A machine learning approach for feature selection traffic classification using security analysis

© 2018, Springer Science+Business Media, LLC, part of Springer Nature. Class imbalance has become a big problem that leads to inaccurate traffic classification. Accurate traffic classification of traffic flows helps us in security monitoring, IP management, intrusion detection, etc. To address the traffic classification problem, in literature, machine learning (ML) approaches are widely used. Therefore, in this paper, we also proposed an ML-based hybrid feature selection algorithm named WMI_AUC that make use of two metrics: weighted mutual information (WMI) metric and area under ROC curve (AUC). These metrics select effective features from a traffic flow. However, in order to select robust features from the selected features, we proposed robust features selection algorithm. The proposed approach increases the accuracy of ML classifiers and helps in detecting malicious traffic. We evaluate our work using 11 well-known ML classifiers on the different network environment traces datasets. Experimental results showed that our algorithms achieve more than 95% flow accuracy results

CorrAUC: a Malicious Bot-IoT Traffic Detection Method in IoT Network Using Machine Learning Techniques

Identification of anomaly and malicious traffic in the Internet of things (IoT) network is essential for the IoT security to keep eyes and block unwanted traffic flows in the IoT network. For this purpose, numerous machine learning (ML) technique models are presented by many researchers to block malicious traffic flows in the IoT network. However, due to the inappropriate feature selection, several ML models prone misclassify mostly malicious traffic flows. Nevertheless, the significant problem still needs to be studied more in-depth that is how to select effective features for accurate malicious traffic detection in IoT network. To address the problem, a new framework model is proposed. Firstly, a novel feature selection metric approach named CorrAUC proposed, and then based on CorrAUC, a new feature selection algorithm name Corrauc is develop and design, which is based on wrapper technique to filter the features accurately and select effective features for the selected ML algorithm by using AUC metric. Then, we applied integrated TOPSIS and Shannon Entropy based on a bijective soft set to validate selected features for malicious traffic identification in the IoT network. We evaluate our proposed approach by using the Bot-IoT dataset and four different ML algorithms. Experimental results analysis showed that our proposed method is efficient and can achieve >96% results on average

Journal of Telecommunications and Information Technology

kwartalni

The emergence of the fintech industry in China: An evolutionary economic geography perspective

Over the last decade, the global economy has rapidly becoming digited. Digital technologies have transformed the economy and society, affecting all sectors of activity around the world. Among them, the financial sector is one of the most digitalized sectors, and the term ‘fintech’ is coined to describe the digitalization of the financial sector. Although the global fintech landscape is currently geographically concentrated in the United States and Europe, the pace of China’s fintech development has been dramatically accelerated. However, it is quite surprising that there is hardly any study that investigates fintech in China from a subnational scale. To fill this gap, this dissertation conducts a city-level analysis of the emergence of the fintech industry in China. Theoretically, I position this dissertation within the broad literature on evolutionary economic geography (EEG), which has emerged as one of the main paradigms in economic geography. This dissertation aims to provide a comprehensive understanding of the emergence of the new industry in regions. Conventional wisdom in EEG posits that new industry in regions tends to grow out of technologically related pre-existing industries. However, this conventional understanding is somewhat technology-centric. In response, this dissertation extends the scholarly work from technology-centric to embrace the role of the demand-side market and institutional logic in the emergence of the new industry in regions. It proposes that not only supply-side technology but also demand-side market and institutional logics matter for the emergence of the new industry in regions. Moreover, this dissertation ascribes the underlying logic of how technology, market, and institutional logics matter to the agentic processes of asset modification, particularly redeploying pre-existing assets and creating new assets. In other words, the emergence of the new industry in regions results from relevant regional actors’ purposeful actions in terms of modifying technological, market, and institutional assets. Methodologically, there is a dualism in evolutionary economic geography research between qualitative and quantitative work. To seek a methodology integration, this dissertation proposes the mixed-method that is composed of four concrete approaches, namely the triangulation approach, the embedded approach, the sequential exploratory approach, and the sequential explanatory approach. Among these concrete approaches, the embedded approach is utilized in empirical work. The embedded approach in this dissertation refers to the embedding of the qualitative case study (which deals with the ‘how’ questions) into quantitative research (which deals with the ‘whether and to what extent’ questions). Empirically, this dissertation first examines the emergence of fintech industries in China’s cities based on the quantitative regression analysis (mainly dealing with the ‘whether and to what extent’ questions) and then zooms in on the city of Shenzhen, which is the largest fintech hub in southern China, based on the qualitative case study (mainly dealing with the ‘how’ questions). The findings are as follows. (1) Based on a unique dataset from 2003 – 2019, this dissertation provides a city-level analysis of the fintech industry in China. The econometric results show that fintech industries tend to emerge in cities that have more fintech-related technologies, particularly in the fields of finance, e-commerce, data sciences, and security. This confirms the principle of technological relatedness. Moreover, it finds a positive relationship between the development of the fintech industry and the demand for fintech services. To the best of my knowledge, this is the first systematic evidence of the significant positive role of the demand-side market in the emergence of the new industry in regions. (2) In order to uncover the underlying processes (the question of ‘how’) that lead to the above significantly positive effect, this dissertation resorts to the qualitative case study. The case study shows that the rise of Shenzhen’s fintech industry mainly grows out of Shenzhen’s pre-existing internet and financial industry. By systematically comparing the processes that internet and financial industry diversify into the fintech industry, it finds that the emergence of the fintech industry in Shenzhen result from internet and financial firms’ purposeful actions in terms of redeploying their pre-existing technologies, market, and institutional logics, as well as creating the new ones that are necessary for fintech but are missing for the internet or financial firms. In other words, it is the processes of asset modification, particularly redeploying pre-existing assets and creating new assets, that give rise to the birth of the fintech industry, leading to the positive relationships found in the quantitative regression analysis

Graph-Based Machine Learning for Passive Network Reconnaissance within Encrypted Networks

Network reconnaissance identifies a network’s vulnerabilities to both prevent and mitigate the impact of cyber-attacks. The difficulty of performing adequate network reconnaissance has been exacerbated by the rising complexity of modern networks (e.g., encryption). We identify that the majority of network reconnaissance solutions proposed in literature are infeasible for widespread deployment in realistic modern networks. This thesis provides novel network reconnaissance solutions to address the limitations of the existing conventional approaches proposed in literature. The existing approaches are limited by their reliance on large, heterogeneous feature sets making them difficult to deploy under realistic network conditions. In contrast, we devise a bipartite graph-based representation to create network reconnaissance solutions that rely only on a single feature (e.g., the Internet protocol (IP) address field). We exploit a widely available feature set to provide network reconnaissance solutions that are scalable, independent of encryption, and deployable across diverse Internet (TCP/IP) networks. We design bipartite graph embeddings (BGE); a graph-based machine learning (ML) technique for extracting insight from the structural properties of the bipartite graph-based representation. BGE is the first known graph embedding technique designed explicitly for network reconnaissance. We validate the use of BGE through an evaluation of a university’s enterprise network. BGE is shown to provide insight into crucial areas of network reconnaissance (e.g., device characterisation, service prediction, and network visualisation). We design an extension of BGE to acquire insight within a private network. Private networks—such as a virtual private network (VPN)—have posed significant challenges for network reconnaissance as they deny direct visibility into their composition. Our extension of BGE provides the first known solution for inferring the composition of both the devices and applications acting behind diverse private networks. This thesis provides novel graph-based ML techniques for two crucial aims of network reconnaissance—device characterisation and intrusion detection. The techniques developed within this thesis provide unique cybersecurity solutions to both prevent and mitigate the impact of cyber-attacks.Thesis (Ph.D.) -- University of Adelaide, School of Electrical and Electronic Engineering , 202