A Security System for Detecting Denial of Service (DDoS) and Masquerade Attacks on Social Networks

This study on a security system for detecting denial of service (DDoS) and masquerade attacks on social networks specifically describes how a Convolutional Neural Network (CNN) algorithm was employed. The dataset used for this research is the CICIDS2017 dataset, which contains benign data (no attack present) and the most up-to-date, frequent attacks which resemble true, real-world data. The feature extraction method used was recursive feature elimination (RFE), which reduced 77 columns of the dataset to 10 columns. This research was motivated by the limitation of Alguliyev and Abdullayeva 2019, which focused on the prediction of DDoS attack occurrence by getting related texts in social media. It has a limited attack class that focuses solely on DDoS attacks, and it does not perform social media network prediction in general. The objective of this research is to develop a security system for detecting DDoS and masquerade attacks and evaluate the detection model on social media networks. The system was tested on Facebook and Instagram. The result of the training accuracy that we derived from this research is 99.53%, while the testing accuracy is 99.52%. The result of this research is compared with previous studies’ results. This study recommends that the model implemented can be enhanced more effectively by comparing the accuracy of alternative deep learning algorithms to that of the CNN utilized in the current prediction model

A Novel Approach for Detection of DoS / DDoS Attack in Network Environment using Ensemble Machine Learning Model

One of the most  serious threat to network security is Denial of service (DOS) attacks. Internet and computer networks are now important parts of our businesses and daily lives. Malicious actions have become more common as our reliance on computers and communication networks has grown. Network threats are a big problem in the way people communicate today. To make sure that the networks work well and that users' information is safe, the network data must be watched and analysed to find malicious activities and attacks. Flooding may be the simplest DDoS assault. Computer networks and services are vulnerable to DoS and DDoS attacks. These assaults flood target systems with malicious traffic, making them unreachable to genuine users. The work aims to enhance the resilience of network infrastructures against these attacks and ensure uninterrupted service delivery. This research develops and evaluates enhanced DoS/DDoS detection methods. DoS attacks usually stop or slow down legal computer or network use. Denial-of-service (DoS) attacks prevent genuine users from accessing and using information systems and resources. The OSI model's layers make up the computer network. Different types of DDoS strikes target different layers. The Network Layer can be broken by using ICMP Floods or Smurf Attacks. The Transport layer can be attacked using UDP Floods, TCP Connection Exhaustion, and SYN Floods. HTTP-encrypted attacks can be used to get through to the application layer. DoS/DDoS attacks are malicious attacks. Protect network data from harm. Computer network services are increasingly threatened by DoS/DDoS attacks. Machine learning may detect prior DoS/DDoS attacks. DoS/DDoS attacks proliferate online and via social media. Network security is IT's top priority. DoS and DDoS assaults include ICMP, UDP, and the more prevalent TCP flood attacks. These strikes must be identified and stopped immediately. In this work, a stacking ensemble method is suggested for detecting DoS/DDoS attacks so that our networked data doesn't get any worse. This paper used a method called "Ensemble of classifiers," in which each class uses a different way to learn. In proposed  methodology Experiment#1 , I used the Home Wifi Network Traffic Collected and generated own Dataset named it as MywifiNetwork.csv, whereas in proposed methodology Experiment#2, I used the kaggle repository “NSL-KDD benchmark dataset” to perform experiments in order to find detection accuracy of dos attack detection using python language in jupyter notebook. The system detects attack-type or legitimate-type of network traffic during detection ML classification methods are used to compare how well the suggested system works. The results show that when the ensembled stacking learning model is used, 99% of the time it is able to find the problem. In proposed methodology two Experiments are implemented for comparing detection accuracy with the existing techniques. Compared to other measuring methods, we get a big step forward in finding attacks. So, our model gives a lot of faith in securing these networks. This paper will analyse the behaviour of network traffics

Advances in Cybercrime Prediction: A Survey of Machine, Deep, Transfer, and Adaptive Learning Techniques

Cybercrime is a growing threat to organizations and individuals worldwide, with criminals using increasingly sophisticated techniques to breach security systems and steal sensitive data. In recent years, machine learning, deep learning, and transfer learning techniques have emerged as promising tools for predicting cybercrime and preventing it before it occurs. This paper aims to provide a comprehensive survey of the latest advancements in cybercrime prediction using above mentioned techniques, highlighting the latest research related to each approach. For this purpose, we reviewed more than 150 research articles and discussed around 50 most recent and relevant research articles. We start the review by discussing some common methods used by cyber criminals and then focus on the latest machine learning techniques and deep learning techniques, such as recurrent and convolutional neural networks, which were effective in detecting anomalous behavior and identifying potential threats. We also discuss transfer learning, which allows models trained on one dataset to be adapted for use on another dataset, and then focus on active and reinforcement Learning as part of early-stage algorithmic research in cybercrime prediction. Finally, we discuss critical innovations, research gaps, and future research opportunities in Cybercrime prediction. Overall, this paper presents a holistic view of cutting-edge developments in cybercrime prediction, shedding light on the strengths and limitations of each method and equipping researchers and practitioners with essential insights, publicly available datasets, and resources necessary to develop efficient cybercrime prediction systems.Comment: 27 Pages, 6 Figures, 4 Table

Number of Cyber Attacks Predicted With Deep Learning Based LSTM Model

The increasing number of cyber attacks will result in various damages to the functioning of technological infrastructure. A prediction model for the number of cyber attacks based on the type of attack, handling actions and severity using time-series data has never been done. A deep learning-based LSTM prediction model is proposed to predict the number of cyberattacks in a time series on 3 evaluated data sets MSLE, MSE, MAE, RMSE, and MAPE, and displays the predicted relationships between prediction variables. Cyber attack dataset obtained from kaggle.com. The best prediction model is epoch 20, batch size 16, and neuron 32 with the lowest evaluation value on MSLE of 0.094, MSE of 9.067, MAE of 2.440, RMSE of 3.010, and MAPE of 10.507 (very good model because the value is less than 15) compared other variations. There is a negative correlation for INTRUSION-MALWARE, BLOCKED-IGNORED, IGNORED-LOGGED, and LOW-MEDIUM. The predicted results for the next 12 months will increase starting from the second month at the same time. The resulting predictions can be used as a basis for policy and strategy decisions by stakeholders in dealing with fluctuations in cyber attacks that occur

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.publishedVersio

A Deep Learning Based Approach To Detect Covert Channels Attacks and Anomaly In New Generation Internet Protocol IPv6

The increased dependence of internet-based technologies in all facets of life challenges the government and policymakers with the need for effective shield mechanism against passive and active violations. Following up with the Qatar national vision 2030 activities and its goals for “Achieving Security, stability and maintaining public safety” objectives, the present paper aims to propose a model for safeguarding the information and monitor internet communications effectively. The current study utilizes a deep learning based approach for detecting malicious communications in the network traffic. Considering the efficiency of deep learning in data analysis and classification, a convolutional neural network model was proposed. The suggested model is equipped for detecting attacks in IPv6. The performance of the proposed detection algorithm was validated using a number of datasets, including a newly created dataset. The performance of the model was evaluated for covert channel, DDoS attacks detection in IPv6 and for anomaly detection. The performance assessment produced an accuracy of 100%, 85% and 98% for covert channel detection, DDoS detection and anomaly detection respectively. The project put forward a novel approach for detecting suspicious communications in the network traffic

Defending SDN against packet injection attacks using deep learning

The (logically) centralised architecture of the software-defined networks makes them an easy target for packet injection attacks. In these attacks, the attacker injects malicious packets into the SDN network to affect the services and performance of the SDN controller and overflow the capacity of the SDN switches. Such attacks have been shown to ultimately stop the network functioning in real-time, leading to network breakdowns. There have been significant works on detecting and defending against similar DoS attacks in non-SDN networks, but detection and protection techniques for SDN against packet injection attacks are still in their infancy. Furthermore, many of the proposed solutions have been shown to be easily by-passed by simple modifications to the attacking packets or by altering the attacking profile. In this paper, we develop novel Graph Convolutional Neural Network models and algorithms for grouping network nodes/users into security classes by learning from network data. We start with two simple classes - nodes that engage in suspicious packet injection attacks and nodes that are not. From these classes, we then partition the network into separate segments with different security policies using distributed Ryu controllers in an SDN network. We show in experiments on an emulated SDN that our detection solution outperforms alternative approaches with above 99\% detection accuracy on various types (both old and new) of injection attacks. More importantly, our mitigation solution maintains continuous functions of non-compromised nodes while isolating compromised/suspicious nodes in real-time. All code and data are publicly available for reproducibility of our results.Comment: 15 Pages, 15 Figure

DDoS Attack Detection in WSN using Modified Invasive Weed Optimization with Extreme Learning Machine

Wireless sensor networks (WSN) are the wide-spread methodology for its distribution of the vast amount of devoted sensor nodes (SNs) that is employed for sensing the atmosphere and gather information. The gathered information was transmitted to the sink nodes via intermediate nodes. Meanwhile, the SN data are prone to the internet, and they are vulnerable to diverse security risks, involving distributed denial of service (DDoS) outbreaks that might interrupt network operation and compromises data integrity. In recent times, developed machine learning (ML) approaches can be applied for the discovery of DDoS attacks and accomplish security in WSN. To achieve this, this study presents a modified invasive weed optimization with extreme learning machine (MIWO-ELM) model for DDoS outbreak recognition in the WSN atmosphere. In the presented MIWO-ELM technique, an initial stage of data pre-processing is conducted. The ELM model can be applied for precise DDoS attack detection and classification process. At last, the MIWO method can be exploited for the parameter tuning of the ELM model which leads to improved performance of the classification. The experimental analysis of the MIWO-ELM method takes place using WSN dataset. The comprehensive simulation outputs show the remarkable performance of the MIWO-ELM method compared to other recent approaches

Predicting Cyber Events by Leveraging Hacker Sentiment

Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major business organizations. We consider 3 types of events: malicious software installation, malicious destination visits, and malicious emails that surpassed the target organizations' defenses. We construct predictive signals by applying sentiment analysis on hacker forum posts to better understand hacker behavior. We analyze over 400K posts generated between January 2016 and January 2018 on over 100 hacking forums both on surface and Dark Web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can outperform state-of-the-art deep learning and time-series models on forecasting cyber attacks weeks ahead of the events