Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)

There are several ways to increase detection accuracy result on the intrusion detection systems (IDS), one way is feature extraction. The existing original features are filtered and then converted into features with lower dimension. This paper uses the Principal Components Analysis (PCA) for features extraction on intrusion detection system with the aim to improve the accuracy and precision of the detection. The impact of features extraction to attack detection was examined. Experiments on a network traffic dataset created from an Internet of Thing (IoT) testbed network topology were conducted and the results show that the accuracy of the detection reaches 100 percent

IMPLEMENTASI KEAMANAN JARINGAN PADA ROUTER MIKROTIK TERHADAP SERANGAN BRUTE FORCE PADA SERVER JURUSAN TEKNIK KOMPUTER

Jaringan komputer dan internet merupakan kebutuhan bagi masyarakat. Banyaknya pengguna jaringan komputer dan internet menyebabkan keamanan pada jaringan komputer dan internet merupakan hal yang sangat dibutuhkan pada saat ini, khususnya di lingkungan Teknik Komputer. Salah satu serangan yang berbahaya pada jaringan komputer adalah serangan brute force. Serangan brute force adalah salah satu serangan yang berbahaya karena serangan tersebut bertujuan untuk membobol username dan password pada suatu server melalui router. Peneliti akan melakukan sebuah konfigurasi pada router untuk melakukan pencegahan terhadap serangan brute force dengan cara memblokir ip address penyerang selama 1 hari

Log Event Management Server Menggunakan Elastic Search Logstash Kibana (ELK Stack)

This study aims to build an Event Management Server Log using ELK Stack (Elastic searchLogstash Kibana) which can make it easier to read and analyze log services on the server. TheEvent Management Server log in this study uses CentOS 7 as the Central Server and CentOS7 as a client-server with ssh services installed. This research consists of five stages. The stagesare analysis, network design, server configuration, client configuration, and testing. Theexperimental results show that all ssh log services that occur on the client-server sent inrealtime to the central server. Even though the contents of the log file on the client-server hasdeleted. In This study, in addition to sending logs, it can also display a percentage of successreferences

Deep learning with focal loss approach for attacks classification

The rapid development of deep learning improves the detection and classification of attacks on intrusion detection systems. However, the unbalanced data issue increases the complexity of the architecture model. This study proposes a novel deep learning model to overcome the problem of classifying multi-class attacks. The deep learning model consists of two stages. The pre-tuning stage uses automatic feature extraction with a deep autoencoder. The second stage is fine-tuning using deep neural network classifiers with fully connected layers. To reduce imbalanced class data, the feature extraction was implemented using the deep autoencoder and improved focal loss function in the classifier. The model was evaluated using 3 loss functions, including cross-entropy, weighted cross-entropy, and focal losses. The results could correct the class imbalance in deep learning-based classifications. Attack classification was achieved using automatic extraction with the focal loss on the CSE-CIC-IDS2018 dataset is a high-quality classifier with 98.38% precision, 98.27% sensitivity, and 99.82% specificity

Distributed Detection Over Blockchain-Aided Internet Of Things In The Presence Of Attacks

Distributed detection over a blockchain-aided Internet of Things (BIoT) network in the presence of attacks is considered, where the integrated blockchain is employed to secure data exchanges over the BIoT as well as data storage at the agents of the BIoT. We consider a general adversary model where attackers jointly exploit the vulnerability of IoT devices and that of the blockchain employed in the BIoT. The optimal attacking strategy which minimizes the Kullback-Leibler divergence is pursued. It can be shown that this optimization problem is nonconvex, and hence it is generally intractable to find the globally optimal solution to such a problem. To overcome this issue, we first propose a relaxation method that can convert the original nonconvex optimization problem into a convex optimization problem, and then the analytic expression for the optimal solution to the relaxed convex optimization problem is derived. The optimal value of the relaxed convex optimization problem provides a detection performance guarantee for the BIoT in the presence of attacks. In addition, we develop a coordinate descent algorithm which is based on a capped water-filling method to solve the relaxed convex optimization problem, and moreover, we show that the convergence of the proposed coordinate descent algorithm can be guaranteed

Detection and prevention of username enumeration attack on SSH protocol: machine learning approach

A Dissertation Submitted in Partial Fulfillment of the Requirement for the Degree of Master’s in Information System and Network Security of the Nelson Mandela African Institution of Science and TechnologyOver the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list – obtained through a so – called an enumeration attack. In this study, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (KNN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improved when using ports information. The best selected model was then deployed into intrusion detection and prevention system (IDS/IPS) to automatically detect and prevent username enumeration attack. Study also recommends the use of Deep Learning in future studies

Investigating Brute Force Attack Patterns in IoT Network

Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation

Network attacks detection based on traffic flows analysis using hybrid machine learning algorithms

Razvoj savremenih mrežnih okruženja se zasniva na primeni različitih tehnologija, povezivanju sa drugim tehnološki drugačijim konceptima i obezbeđivanju njihove interoperabilnosti. Tako složeno mrežno okruženje je neprekidno izloženo različitim izazovima, pri čemu je obezbeđivanje sigurnosti servisa i podataka jedan od najvažnijih zadataka. Novi zahtevi za sisteme zaštite se zasnivaju na potrebi za efikasnim praćenjem i razumevanju karakteristika mrežnog saobraćaja, a uslovljeni su stalnim porastom broja korisnika i razvojem novih aplikacija. Razvoj rešenja u oblasti detekcije anomalija i napada je postao svojevrsni imperativ, imajući u vidu da se paralelno odvija intenzivni razvoj u oblasti sajber napada. Osim toga, promene mrežnog saobraćaja su postale sve dinamičnije, a kao poseban problem se izdvaja velika heterogenost primenjenih tehnologija i korisničkih uređaja. Iako dostupna literatura prepoznaje veliki broj radova koji se bave analizom tokova mrežnog saobraćaja za potrebe praćenja performansi i sigurnosnih aspekata mreža, mali je broj istraživanja koja se zasnivaju na procedurama generisanja i analize profila ponašanja mrežnog saobraćaja, odnosno specifičnih komunikacionih obrazaca. U tom smislu, analiza ponašanja mreže se u sve većoj meri oslanja na razumevanje normalnih ili prihvatljivih obrazaca ponašanja na osnovu kojih je moguće efikasno otkrivanje obrazaca anomalija. Za razliku od sistema za otkrivanje napada koji se zasnivaju na analizi sadržaja svakog pojedinačnog paketa (signature-based), ovaj pristup je izuzetno koristan za identifikaciju nepoznatih pretnji, napada nultog dana, sumnjivog ponašanja i za sveopšte poboljšavanje performansi mrežnih okruženja...The development of the modern network environments, their application, and the dynamics of their interoperability with other technologically different concepts, is based on the application and compatibility of different heterogeneous technologies. Such a complex network environment is constantly exposed to various operational challenges, where ensuring the security and safety of services and data represents one of the most important tasks. The constant increase in the number of users and the intensive development of new applications that require high bandwidth has defined new requirements for security systems, which are based on monitoring and effectively understanding network traffic characteristics. In the light of the increasingly intensive development in the field of cyberattacks, persistent dynamic changes in network traffic, as well as the increased heterogeneity of the used technologies and devices, the development of solutions in the field of anomaly and attack detection has become a kind of imperative. Although the available literature recognizes a large number of papers dealing with the analysis of network traffic flows for the needs of the monitoring of the performance and security aspects of networks, just a few studies are based on the procedures for generating network traffic behavior profiles, or specific communication patterns. In this sense, network behavior analysis relies on an understanding of normal or acceptable behavior patterns, which would allow for the effective detection of unusual, anomalous behavior patterns. Unlike the intrusion detection systems that are based on the packet payload or signature (signature-based), this approach is extremely useful not only for the identification of unknown threats, zero-day attacks, and suspicious behavior, but also for the improvement of the overall network performance..