the considerable research in machine learning based designs, there is still a relatively small body of literature that is concerned with imbalanced class distributions from the intrusion detection system perspective. In addition, it is necessary to have an effective performance metric that can compare multiple multi-class as well as binary-class systems with respect to class distribution. Furthermore, the expectant detection techniques must have the ability to identify real attacks from random defects, ingrained defects in the design, misconfigurations of the system devices, system faults, human errors, and software implementation errors. Moreover, a lightweight IDS that is small, real-time, flexible and reconfigurable enough to be used as permanent elements of the system's security infrastructure is essential. The main goal of the current study is to design an effective and accurate intrusion detection framework with minimum features that are more discriminative and representative. Three publicly available datasets representing variant networking environments are adopted which also reflect realistic imbalanced class distributions as well as updated attack patterns. The presented intrusion detection framework is composed of three main modules: feature selection and dimensionality reduction, handling imbalanced class distributions, and classification. The feature selection mechanism utilizes searching algorithms and correlation based subset evaluation techniques, whereas the feature dimensionality reduction part utilizes principal component analysis and auto-encoder as an instance of deep learning. Various classifiers, including eight single-learning classifiers, four ensemble classifiers, one stacked classifier, and five imbalanced class handling approaches are evaluated to identify the most efficient and accurate one(s) for the proposed intrusion detection framework. A hardware-based approach to detect malicious behaviors of sensors and actuators embedded in medical devices, in which the safety of the patient is critical and of utmost importance, is additionally proposed. The idea is based on a methodology that transforms a device's behavior rules into a state machine to build a Behavior Specification Rules Monitoring (BSRM) tool for four medical devices. Simulation and synthesis results demonstrate that the BSRM tool can effectively identify the expected normal behavior of the device and detect any deviation from its normal behavior. The performance of the BSRM approach has also been compared with a machine learning based approach for the same problem. The FPGA module of the BSRM can be embedded in medical devices as an IDS and can be further integrated with the machine learning based approach. The reconfigurable nature of the FPGA chip adds an extra advantage to the designed model in which the behavior rules can be easily updated and tailored according to the requirements of the device, patient, treatment algorithm, and/or pervasive healthcare application

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio

Toward a Lightweight Intrusion Detection System for the Internet of Things

Integration of the Internet into the entities of the different domains of human society (such as smart homes, health care, smart grids, manufacturing processes, product supply chains, and environmental monitoring) is emerging as a new paradigm called the Internet of Things (IoT). However, the ubiquitous and wide-range IoT networks make them prone to cyberattacks. One of the main types of attack is a denial of service (DoS), where the attacker floods the network with a large volume of data to prevent nodes from using the services. An intrusion detection mechanism is considered a chief source of protection for information and communications technology. However, conventional intrusion detection methods need to be modified and improved for application to the IoT owing to certain limitations, such as resource-constrained devices, the limited memory and battery capacity of nodes, and specific protocol stacks. In this paper, we develop a lightweight attack detection strategy utilizing a supervised machine learning-based support vector machine (SVM) to detect an adversary attempting to inject unnecessary data into the IoT network. The simulation results show that the proposed SVM-based classifier, aided by a combination of two or three incomplex features, can perform satisfactorily in terms of classification accuracy and detection time

Towards Efficient Intrusion Detection using Hybrid Data Mining Techniques

The enormous development in the connectivity among different type of networks poses significant concerns in terms of privacy and security. As such, the exponential expansion in the deployment of cloud technology has produced a massive amount of data from a variety of applications, resources and platforms. In turn, the rapid rate and volume of data creation in high-dimension has begun to pose significant challenges for data management and security. Handling redundant and irrelevant features in high-dimensional space has caused a long-term challenge for network anomaly detection. Eliminating such features with spectral information not only speeds up the classification process, but also helps classifiers make accurate decisions during attack recognition time, especially when coping with large-scale and heterogeneous data such as network traffic data. Furthermore, the continued evolution of network attack patterns has resulted in the emergence of zero-day cyber attacks, which nowadays has considered as a major challenge in cyber security. In this threat environment, traditional security protections like firewalls, anti-virus software, and virtual private networks are not always sufficient. With this in mind, most of the current intrusion detection systems (IDSs) are either signature-based, which has been proven to be insufficient in identifying novel attacks, or developed based on absolute datasets. Hence, a robust mechanism for detecting intrusions, i.e. anomaly-based IDS, in the big data setting has therefore become a topic of importance. In this dissertation, an empirical study has been conducted at the initial stage to identify the challenges and limitations in the current IDSs, providing a systematic treatment of methodologies and techniques. Next, a comprehensive IDS framework has been proposed to overcome the aforementioned shortcomings. First, a novel hybrid dimensionality reduction technique is proposed combining information gain (IG) and principal component analysis (PCA) methods with an ensemble classifier based on three different classification techniques, named IG-PCA-Ensemble. Experimental results show that the proposed dimensionality reduction method contributes more critical features and reduced the detection time significantly. The results show that the proposed IG-PCA-Ensemble approach has also exhibits better performance than the majority of the existing state-of-the-art approaches

A Novel Attack Detection Scheme for the Industrial Internet of Things Using a Lightweight Random Neural Network

The Industrial Internet of Things (IIoT) brings together many sensors, machines, industrial applications, databases, services, and people at work. The IIoT is improving our lives in several ways including smarter cities, agriculture, and e-healthcare, etc. Although the IIoT shares several characteristics with the consumer IoT, different cybersecurity mechanisms are adopted for both networks. Unlike consumer IoT solutions that are used by an individual user for a single purpose, IIoT solutions tend to be integrated into larger operational systems. As a result, IIoT security solutions require additional planning and awareness to ensure the security and privacy of the system. In this paper, different cybersecurity attacks such as denial of service (DoS), malicious operation, malicious control, data type probing, spying, scan, and wrong setup are predicted by applying machine learning techniques. To predict the aforementioned attacks, a novel lightweight random neural network (RaNN)-based prediction model has been proposed in this article. To investigate the performance of the RaNN-based prediction model, several evaluation parameters such as accuracy, precision, recall, and F1 score were calculated and compared with the traditional artificial neural network (ANN), support vector machine (SVM) and decision tree (DT). The evaluation results show that the proposed RaNN model achieves an accuracy of 99.20% for a learning rate of 0.01, with a prediction time of 34.51 milliseconds. Other performance parameters such as the precision, recall, and F1 score were 99.11%, 99.13%, and 99.20%, respectively. The proposed scheme improves the attack detection accuracy by an average of 5.65% compared to that of state-of-the-art machine learning schemes for IoT security

Mining a Small Medical Data Set by Integrating the Decision Tree and t-test

[[abstract]]Although several researchers have used statistical methods to prove that aspiration followed by the injection of 95% ethanol left in situ (retention) is an effective treatment for ovarian endometriomas, very few discuss the different conditions that could generate different recovery rates for the patients. Therefore, this study adopts the statistical method and decision tree techniques together to analyze the postoperative status of ovarian endometriosis patients under different conditions. Since our collected data set is small, containing only 212 records, we use all of these data as the training data. Therefore, instead of using a resultant tree to generate rules directly, we use the value of each node as a cut point to generate all possible rules from the tree first. Then, using t-test, we verify the rules to discover some useful description rules after all possible rules from the tree have been generated. Experimental results show that our approach can find some new interesting knowledge about recurrent ovarian endometriomas under different conditions.[[journaltype]]國外[[incitationindex]]EI[[booktype]]紙本[[countrycodes]]FI

Enabling sustainable power distribution networks by using smart grid communications

Smart grid modernization enables integration of computing, information and communications capabilities into the legacy electric power grid system, especially the low voltage distribution networks where various consumers are located. The evolutionary paradigm has initiated worldwide deployment of an enormous number of smart meters as well as renewable energy sources at end-user levels. The future distribution networks as part of advanced metering infrastructure (AMI) will involve decentralized power control operations under associated smart grid communications networks. This dissertation addresses three potential problems anticipated in the future distribution networks of smart grid: 1) local power congestion due to power surpluses produced by PV solar units in a neighborhood that demands disconnection/reconnection mechanisms to alleviate power overflow, 2) power balance associated with renewable energy utilization as well as data traffic across a multi-layered distribution network that requires decentralized designs to facilitate power control as well as communications, and 3) a breach of data integrity attributed to a typical false data injection attack in a smart metering network that calls for a hybrid intrusion detection system to detect anomalous/malicious activities. In the first problem, a model for the disconnection process via smart metering communications between smart meters and the utility control center is proposed. By modeling the power surplus congestion issue as a knapsack problem, greedy solutions for solving such problem are proposed. Simulation results and analysis show that computation time and data traffic under a disconnection stage in the network can be reduced. In the second problem, autonomous distribution networks are designed that take scalability into account by dividing the legacy distribution network into a set of subnetworks. A power-control method is proposed to tackle the power flow and power balance issues. Meanwhile, an overlay multi-tier communications infrastructure for the underlying power network is proposed to analyze the traffic of data information and control messages required for the associated power flow operations. Simulation results and analysis show that utilization of renewable energy production can be improved, and at the same time data traffic reduction under decentralized operations can be achieved as compared to legacy centralized management. In the third problem, an attack model is proposed that aims to minimize the number of compromised meters subject to the equality of an aggregated power load in order to bypass detection under the conventionally radial tree-like distribution network. A hybrid anomaly detection framework is developed, which incorporates the proposed grid sensor placement algorithm with the observability attribute. Simulation results and analysis show that the network observability as well as detection accuracy can be improved by utilizing grid-placed sensors. Conclusively, a number of future works have also been identified to furthering the associated problems and proposed solutions