1,848 research outputs found
Applying Machine Learning to Advance Cyber Security: Network Based Intrusion Detection Systems
Many new devices, such as phones and tablets as well as traditional computer systems, rely on wireless connections to the Internet and are susceptible to attacks. Two important types of attacks are the use of malware and exploiting Internet protocol vulnerabilities in devices and network systems. These attacks form a threat on many levels and therefore any approach to dealing with these nefarious attacks will take several methods to counter. In this research, we utilize machine learning to detect and classify malware, visualize, detect and classify worms, as well as detect deauthentication attacks, a form of Denial of Service (DoS). This work also includes two prevention mechanisms for DoS attacks, namely a one- time password (OTP) and through the use of machine learning. Furthermore, we focus on an exploit of the widely used IEEE 802.11 protocol for wireless local area networks (WLANs). The work proposed here presents a threefold approach for intrusion detection to remedy the effects of malware and an Internet protocol exploit employing machine learning as a primary tool. We conclude with a comparison of dimensionality reduction methods to a deep learning classifier to demonstrate the effectiveness of these methods without compromising the accuracy of classification
SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis
In this paper, we propose a novel approach, called SENATUS, for joint traffic
anomaly detection and root-cause analysis. Inspired from the concept of a
senate, the key idea of the proposed approach is divided into three stages:
election, voting and decision. At the election stage, a small number of
\nop{traffic flow sets (termed as senator flows)}senator flows are chosen\nop{,
which are used} to represent approximately the total (usually huge) set of
traffic flows. In the voting stage, anomaly detection is applied on the senator
flows and the detected anomalies are correlated to identify the most possible
anomalous time bins. Finally in the decision stage, a machine learning
technique is applied to the senator flows of each anomalous time bin to find
the root cause of the anomalies. We evaluate SENATUS using traffic traces
collected from the Pan European network, GEANT, and compare against another
approach which detects anomalies using lossless compression of traffic
histograms. We show the effectiveness of SENATUS in diagnosing anomaly types:
network scans and DoS/DDoS attacks
Optimal Orchestration of Virtual Network Functions
-The emergence of Network Functions Virtualization (NFV) is bringing a set of
novel algorithmic challenges in the operation of communication networks. NFV
introduces volatility in the management of network functions, which can be
dynamically orchestrated, i.e., placed, resized, etc. Virtual Network Functions
(VNFs) can belong to VNF chains, where nodes in a chain can serve multiple
demands coming from the network edges. In this paper, we formally define the
VNF placement and routing (VNF-PR) problem, proposing a versatile linear
programming formulation that is able to accommodate specific features and
constraints of NFV infrastructures, and that is substantially different from
existing virtual network embedding formulations in the state of the art. We
also design a math-heuristic able to scale with multiple objectives and large
instances. By extensive simulations, we draw conclusions on the trade-off
achievable between classical traffic engineering (TE) and NFV infrastructure
efficiency goals, evaluating both Internet access and Virtual Private Network
(VPN) demands. We do also quantitatively compare the performance of our VNF-PR
heuristic with the classical Virtual Network Embedding (VNE) approach proposed
for NFV orchestration, showing the computational differences, and how our
approach can provide a more stable and closer-to-optimum solution
Design of Hybrid Network Anomalies Detection System (H-NADS) Using IP Gray Space Analysis
In Network Security, there is a major issue to secure the public or private network from abnormal users. It is because each network is made up of users, services and computers with a specific behavior that is also called as heterogeneous system. To detect abnormal users, anomaly detection system (ADS) is used. In this paper, we present a novel and hybrid Anomaly Detection System with the uses of IP gray space analysis and dominant scanning port identification heuristics used to detect various anomalous users with their potential behaviors. This methodology is the combination of both statistical and rule based anomaly detection which detects five types of anomalies with their three types of potential behaviors and generates respective alarm messages to GUI.Network Security, Anomaly Detection, Suspicious Behaviors Detection
A New Quartet Tree Heuristic for Hierarchical Clustering
We consider the problem of constructing an an optimal-weight tree from the
3*(n choose 4) weighted quartet topologies on n objects, where optimality means
that the summed weight of the embedded quartet topologiesis optimal (so it can
be the case that the optimal tree embeds all quartets as non-optimal
topologies). We present a heuristic for reconstructing the optimal-weight tree,
and a canonical manner to derive the quartet-topology weights from a given
distance matrix. The method repeatedly transforms a bifurcating tree, with all
objects involved as leaves, achieving a monotonic approximation to the exact
single globally optimal tree. This contrasts to other heuristic search methods
from biological phylogeny, like DNAML or quartet puzzling, which, repeatedly,
incrementally construct a solution from a random order of objects, and
subsequently add agreement values.Comment: 22 pages, 14 figure
CyberGuarder: a virtualization security assurance architecture for green cloud computing
Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation
- âŠ