1,147 research outputs found
In-depth comparative evaluation of supervised machine learning approaches for detection of cybersecurity threats
This paper describes the process and results of analyzing CICIDS2017, a modern, labeled data set for testing intrusion detection systems. The data set is divided into several days, each pertaining to different attack classes (Dos, DDoS, infiltration, botnet, etc.). A pipeline has been created that includes nine supervised learning algorithms. The goal was binary classification of benign versus attack traffic. Cross-validated parameter optimization, using a voting mechanism that includes five classification metrics, was employed to select optimal parameters. These results were interpreted to discover whether certain parameter choices were dominant for most (or all) of the attack classes. Ultimately, every algorithm was retested with optimal parameters to obtain the final classification scores. During the review of these results, execution time, both on consumerand corporate-grade equipment, was taken into account as an additional requirement. The work detailed in this paper establishes a novel supervised machine learning performance baseline for CICIDS2017
DDoS: DeepDefence and Machine Learning for identifying attacks
Distributed Denial of Service (DDoS) attacks are very common type of
computer attack in the world of internet today. Automatically detecting such type of
DDoS attack packets & dropping them before passing through the network is the best
prevention method. Conventional solution only monitors and provide the feedforward
solution instead of the feedback machine-based learning. A Design of Deep neural
network has been suggested in this work and developments have been made on
proactive detection of attacks. In this approach, high level features are extracted for
representation and inference of the dataset. Experiment has been conducted based on
the ISCX dataset published in year 2017,2018 and CICDDoS2019 and program has
been developed in Matlab R17b, utilizing Wireshark for features extraction from the
datasets.
Network Intrusion attacks on critical oil and gas industrial installation become
common nowadays, which in turn bring down the giant industrial sites to standstill and
suffer financial impacts. This has made the production companies to started investing
millions of dollars revenue to protect their critical infrastructure with such attacks with
the active and passive solutions available. Our thesis constitutes a contribution to such
domain, focusing mainly on security of industrial network, impersonation and attacking
with DDoS
DoS and DDoS mitigation using Variational Autoencoders
DoS and DDoS attacks have been growing in size and number over the last decade and existing solutions to
mitigate these attacks are largely inefficient. Compared to other types of malicious cyber attacks, DoS and
DDoS attacks are particularly challenging to combat. Because of their ability to mask themselves as legitimate
traffic, it has proven difficult to develop methods to detect these types of attacks on a packet or flow level. In
this paper, we explore the potential of Variational Autoencoders to serve as a component within an intelligent
security solution that differentiates between normal and malicious traffic. The motivation behind resorting
to Variational Autoencoders is that unlike normal encoders that would code an input flow as a single point,
they encode a flow as a distribution over the latent space which avoids overfitting. Intuitively, this allows a
Variational Autoencoder to not only learn latent representations of seen input features, but to generalize in a
way that allows for an interpretation of unseen flows and flow features with slight variations.
Two methods based on the ability of Variational Autoencoders to learn latent representations from network
traffic flows of both benign and malicious traffic, are proposed. The first method resorts to a classifier based on
the latent encodings obtained from Variational Autoencoders learned from traffic traces. The second method
is an anomaly detection method, where the Variational Autoencoder is used to learn the abstract feature
representations of exclusively legitimate traffic. Anomalies are then filtered out by relying on the reconstruction
loss of the Variational Autoencoder. In this sense, the construction loss of the autoencoder is fed as input to
a classifier that outputs the class of the traffic including benign and malign, and eventually the attack type.
Thus, the second approach operates with two separate training processes on two separate data sources: the
first training involving only legitimate traffic, and the second training involving all traffic classes. This is
different from the first approach which operates only a single training process on the whole traffic dataset.
Thus, the autoencoder of the first approach aspires to learn a general feature representation of the flows while
the autoencoder of the second approach aims to exclusively learn a representation of the benign traffic. The
second approach is thus more susceptible to finding zero day attacks and discovering new attacks as anomalies.
Both of the proposed methods have been thoroughly tested on two separate datasets with a similar feature
space. The results show that both methods are promising, with the classifier-based method being slightly
superior to the anomaly-based one
ENNigma: A Framework for Private Neural Networks
The increasing concerns about data privacy and the stringent enforcement of data protection
laws are placing growing pressure on organizations to secure large datasets. The challenge
of ensuring data privacy becomes even more complex in the domains of Artificial Intelligence
and Machine Learning due to their requirement for large amounts of data. While approaches
like differential privacy and secure multi-party computation allow data to be used with some
privacy guarantees, they often compromise data integrity or accessibility as a tradeoff. In
contrast, when using encryption-based strategies, this is not the case. While basic encryption
only protects data during transmission and storage, Homomorphic Encryption (HE) is able
to preserve data privacy during its processing on a centralized server. Despite its advantages,
the computational overhead HE introduces is notably challenging when integrated into Neural
Networks (NNs), which are already computationally expensive.
In this work, we present a framework called ENNigma, which is a Private Neural Network
(PNN) that uses HE for data privacy preservation. Unlike some state-of-the-art approaches,
ENNigma guarantees data security throughout every operation, maintaining this guarantee
even if the server is compromised. The impact of this privacy preservation layer on the
NN performance is minimal, with the only major drawback being its computational cost.
Several optimizations were implemented to maximize the efficiency of ENNigma, leading to
occasional computational time reduction above 50%.
In the context of the Network Intrusion Detection System application domain, particularly
within the sub-domain of Distributed Denial of Service attack detection, several models
were developed and employed to assess ENNigma’s performance in a real-world scenario.
These models demonstrated comparable performance to non-private NNs while also achiev ing the two-and-a-half-minute inference latency mark. This suggests that our framework is
approaching a state where it can be effectively utilized in real-time applications.
The key takeaway is that ENNigma represents a significant advancement in the field of PNN
as it ensures data privacy with minimal impact on NN performance. While it is not yet ready
for real-world deployment due to its computational complexity, this framework serves as a
milestone toward realizing fully private and efficient NNs.As preocupações crescentes com a privacidade de dados e a implementação de leis que visam
endereçar este problema, estão a pressionar as organizações para assegurar a segurança das
suas bases de dados. Este desafio torna-se ainda mais complexo nos domÃnios da Inteligência
Artificial e Machine Learning, que dependem do acesso a grandes volumes de dados para
obterem bons resultados. As abordagens existentes, tal como Differential Privacy e Secure
Multi-party Computation, já permitem o uso de dados com algumas garantias de privacidade.
No entanto, na maioria das vezes, comprometem a integridade ou a acessibilidade aos
mesmos. Por outro lado, ao usar estratégias baseadas em cifras, isso não ocorre. Ao
contrário das cifras mais tradicionais, que apenas protegem os dados durante a transmissão
e armazenamento, as cifras homomórficas são capazes de preservar a privacidade dos dados
durante o seu processamento. Nomeadamente se o mesmo for centralizado num único
servidor. Apesar das suas vantagens, o custo computacional introduzido por este tipo de
cifras é bastante desafiador quando integrado em Redes Neurais que, por natureza, já são
computacionalmente pesadas.
Neste trabalho, apresentamos uma biblioteca chamada ENNigma, que é uma Rede Neural
Privada construÃda usando cifras homomórficas para preservar a privacidade dos dados. Ao
contrário de algumas abordagens estado-da-arte, a ENNigma garante a segurança dos dados
em todas as operações, mantendo essa garantia mesmo que o servidor seja comprometido.
O impacto da introdução desta camada de segurança, no desempenho da rede neural, é
mÃnimo, sendo a sua única grande desvantagem o seu custo computacional. Foram ainda
implementadas diversas otimizações para maximizar a eficiência da biblioteca apresentada,
levando a reduções ocasionais no tempo computacional acima de 50%.
No contexto do domÃnio de aplicação de Sistemas de Detecção de Intrusão em Redes de
Computadores, em particular dentro do subdomÃnio de detecção de ataques do tipo Distributed Denial of Service, vários modelos foram desenvolvidos para avaliar o desempenho
da ENNigma num cenário real. Estes modelos demonstraram desempenho comparável à s
redes neurais não privadas, ao mesmo tempo que alcançaram uma latência de inferência de
dois minutos e meio. Isso sugere que a biblioteca apresentada está a aproximar-se de um
estado em que pode ser utilizada em aplicações em tempo real.
A principal conclusão é que a biblioteca ENNigma representa um avanço significativo na
área das Redes Neurais Privadas, pois assegura a privacidade dos dados com um impacto
mÃnimo no desempenho da rede neural. Embora esta ferramenta ainda não esteja pronta
para utilização no mundo real, devido à sua complexidade computacional, serve como um
marco importante para o desenvolvimento de redes neurais totalmente privadas e eficientes
DDoS Attacks Detection Method Using Feature Importance and Support Vector Machine
In this study, the author wants to prove the combination of feature importance and support vector machine relevant to detecting distributed denial-of-service attacks. A distributed denial-of-service attack is a very dangerous type of attack because it causes enormous losses to the victim server. The study begins with determining network traffic features, followed by collecting datasets. The author uses 1000 randomly selected network traffic datasets for the purposes of feature selection and modeling. In the next stage, feature importance is used to select relevant features as modeling inputs based on support vector machine algorithms. The modeling results were evaluated using a confusion matrix table. Based on the evaluation using the confusion matrix, the score for the recall is 93 percent, precision is 95 percent, and accuracy is 92 percent. The author also compares the proposed method to several other methods. The comparison results show the performance of the proposed method is at a fairly good level in detecting distributed denial-of-service attacks. We realized this result was influenced by many factors, so further studies are needed in the future
- …