A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System

Network intrusion detection systems (NIDS) to detect malicious attacks continues to meet challenges. NIDS are vulnerable to auto-generated port scan infiltration attempts and NIDS are often developed offline, resulting in a time lag to prevent the spread of infiltration to other parts of a network. To address these challenges, we use hypergraphs to capture evolving patterns of port scan attacks via the set of internet protocol addresses and destination ports, thereby deriving a set of hypergraph-based metrics to train a robust and resilient ensemble machine learning (ML) NIDS that effectively monitors and detects port scanning activities and adversarial intrusions while evolving intelligently in real-time. Through the combination of (1) intrusion examples, (2) NIDS update rules, (3) attack threshold choices to trigger NIDS retraining requests, and (4) production environment with no prior knowledge of the nature of network traffic 40 scenarios were auto-generated to evaluate the ML ensemble NIDS comprising three tree-based models. Results show that under the model settings of an Update-ALL-NIDS rule (namely, retrain and update all the three models upon the same NIDS retraining request) the proposed ML ensemble NIDS produced the best results with nearly 100% detection performance throughout the simulation, exhibiting robustness in the complex dynamics of the simulated cyber-security scenario.Comment: 12 pages, 10 figure

Improving the Cybersecurity of Cyber-Physical Systems Through Behavioral Game Theory and Model Checking in Practice and in Education

This dissertation presents automated methods based on behavioral game theory and model checking to improve the cybersecurity of cyber-physical systems (CPSs) and advocates teaching certain foundational principles of these methods to cybersecurity students. First, it encodes behavioral game theory\u27s concept of level-k reasoning into an integer linear program that models a newly defined security Colonel Blotto game. This approach is designed to achieve an efficient allocation of scarce protection resources by anticipating attack allocations. A human subjects experiment based on a CPS infrastructure demonstrates its effectiveness. Next, it rigorously defines the term adversarial thinking, one of cybersecurity educations most important and elusive learning objectives, but for which no proper definition exists. It spells out what it means to think like a hacker by examining the characteristic thought processes of hackers through the lens of Sternberg\u27s triarchic theory of intelligence. Next, a classroom experiment demonstrates that teaching basic game theory concepts to cybersecurity students significantly improves their strategic reasoning abilities. Finally, this dissertation applies the SPIN model checker to an electric power protection system and demonstrates a straightforward and effective technique for rigorously characterizing the degree of fault tolerance of complex CPSs, a key step in improving their defensive posture

Using Monte Carlo Search With Data Aggregation to Improve Robot Soccer Policies

RoboCup soccer competitions are considered among the most challenging multi-robot adversarial environments, due to their high dynamism and the partial observability of the environment. In this paper we introduce a method based on a combination of Monte Carlo search and data aggregation (MCSDA) to adapt discrete-action soccer policies for a defender robot to the strategy of the opponent team. By exploiting a simple representation of the domain, a supervised learning algorithm is trained over an initial collection of data consisting of several simulations of human expert policies. Monte Carlo policy rollouts are then generated and aggregated to previous data to improve the learned policy over multiple epochs and games. The proposed approach has been extensively tested both on a soccer-dedicated simulator and on real robots. Using this method, our learning robot soccer team achieves an improvement in ball interceptions, as well as a reduction in the number of opponents' goals. Together with a better performance, an overall more efficient positioning of the whole team within the field is achieved

UNCOVERING EVIDENCE OF ATTACKER BEHAVIOR ON THE NETWORK

This comprehensive research presents and investigates a diverse assessment of interruption discovery strategies and their job in contemporary online protection. Interruption Recognition Frameworks are taken apart as vital parts in defending computerized foundations, utilizing different techniques, for example, signature-based, peculiarity based, and heuristic-based identification. While signature-based strategies demonstrate strong against known dangers, the review highlights the urgent job of irregularity-based and heuristic-based approaches in countering novel and complex assaults. Different types attract, their characteristics and behaviors has explored in this paper. The mix of AI and Man-made consciousness (computer based intelligence) in recognizing odd exercises arises as an extraordinary power, empowering versatile reactions to developing digital dangers. The exploration fundamentally breaks down the difficulties looked by existing location strategies, including versatility concerns, high bogus positive rates, and the encryption-related obstacles in rush hour gridlock examination. The outcomes and investigation segment approves the viability of proposed models, including group learning strategies and creative techniques, for example, the Solid Methodology in light of Blockchain and Peculiarity based location (SABA). A Convolutional Brain Organization (CNN) model for interruption location in IoT conditions and a cross breed approach joining positioning based channel strategies and NSGA-II exhibit eminent exactnesses. The review\u27s suggestions for network security are significant, prompting proposals for a TTP-driven approach, mix of conduct peculiarities, persistent security mindfulness preparing, standard red group works out, versatile episode reaction plans, and intermittent security reviews. By and large, the examination contributes a nuanced comprehension of assailant\u27s ways of behaving, down to earth procedures for online protection flexibility, and makes way for future investigation into dynamic danger scenes and the human component in network safety

A Survey of Adversarial Machine Learning in Cyber Warfare

The changing nature of warfare has seen a paradigm shift from the conventional to asymmetric, contactless warfare such as information and cyber warfare. Excessive dependence on information and communication technologies, cloud infrastructures, big data analytics, data-mining and automation in decision making poses grave threats to business and economy in adversarial environments. Adversarial machine learning is a fast growing area of research which studies the design of Machine Learning algorithms that are robust in adversarial environments. This paper presents a comprehensive survey of this emerging area and the various techniques of adversary modelling. We explore the threat models for Machine Learning systems and describe the various techniques to attack and defend them. We present privacy issues in these models and describe a cyber-warfare test-bed to test the effectiveness of the various attack-defence strategies and conclude with some open problems in this area of research.