Improving Data Transmission Rate with Self Healing Activation Model for Intrusion Detection with Enhanced Quality of Service

Several types of attacks can easily compromise a Wireless Sensor Network (WSN). Although not all intrusions can be predicted, they may cause significant damage to the network and its nodes before being discovered. Due to its explosive growth and the infinite scope in terms of applications and processing brought about by 5G, WSN is becoming more and more deeply embedded in daily life. Security breaches, downed services, faulty hardware, and buggy software can all cripple these enormous systems. As a result, the platform becomes unmaintainable when there are a million or more interconnected devices. When it comes to network security, intrusion detection technology plays a crucial role, with its primary function being to constantly monitor the health of a network and, if any aberrant behavior is detected, to issue a timely warning to network administrators. The current network's availability and dependability are directly tied to the efficacy and timeliness of the Intrusion Detection System (IDS). An Intrusion-Tolerant system would incorporate self-healing mechanisms to restore compromised data. System attributes such as readiness for accurate service, supply identical and correct data, confidentiality, and availability are necessary for a system to merit trust. In this research, self-healing methods are considered that can detect intrusions and can remove with intellectual strategies that can make a system fully autonomous and fix any problems it encounters. In this study, a new architecture for an Intrusion Tolerant Self Healing Activation Model for Improved Data Transmission Rate (ITSHAM-IDTR) is proposed for accurate detection of intrusions and self repairing the network for better performance, which boosts the server's performance quality and enables it to mend itself without any intervention from the administrator. When compared to the existing paradigm, the proposed model performs in both self-healing and increased data transmission rates.

Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats

Despite its technological benefits, Internet of Things (IoT) has cyber weaknesses due to the vulnerabilities in the wireless medium. Machine learning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. Advanced persistent threat (APT) is prominent for cybercriminals to compromise networks, and it is crucial to long-term and harmful characteristics. However, it is difficult to apply ML-based approaches to identify APT attacks to obtain a promising detection performance due to an extremely small percentage among normal traffic. There are limited surveys to fully investigate APT attacks in IoT networks due to the lack of public datasets with all types of APT attacks. It is worth to bridge the state-of-the-art in network attack detection with APT attack detection in a comprehensive review article. This survey article reviews the security challenges in IoT networks and presents the well-known attacks, APT attacks, and threat models in IoT systems. Meanwhile, signature-based, anomaly-based, and hybrid intrusion detection systems are summarized for IoT networks. The article highlights statistical insights regarding frequently applied ML-based methods against network intrusion alongside the number of attacks types detected. Finally, open issues and challenges for common network intrusion and APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema

Deep Transfer Learning Applications in Intrusion Detection Systems: A Comprehensive Review

Globally, the external Internet is increasingly being connected to the contemporary industrial control system. As a result, there is an immediate need to protect the network from several threats. The key infrastructure of industrial activity may be protected from harm by using an intrusion detection system (IDS), a preventive measure mechanism, to recognize new kinds of dangerous threats and hostile activities. The most recent artificial intelligence (AI) techniques used to create IDS in many kinds of industrial control networks are examined in this study, with a particular emphasis on IDS-based deep transfer learning (DTL). This latter can be seen as a type of information fusion that merge, and/or adapt knowledge from multiple domains to enhance the performance of the target task, particularly when the labeled data in the target domain is scarce. Publications issued after 2015 were taken into account. These selected publications were divided into three categories: DTL-only and IDS-only are involved in the introduction and background, and DTL-based IDS papers are involved in the core papers of this review. Researchers will be able to have a better grasp of the current state of DTL approaches used in IDS in many different types of networks by reading this review paper. Other useful information, such as the datasets used, the sort of DTL employed, the pre-trained network, IDS techniques, the evaluation metrics including accuracy/F-score and false alarm rate (FAR), and the improvement gained, were also covered. The algorithms, and methods used in several studies, or illustrate deeply and clearly the principle in any DTL-based IDS subcategory are presented to the reader

A Survey on Intrusion Detection Systems for Fog and Cloud Computing

The rapid advancement of internet technologies has dramatically increased the number of connected devices. This has created a huge attack surface that requires the deployment of effective and practical countermeasures to protect network infrastructures from the harm that cyber-attacks can cause. Hence, there is an absolute need to differentiate boundaries in personal information and cloud and fog computing globally and the adoption of specific information security policies and regulations. The goal of the security policy and framework for cloud and fog computing is to protect the end-users and their information, reduce task-based operations, aid in compliance, and create standards for expected user actions, all of which are based on the use of established rules for cloud computing. Moreover, intrusion detection systems are widely adopted solutions to monitor and analyze network traffic and detect anomalies that can help identify ongoing adversarial activities, trigger alerts, and automatically block traffic from hostile sources. This survey paper analyzes factors, including the application of technologies and techniques, which can enable the deployment of security policy on fog and cloud computing successfully. The paper focuses on a Software-as-a-Service (SaaS) and intrusion detection, which provides an effective and resilient system structure for users and organizations. Our survey aims to provide a framework for a cloud and fog computing security policy, while addressing the required security tools, policies, and services, particularly for cloud and fog environments for organizational adoption. While developing the essential linkage between requirements, legal aspects, analyzing techniques and systems to reduce intrusion detection, we recommend the strategies for cloud and fog computing security policies. The paper develops structured guidelines for ways in which organizations can adopt and audit the security of their systems as security is an essential component of their systems and presents an agile current state-of-the-art review of intrusion detection systems and their principles. Functionalities and techniques for developing these defense mechanisms are considered, along with concrete products utilized in operational systems. Finally, we discuss evaluation criteria and open-ended challenges in this area

Operational moving target defences for improved power system cyber-physical security

In this work, we examine how Moving Target Defences (MTDs) can be enhanced to circumvent intelligent false data injection (FDI) attacks against power systems. Initially, we show how, by implementing state-of-the-art topology learning techniques, we can commit full-knowledge-equivalent FDI attacks against static power systems with no prior system knowledge. We go on to explore how naive applications of topology change, as MTDs, can be countered by unsupervised learning-based FDI attacks and how MTDs can be combined with physical watermarking to enhance system resilience. A novel intelligent attack, which incorporates dimensionality reduction and density-based spatial clustering, is developed and shown to be effective in maintaining stealth in the presence of traditional MTD strategies. In resisting this new type of attack, a novel implementation of MTD is suggested. The implementation uses physical watermarking to drive detection of traditional and intelligent FDI attacks while remaining hidden to the attackers. Following this, we outline a cyber-physical authentication strategy for use against FDI attacks. An event-triggered MTD protocol is proposed at the physical layer to complement cyber-side enhancements. This protocol applies a distributed anomaly detection scheme based on Holt-Winters seasonal forecasting in combination with MTD implemented via inductance perturbation. To conclude, we developed a cyber-physical risk assessment framework for FDI attacks. Our assessment criteria combines a weighted graph model of the networks cyber vulnerabilities with a centralised residual-based assessment of the physical system with respect to MTD. This combined approach provides a cyber-physical assessment of FDI attacks which incorporates both the likelihood of intrusion and the prospect of an attacker making stealthy change once intruded.Open Acces

A machine learning-based intrusion detection for detecting internet of things network attacks

The Internet of Things (IoT) refers to the collection of all those devices that could connect to the Internet to collect and share data. The introduction of varied devices continues to grow tremendously, posing new privacy and security risks—the proliferation of Internet connections and the advent of new technologies such as the IoT. Various and sophisticated intrusions are driving the IoT paradigm into computer networks. Companies are increasing their investment in research to improve the detection of these attacks. By comparing the highest rates of accuracy, institutions are picking intelligent procedures for testing and verification. The adoption of IoT in the different sectors, including health, has also continued to increase in recent times. Where the IoT applications became well known for technology researchers and developers. Unfortunately, the striking challenge of IoT is the privacy and security issues resulting from the energy limitations and scalability of IoT devices. Therefore, how to improve the security and privacy challenges of IoT remains an important problem in the computer security field. This paper proposes a machine learning-based intrusion detection system (ML-IDS) for detecting IoT network attacks. The primary objective of this research focuses on applying ML-supervised algorithm-based IDS for IoT. In the first stage of this research methodology, feature scaling was done using the Minimum-maximum (min–max) concept of normalization on the UNSW-NB15 dataset to limit information leakage on the test data. This dataset is a mixture of contemporary attacks and normal activities of network traffic grouped into nine different attack types. In the next stage, dimensionality reduction was performed with Principal Component Analysis (PCA). Lastly, six proposed machine learning models were used for the analysis. The experimental results of our findings were evaluated in terms of validation dataset, accuracy, the area under the curve, recall, F1, precision, kappa, and Mathew correlation coefficient (MCC). The findings were also benchmarked with the existing works, and our results were competitive with an accuracy of 99.9% and MCC of 99.97%.publishedVersio