393 research outputs found
Performance Evaluation of Network Anomaly Detection Systems
Nowadays, there is a huge and growing concern about security in information and communication
technology (ICT) among the scientific community because any attack or anomaly in
the network can greatly affect many domains such as national security, private data storage,
social welfare, economic issues, and so on. Therefore, the anomaly detection domain is a broad
research area, and many different techniques and approaches for this purpose have emerged
through the years.
Attacks, problems, and internal failures when not detected early may badly harm an
entire Network system. Thus, this thesis presents an autonomous profile-based anomaly detection
system based on the statistical method Principal Component Analysis (PCADS-AD). This
approach creates a network profile called Digital Signature of Network Segment using Flow Analysis
(DSNSF) that denotes the predicted normal behavior of a network traffic activity through
historical data analysis. That digital signature is used as a threshold for volume anomaly detection
to detect disparities in the normal traffic trend. The proposed system uses seven traffic flow
attributes: Bits, Packets and Number of Flows to detect problems, and Source and Destination IP
addresses and Ports, to provides the network administrator necessary information to solve them.
Via evaluation techniques, addition of a different anomaly detection approach, and
comparisons to other methods performed in this thesis using real network traffic data, results
showed good traffic prediction by the DSNSF and encouraging false alarm generation and detection
accuracy on the detection schema.
The observed results seek to contribute to the advance of the state of the art in methods
and strategies for anomaly detection that aim to surpass some challenges that emerge from
the constant growth in complexity, speed and size of today’s large scale networks, also providing
high-value results for a better detection in real time.Atualmente, existe uma enorme e crescente preocupação com segurança em tecnologia
da informação e comunicação (TIC) entre a comunidade científica. Isto porque qualquer
ataque ou anomalia na rede pode afetar a qualidade, interoperabilidade, disponibilidade, e integridade
em muitos domínios, como segurança nacional, armazenamento de dados privados,
bem-estar social, questões econômicas, e assim por diante. Portanto, a deteção de anomalias
é uma ampla área de pesquisa, e muitas técnicas e abordagens diferentes para esse propósito
surgiram ao longo dos anos.
Ataques, problemas e falhas internas quando não detetados precocemente podem prejudicar
gravemente todo um sistema de rede. Assim, esta Tese apresenta um sistema autônomo
de deteção de anomalias baseado em perfil utilizando o método estatístico Análise de Componentes
Principais (PCADS-AD). Essa abordagem cria um perfil de rede chamado Assinatura Digital
do Segmento de Rede usando Análise de Fluxos (DSNSF) que denota o comportamento normal
previsto de uma atividade de tráfego de rede por meio da análise de dados históricos. Essa
assinatura digital é utilizada como um limiar para deteção de anomalia de volume e identificar
disparidades na tendência de tráfego normal. O sistema proposto utiliza sete atributos de fluxo
de tráfego: bits, pacotes e número de fluxos para detetar problemas, além de endereços IP e
portas de origem e destino para fornecer ao administrador de rede as informações necessárias
para resolvê-los.
Por meio da utilização de métricas de avaliação, do acrescimento de uma abordagem
de deteção distinta da proposta principal e comparações com outros métodos realizados nesta
tese usando dados reais de tráfego de rede, os resultados mostraram boas previsões de tráfego
pelo DSNSF e resultados encorajadores quanto a geração de alarmes falsos e precisão de deteção.
Com os resultados observados nesta tese, este trabalho de doutoramento busca contribuir
para o avanço do estado da arte em métodos e estratégias de deteção de anomalias,
visando superar alguns desafios que emergem do constante crescimento em complexidade, velocidade
e tamanho das redes de grande porte da atualidade, proporcionando também alta
performance. Ainda, a baixa complexidade e agilidade do sistema proposto contribuem para
que possa ser aplicado a deteção em tempo real
Ensemble Approach for DDoS Attack Detection in Cloud Computing Using Random Forest and GWO
When multiple technologies are added to a traditional network, it becomes increasingly difficult to meet newly imposed requirements, such as those regarding security. Since the widespread adoption of telecommunication technologies for the past decade, there have been an enhancement in the number of security threats that are more appealing. However, many new security concerns have arisen as a consequence of the introduction of the novel technology. One of the most significant of these is the potential for distributed denial of service attacks. Therefore, a DDoS detection method based on Random Forest Classifier and Grey Wolf Optimization algorithms in this work was developed to mitigate the DDoS threat. The results of the evaluation show that the Random Forest Classifier can achieve substantial performance improvements with respect to 99.96% accuracy. Comparison is also made to several state-of-the-art techniques for detecting of DDoS attacks for the real dataset
Reliable Machine Learning Model for IIoT Botnet Detection
Due to the growing number of Internet of Things (IoT) devices, network attacks like denial of service (DoS) and floods are rising for security and reliability issues. As a result of these attacks, IoT devices suffer from denial of service and network disruption. Researchers have implemented different techniques to identify attacks aimed at vulnerable Internet of Things (IoT) devices. In this study, we propose a novel features selection algorithm FGOA-kNN based on a hybrid filter and wrapper selection approaches to select the most relevant features. The novel approach integrated with clustering rank the features and then applies the Grasshopper algorithm (GOA) to minimize the top-ranked features. Moreover, a proposed algorithm, IHHO, selects and adapts the neural network’s hyper parameters to detect botnets efficiently. The proposed Harris Hawks algorithm is enhanced with three improvements to improve the global search process for optimal solutions. To tackle the problem of population diversity, a chaotic map function is utilized for initialization. The escape energy of hawks is updated with a new nonlinear formula to avoid the local minima and better balance between exploration and exploitation. Furthermore, the exploitation phase of HHO is enhanced using a new elite operator ROBL. The proposed model combines unsupervised, clustering, and supervised approaches to detect intrusion behaviors. The N-BaIoT dataset is utilized to validate the proposed model. Many recent techniques were used to assess and compare the proposed model’s performance. The result demonstrates that the proposed model is better than other variations at detecting multiclass botnet attacks
DDoS Attack Detection in WSN using Modified Invasive Weed Optimization with Extreme Learning Machine
Wireless sensor networks (WSN) are the wide-spread methodology for its distribution of the vast amount of devoted sensor nodes (SNs) that is employed for sensing the atmosphere and gather information. The gathered information was transmitted to the sink nodes via intermediate nodes. Meanwhile, the SN data are prone to the internet, and they are vulnerable to diverse security risks, involving distributed denial of service (DDoS) outbreaks that might interrupt network operation and compromises data integrity. In recent times, developed machine learning (ML) approaches can be applied for the discovery of DDoS attacks and accomplish security in WSN. To achieve this, this study presents a modified invasive weed optimization with extreme learning machine (MIWO-ELM) model for DDoS outbreak recognition in the WSN atmosphere. In the presented MIWO-ELM technique, an initial stage of data pre-processing is conducted. The ELM model can be applied for precise DDoS attack detection and classification process. At last, the MIWO method can be exploited for the parameter tuning of the ELM model which leads to improved performance of the classification. The experimental analysis of the MIWO-ELM method takes place using WSN dataset. The comprehensive simulation outputs show the remarkable performance of the MIWO-ELM method compared to other recent approaches
ENNigma: A Framework for Private Neural Networks
The increasing concerns about data privacy and the stringent enforcement of data protection
laws are placing growing pressure on organizations to secure large datasets. The challenge
of ensuring data privacy becomes even more complex in the domains of Artificial Intelligence
and Machine Learning due to their requirement for large amounts of data. While approaches
like differential privacy and secure multi-party computation allow data to be used with some
privacy guarantees, they often compromise data integrity or accessibility as a tradeoff. In
contrast, when using encryption-based strategies, this is not the case. While basic encryption
only protects data during transmission and storage, Homomorphic Encryption (HE) is able
to preserve data privacy during its processing on a centralized server. Despite its advantages,
the computational overhead HE introduces is notably challenging when integrated into Neural
Networks (NNs), which are already computationally expensive.
In this work, we present a framework called ENNigma, which is a Private Neural Network
(PNN) that uses HE for data privacy preservation. Unlike some state-of-the-art approaches,
ENNigma guarantees data security throughout every operation, maintaining this guarantee
even if the server is compromised. The impact of this privacy preservation layer on the
NN performance is minimal, with the only major drawback being its computational cost.
Several optimizations were implemented to maximize the efficiency of ENNigma, leading to
occasional computational time reduction above 50%.
In the context of the Network Intrusion Detection System application domain, particularly
within the sub-domain of Distributed Denial of Service attack detection, several models
were developed and employed to assess ENNigma’s performance in a real-world scenario.
These models demonstrated comparable performance to non-private NNs while also achiev ing the two-and-a-half-minute inference latency mark. This suggests that our framework is
approaching a state where it can be effectively utilized in real-time applications.
The key takeaway is that ENNigma represents a significant advancement in the field of PNN
as it ensures data privacy with minimal impact on NN performance. While it is not yet ready
for real-world deployment due to its computational complexity, this framework serves as a
milestone toward realizing fully private and efficient NNs.As preocupações crescentes com a privacidade de dados e a implementação de leis que visam
endereçar este problema, estão a pressionar as organizações para assegurar a segurança das
suas bases de dados. Este desafio torna-se ainda mais complexo nos domínios da Inteligência
Artificial e Machine Learning, que dependem do acesso a grandes volumes de dados para
obterem bons resultados. As abordagens existentes, tal como Differential Privacy e Secure
Multi-party Computation, já permitem o uso de dados com algumas garantias de privacidade.
No entanto, na maioria das vezes, comprometem a integridade ou a acessibilidade aos
mesmos. Por outro lado, ao usar estratégias baseadas em cifras, isso não ocorre. Ao
contrário das cifras mais tradicionais, que apenas protegem os dados durante a transmissão
e armazenamento, as cifras homomórficas são capazes de preservar a privacidade dos dados
durante o seu processamento. Nomeadamente se o mesmo for centralizado num único
servidor. Apesar das suas vantagens, o custo computacional introduzido por este tipo de
cifras é bastante desafiador quando integrado em Redes Neurais que, por natureza, já são
computacionalmente pesadas.
Neste trabalho, apresentamos uma biblioteca chamada ENNigma, que é uma Rede Neural
Privada construída usando cifras homomórficas para preservar a privacidade dos dados. Ao
contrário de algumas abordagens estado-da-arte, a ENNigma garante a segurança dos dados
em todas as operações, mantendo essa garantia mesmo que o servidor seja comprometido.
O impacto da introdução desta camada de segurança, no desempenho da rede neural, é
mínimo, sendo a sua única grande desvantagem o seu custo computacional. Foram ainda
implementadas diversas otimizações para maximizar a eficiência da biblioteca apresentada,
levando a reduções ocasionais no tempo computacional acima de 50%.
No contexto do domínio de aplicação de Sistemas de Detecção de Intrusão em Redes de
Computadores, em particular dentro do subdomínio de detecção de ataques do tipo Distributed Denial of Service, vários modelos foram desenvolvidos para avaliar o desempenho
da ENNigma num cenário real. Estes modelos demonstraram desempenho comparável às
redes neurais não privadas, ao mesmo tempo que alcançaram uma latência de inferência de
dois minutos e meio. Isso sugere que a biblioteca apresentada está a aproximar-se de um
estado em que pode ser utilizada em aplicações em tempo real.
A principal conclusão é que a biblioteca ENNigma representa um avanço significativo na
área das Redes Neurais Privadas, pois assegura a privacidade dos dados com um impacto
mínimo no desempenho da rede neural. Embora esta ferramenta ainda não esteja pronta
para utilização no mundo real, devido à sua complexidade computacional, serve como um
marco importante para o desenvolvimento de redes neurais totalmente privadas e eficientes
An Empirical Study of Reflection Attacks Using NetFlow Data
We would like to thank the anonymous reviewers for their constructive feedback, which helped improve our paper significantly.Peer reviewe
New Anomaly Network Intrusion Detection System in Cloud Environment Based on Optimized Back Propagation Neural Network Using Improved Genetic Algorithm
Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over an open environment (Internet), this lead to different matters related to the security and privacy in cloud computing. Thus, defending network accessible Cloud resources and services from various threats and attacks is of great concern. To address this issue, it is essential to create an efficient and effective Network Intrusion System (NIDS) to detect both outsider and insider intruders with high detection precision in the cloud environment. NIDS has become popular as an important component of the network security infrastructure, which detects malicious activities by monitoring network traffic. In this work, we propose to optimize a very popular soft computing tool widely used for intrusion detection namely, Back Propagation Neural Network (BPNN) using an Improved Genetic Algorithm (IGA). Genetic Algorithm (GA) is improved through optimization strategies, namely Parallel Processing and Fitness Value Hashing, which reduce execution time, convergence time and save processing power. Since, Learning rate and Momentum term are among the most relevant parameters that impact the performance of BPNN classifier, we have employed IGA to find the optimal or near-optimal values of these two parameters which ensure high detection rate, high accuracy and low false alarm rate. The CloudSim simulator 4.0 and DARPA’s KDD cup datasets 1999 are used for simulation. From the detailed performance analysis, it is clear that the proposed system called “ANIDS BPNN-IGA” (Anomaly NIDS based on BPNN and IGA) outperforms several state-of-art methods and it is more suitable for network anomaly detection
- …