6 research outputs found
IoT Malware Network Traffic Classification using Visual Representation and Deep Learning
With the increase of IoT devices and technologies coming into service,
Malware has risen as a challenging threat with increased infection rates and
levels of sophistication. Without strong security mechanisms, a huge amount of
sensitive data is exposed to vulnerabilities, and therefore, easily abused by
cybercriminals to perform several illegal activities. Thus, advanced network
security mechanisms that are able of performing a real-time traffic analysis
and mitigation of malicious traffic are required. To address this challenge, we
are proposing a novel IoT malware traffic analysis approach using deep learning
and visual representation for faster detection and classification of new
malware (zero-day malware). The detection of malicious network traffic in the
proposed approach works at the package level, significantly reducing the time
of detection with promising results due to the deep learning technologies used.
To evaluate our proposed method performance, a dataset is constructed which
consists of 1000 pcap files of normal and malware traffic that are collected
from different network traffic sources. The experimental results of Residual
Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate
for detection of malware traffic.Comment: 10 pages, 5 figures, 2 table
A Stacking-Based Deep Neural Network Approach for Effective Network Anomaly Detection
An anomaly-based intrusion detection system (A-IDS) provides a critical aspect in a modern computing infrastructure since new types of attacks can be discovered. It prevalently utilizes several machine learning algorithms (ML) for detecting and classifying network traffic. To date, lots of algorithms have been proposed to improve the detection performance of A-IDS, either using individual or ensemble learners. In particular, ensemble learners have shown remarkable performance over individual learners in many applications, including in cybersecurity domain. However, most existing works still suffer from unsatisfactory results due to improper ensemble design. The aim of this study is to emphasize the effectiveness of stacking ensemble-based model for A-IDS, where deep learning (e.g., deep neural network [DNN]) is used as base learner model. The effectiveness of the proposed model and base DNN model are benchmarked empirically in terms of several performance metrics, i.e., Matthew's correlation coefficient, accuracy, and false alarm rate. The results indicate that the proposed model is superior to the base DNN model as well as other existing ML algorithms found in the literature
A Process Mining Approach for Supporting IoT Predictive Security
International audienceThe growing interest for the Internet-of-Things (IoT) is supported by the large-scale deployment of sensors and connected objects. These ones are integrated with other Internet resources in order to elaborate more complex and value-added systems and applications. While important efforts have been done for their protection, security management is a major challenge for these systems, due to their complexity, their heterogeneity and the limited resources of their devices. In this paper we introduce a process mining approach for detecting misbehaviors in such systems. It permits to characterize the behavioral models of IoT-based systems and to detect potential attacks, even in the case of heterogenous protocols and platforms. We then describe and formalize its underlying architecture and components, and detail a proof-of-concept prototype. Finally, we evaluate the performance of this solution through extensive experiments based on real industrial datasets
Detecção de ataques por canais laterais na camada física
Today, with the advent of IoT and the resulting fragmentation of wireless technologies,
they bring not only benefits, but also concerns. Daily, several individuals
communicate with each other using various communication methods. Individuals
use a variety of devices for innocuous day-to-day activities; however, there are
some malicious individuals (dishonest agents) whose aim is to cause harm, with
the exfiltration of information being one of the biggest concerns. Since the security
of Wi-Fi communications is one of the areas of greatest investment and research
regarding Internet security, dishonest agents make use of side channels to exfiltrate
information, namely Bluetooth. Most current solutions for anomaly detection on
networks are based on analyzing frames or packets, which, inadvertently, can reveal
user behavior patterns, which they consider to be private. In addition, solutions
that focus on inspecting physical layer data typically use received signal power
(RSSI) as a distance metric and detect anomalies based on the relative position
of the network nodes, or use the spectrum values directly on models classification
without prior data processing.
This Dissertation proposes mechanisms to detect anomalies, while ensuring the privacy
of its nodes, which are based on the analysis of radio activity in the physical
layer, measuring the behavior of the network through the number of active and
inactive frequencies and the duration of periods of silence and activity. After the
extraction of properties that characterize these metrics,an exploration and study
of the data is carried out, followed by the use of the result to train One-Class
Classification models.
The models are trained with data taken from a series of interactions between a
computer, an AP, and a mobile phone in an environment with reduced noise, in
an attempt to simulate a simplified home automation scenario. Then, the models
were tested with similar data but containing a compromised node, which periodically
sent a file to a local machine via a Bluetooth connection. The data show
that, in both situations, it was possible to achieve detection accuracy rates in the
order of 75 % and 99 %.
This work ends with some ideas of resource work, namely changes in the level
of pre-processing, ideas of new tests and how to reduce the percentage of false
negatives.Hoje, com o advento da IoT e a resultante fragmentação das tecnologias sem fio,
elas trazem não apenas benefícios, mas também preocupações. Diariamente vários
indivíduos se comunicam entre si usando vários métodos de comunicação. Os
indivíduos usam uma variedade de dispositivos para atividades inócuas do dia-adia;
no entanto, existem alguns indivíduos mal-intencionados (agentes desonestos)
cujo objetivo é causar danos, sendo a exfiltração de informação uma das maiores
preocupações. Sendo a segurança das comunicações Wi-Fi uma das áreas de
maior investimento e investigação no que toca a segurança na Internet, os agentes
desonestos fazem uso de canais laterais para exfiltrar informação, nomeadamente
o Bluetooth. A maioria das soluções atuais para deteção de anomalias em redes
baseiam-se em analisar tramas ou pacotes, o que, inadvertidamente, pode revelar
padrões de comportamento dos utilizadores, que estes considerem privados. Além
disso, as soluções que se focam em inspecionar dados da camada física normalmente
usam a potência de sinal recebido (RSSI) como uma métrica de distância
e detetam anomalias baseadas na posição relativa dos nós da rede, ou usam os
valores do espetro diretamente em modelos de classificação sem prévio tratamento
de dados.
Esta Dissertação propõe mecanismos para deteção de anomalias, assegurando simultaneamente
a privacidade dos seus nós, que se baseiam na análise de atividade
rádio na camada física, medindo os comportamentos da rede através do número
de frequências ativas e inativas e a duração de períodos de silêncio e atividade.
Depois da extração de propriedades que caracterizam estas métricas, é realizada
uma exploração dos dados e um estudo das mesmas, sendo depois usadas para
treinar modelos de classificação mono-classe.
Os modelos são treinados com dados retirados de uma série de interações entre
um computador, um AP, e um telemóvel num ambiente com ruído reduzido, numa
tentativa de simular um cenário de automação doméstica simplificado. De seguida,
os modelos foram testados com dados semelhantes mas contendo um nó comprometido,
que periodicamente enviava um ficheiro para uma máquina local através
de uma ligação Bluetooth. Os dados mostram que, em ambas as situações, foi
possível atingir taxas de precisão de deteção na ordem dos 75% e 99%.
Este trabalho finaliza com algumas ideias de trabalho futuro, nomeadamente alterações
ao nível do pré-processamento, ideias de novos testes e como diminuir a
percentagem de falsos negativos.Mestrado em Engenharia de Computadores e Telemátic
Cyber Security and Critical Infrastructures 2nd Volume
The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems
Evaluation of machine learning techniques for network intrusion detection
Network traffic anomaly may indicate a possible intrusion in the network and therefore anomaly detection is important to detect and prevent the security attacks. The early research work in this area and commercially available Intrusion Detection Systems (IDS) are mostly signature-based. The problem of signature based method is that the database signature needs to be updated as new attack signatures become available and therefore it is not suitable for the real-time network anomaly detection. The recent trend in anomaly detection is based on machine learning classification techniques. We apply seven different machine learning techniques with information entropy calculation to Kyoto 2006+ data set and evaluate the performance of these techniques. Our findings show that, for this particular data set, most machine learning techniques provide higher than 90% precision, recall and accuracy. However, using area under the Receiver Operating Curve (ROC) metric, we find that Radial Basis Function (RBF) performs the best among the seven algorithms studied in this work