8,946 research outputs found
ITCM: A Real Time Internet Traffic Classifier Monitor
The continual growth of high speed networks is a challenge for real-time
network analysis systems. The real time traffic classification is an issue for
corporations and ISPs (Internet Service Providers). This work presents the
design and implementation of a real time flow-based network traffic
classification system. The classifier monitor acts as a pipeline consisting of
three modules: packet capture and pre-processing, flow reassembly, and
classification with Machine Learning (ML). The modules are built as concurrent
processes with well defined data interfaces between them so that any module can
be improved and updated independently. In this pipeline, the flow reassembly
function becomes the bottleneck of the performance. In this implementation, was
used a efficient method of reassembly which results in a average delivery delay
of 0.49 seconds, approximately. For the classification module, the performances
of the K-Nearest Neighbor (KNN), C4.5 Decision Tree, Naive Bayes (NB), Flexible
Naive Bayes (FNB) and AdaBoost Ensemble Learning Algorithm are compared in
order to validate our approach.Comment: 16 pages, 3 figures, 7 tables, International Journal of Computer
Science & Information Technology (IJCSIT) Vol 6, No 6, December 201
An Immuno-Inspired Approach to Misbehavior Detection in Ad Hoc Wireless Networks
We propose and evaluate an immuno-inspired approach to misbehavior detection
in ad hoc wireless networks. Node misbehavior can be the result of an
intrusion, or a software or hardware failure. Our approach is motivated by
co-stimulatory signals present in the Biological immune system. The results
show that co-stimulation in ad hoc wireless networks can both substantially
improve energy efficiency of detection and, at the same time, help achieve low
false positives rates. The energy efficiency improvement is almost two orders
of magnitude, if compared to misbehavior detection based on watchdogs.
We provide a characterization of the trade-offs between detection approaches
executed by a single node and by several nodes in cooperation. Additionally, we
investigate several feature sets for misbehavior detection. These feature sets
impose different requirements on the detection system, most notably from the
energy efficiency point of view.Comment: 15 page
A traffic classification method using machine learning algorithm
Applying concepts of attack investigation in IT industry, this idea has been developed to design
a Traffic Classification Method using Data Mining techniques at the intersection of Machine
Learning Algorithm, Which will classify the normal and malicious traffic. This classification will
help to learn about the unknown attacks faced by IT industry. The notion of traffic classification
is not a new concept; plenty of work has been done to classify the network traffic for
heterogeneous application nowadays. Existing techniques such as (payload based, port based
and statistical based) have their own pros and cons which will be discussed in this
literature later, but classification using Machine Learning techniques is still an open field to explore and has provided very promising results up till now
Machine Learning-Based Delay-Aware UAV Detection and Operation Mode Identification over Encrypted Wi-Fi Traffic
The consumer UAV (unmanned aerial vehicle) market has grown significantly
over the past few years. Despite its huge potential in spurring economic growth
by supporting various applications, the increase of consumer UAVs poses
potential risks to public security and personal privacy. To minimize the risks,
efficiently detecting and identifying invading UAVs is in urgent need for both
invasion detection and forensics purposes. Given the fact that consumer UAVs
are usually used in a civilian environment, existing physical detection methods
(such as radar, vision, and sound) may become ineffective in many scenarios.
Aiming to complement the existing physical detection mechanisms, we propose a
machine learning-based framework for fast UAV identification over encrypted
Wi-Fi traffic. It is motivated by the observation that many consumer UAVs use
Wi-Fi links for control and video streaming. The proposed framework extracts
features derived only from packet size and inter-arrival time of encrypted
Wi-Fi traffic, and can efficiently detect UAVs and identify their operation
modes. In order to reduce the online identification time, our framework adopts
a re-weighted -norm regularization, which considers the number of
samples and computation cost of different features. This framework jointly
optimizes feature selection and prediction performance in a unified objective
function. To tackle the packet inter-arrival time uncertainty when optimizing
the trade-off between the detection accuracy and delay, we utilize Maximum
Likelihood Estimation (MLE) method to estimate the packet inter-arrival time.
We collect a large number of real-world Wi-Fi data traffic of eight types of
consumer UAVs and conduct extensive evaluation on the performance of our
proposed method
REMOTEGATE: Incentive-Compatible Remote Configuration of Security Gateways
Imagine that a malicious hacker is trying to attack a server over the
Internet and the server wants to block the attack packets as close to their
point of origin as possible. However, the security gateway ahead of the source
of attack is untrusted. How can the server block the attack packets through
this gateway? In this paper, we introduce REMOTEGATE, a trustworthy mechanism
for allowing any party (server) on the Internet to configure a security gateway
owned by a second party, at a certain agreed upon reward that the former pays
to the latter for its service. We take an interactive incentive-compatible
approach, for the case when both the server and the gateway are rational, to
devise a protocol that will allow the server to help the security gateway
generate and deploy a policy rule that filters the attack packets before they
reach the server. The server will reward the gateway only when the latter can
successfully verify that it has generated and deployed the correct rule for the
issue. This mechanism will enable an Internet-scale approach to improving
security and privacy, backed by digital payment incentives.Comment: Working manuscrip
Preventing DDoS using Bloom Filter: A Survey
Distributed Denial-of-Service (DDoS) is a menace for service provider and
prominent issue in network security. Defeating or defending the DDoS is a prime
challenge. DDoS make a service unavailable for a certain time. This phenomenon
harms the service providers, and hence, loss of business revenue. Therefore,
DDoS is a grand challenge to defeat. There are numerous mechanism to defend
DDoS, however, this paper surveys the deployment of Bloom Filter in defending a
DDoS attack. The Bloom Filter is a probabilistic data structure for membership
query that returns either true or false. Bloom Filter uses tiny memory to store
information of large data. Therefore, packet information is stored in Bloom
Filter to defend and defeat DDoS. This paper presents a survey on DDoS
defending technique using Bloom Filter.Comment: 9 pages, 1 figure. This article is accepted for publication in EAI
Endorsed Transactions on Scalable Information System
Intrusion Detection Mechanism Using Fuzzy Rule Interpolation
Fuzzy Rule Interpolation (FRI) methods can serve deducible (interpolated)
conclusions even in case if some situations are not explicitly defined in a
fuzzy rule based knowledge representation. This property can be beneficial in
partial heuristically solved applications; there the efficiency of expert
knowledge representation is mixed with the precision of machine learning
methods. The goal of this paper is to introduce the benefits of FRI in the
Intrusion Detection Systems (IDS) application area, in the design and
implementation of the detection mechanism for Distributed Denial of Service
(DDOS) attacks. In the example of the paper as a test-bed environment an open
source DDOS dataset and the General Public License (GNU) FRI Toolbox was
applied. The performance of the FRI-IDS example application is compared to
other common classification algorithms used for detecting DDOS attacks on the
same open source test-bed environment. According to the results, the overall
detection rate of the FRI-IDS is in pair with other methods. On the example
dataset it outperforms the detection rate of the support vector machine
algorithm, whereas other algorithms (neural network, random forest and decision
tree) recorded lightly higher detection rate. Consequently, the FRI inference
system could be a suitable approach to be implemented as a detection mechanism
for IDS; it effectively decreases the false positive rate value. Moreover,
because of its fuzzy rule base knowledge representation nature, it can easily
adapt expert knowledge, and also be-suitable for predicting the level of degree
for threat possibility
Evaluation of Machine Learning Algorithms for Intrusion Detection System
Intrusion detection system (IDS) is one of the implemented solutions against
harmful attacks. Furthermore, attackers always keep changing their tools and
techniques. However, implementing an accepted IDS system is also a challenging
task. In this paper, several experiments have been performed and evaluated to
assess various machine learning classifiers based on KDD intrusion dataset. It
succeeded to compute several performance metrics in order to evaluate the
selected classifiers. The focus was on false negative and false positive
performance metrics in order to enhance the detection rate of the intrusion
detection system. The implemented experiments demonstrated that the decision
table classifier achieved the lowest value of false negative while the random
forest classifier has achieved the highest average accuracy rate
Machine Learning Methods for Network Intrusion Detection
Network security engineers work to keep services available all the time by
handling intruder attacks. Intrusion Detection System (IDS) is one of the
obtainable mechanisms that is used to sense and classify any abnormal actions.
Therefore, the IDS must be always up to date with the latest intruder attacks
signatures to preserve confidentiality, integrity, and availability of the
services. The speed of the IDS is a very important issue as well learning the
new attacks. This research work illustrates how the Knowledge Discovery and
Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for
testing and evaluating different Machine Learning Techniques. It mainly focuses
on the KDD preprocess part in order to prepare a decent and fair experimental
data set. The J48, MLP, and Bayes Network classifiers have been chosen for this
study. It has been proven that the J48 classifier has achieved the highest
accuracy rate for detecting and classifying all KDD dataset attacks, which are
of type DOS, R2L, U2R, and PROBE.Comment: ICCCNT 2018 - The 20th International Conference on Computing,
Communication. arXiv admin note: substantial text overlap with
arXiv:1805.1045
Predictive No-Reference Assessment of Video Quality
Among the various means to evaluate the quality of video streams,
No-Reference (NR) methods have low computation and may be executed on thin
clients. Thus, NR algorithms would be perfect candidates in cases of real-time
quality assessment, automated quality control and, particularly, in adaptive
mobile streaming. Yet, existing NR approaches are often inaccurate, in
comparison to Full-Reference (FR) algorithms, especially under lossy network
conditions. In this work, we present an NR method that combines machine
learning with simple NR metrics to achieve a quality index comparably as
accurate as the Video Quality Metric (VQM) Full-Reference algorithm. Our method
is tested in an extensive dataset (960 videos), under lossy network conditions
and considering nine different machine learning algorithms. Overall, we achieve
an over 97% correlation with VQM, while allowing real-time assessment of video
quality of experience in realistic streaming scenarios.Comment: 13 pages, 8 figures, IEEE Selected Topics on Signal Processin
- …