An Efficient Fuzzy Based Multi Level Clustering Model Using Artificial Bee Colony For Intrusion Detection

Network security is becoming increasingly important as computer technology advances. One of the most important components in maintaining a secure network is an Intrusion Detection System (IDS). An IDS is a collection of tools used to detect and report network anomalies. Threats to computer networks are increasing at an alarming rate. As a result, it is critical to create and maintain a safe computing environment. For network security, researchers employ a range of technologies, including anomaly-based intrusion detection systems (AIDS). These anomaly-based detections face a major challenge in the classification of data. Optimization algorithms that mimic the foraging behavior of bees in nature, such as the artificial bee colony algorithm, is a highly successful tool. A computer network's intrusion detection system (IDS) is an essential tool for keeping tabs on the activities taking place in the network. Artificial Bee Colony (ABC) algorithm is used in this research for effective intrusion detection. More and more intrusion detection systems are needed to keep up with the increasing number of attacks and the increase in Internet bandwidth. Detecting developing threats with high accuracy at line rates is the prerequisite for a good intrusion detection system. As traffic grows, current systems will be overwhelmed by the sheer volume of false positives and negatives they generate. In order to detect intrusions based on anomalies, this research employs an Efficient Fuzzy based Multi Level Clustering Model using Artificial Bee Colony (EFMLC-ABC). A semi-supervised intrusion detection method based on an artificial bee colony algorithm is proposed in this paper to optimize cluster centers and identify the best clustering options. In order to assess the effectiveness of the proposed method, various subsets of the KDD Cup 99 database were subjected to experimental testing. Analyses have shown that the proposed algorithm is suitable and efficient for intrusion detection system

Traversing NAT: A Problem

This quasi-experimental before-and-after study measured and analyzed the impacts of adding security to a new bi-directional Network Address Translation (NAT). Literature revolves around various types of NAT, their advantages and disadvantages, their security models, and networking technologies’ adoption. The study of the newly created secure bi-directional model of NAT showed statistically significant changes in the variables than another model using port forwarding. Future research of how data will traverse networks is crucial in an ever-changing world of technology

Dynamic Weighted Round Robin Approach in Software-Defined Networks Using Pox Controller

Load balancing is important in solving over-load traffic problems in the network. Therefore, it has been among the first appealing applications in Software Defined Networking (SDN) networks. Numerous SDN-based load-balancing approaches have been recommended to enhance the performance of SDN networks. However, network control could be more manageable in large networks with hundreds of switches and routers. The SDN is a unique way of building, controlling, and developing networks to modify this unpleasant situation. The major concept of SDN contains logically centralizing network management in an SDN controller, which manages and observes the behaviour of the network. Numerous load-balancing approaches are known, such as Round Robin (RR), random policy, Weighted randomized policy (WRP), etc. Every load-balancing policy approach has some benefits and detriments. This paper developed an advanced load-balancing algorithm, a dynamic weighted round-robin (DWRR), and ran it on the top of the SDN controller. Then we calculate the result of our proposed load-balancing approach by comparing it with the current round-robin (RR) and weighted round-robin (WRR) approaches. Mininet tool is utilized for the investigation, and the controller utilized as the control plane is named the POX controller

Fault diagnosis for IP-based network with real-time conditions

BACKGROUND: Fault diagnosis techniques have been based on many paradigms, which derive from diverse areas and have different purposes: obtaining a representation model of the network for fault localization, selecting optimal probe sets for monitoring network devices, reducing fault detection time, and detecting faulty components in the network. Although there are several solutions for diagnosing network faults, there are still challenges to be faced: a fault diagnosis solution needs to always be available and able enough to process data timely, because stale results inhibit the quality and speed of informed decision-making. Also, there is no non-invasive technique to continuously diagnose the network symptoms without leaving the system vulnerable to any failures, nor a resilient technique to the network's dynamic changes, which can cause new failures with different symptoms. AIMS: This thesis aims to propose a model for the continuous and timely diagnosis of IP-based networks faults, independent of the network structure, and based on data analytics techniques. METHOD(S): This research's point of departure was the hypothesis of a fault propagation phenomenon that allows the observation of failure symptoms at a higher network level than the fault origin. Thus, for the model's construction, monitoring data was collected from an extensive campus network in which impact link failures were induced at different instants of time and with different duration. These data correspond to widely used parameters in the actual management of a network. The collected data allowed us to understand the faults' behavior and how they are manifested at a peripheral level. Based on this understanding and a data analytics process, the first three modules of our model, named PALADIN, were proposed (Identify, Collection and Structuring), which define the data collection peripherally and the necessary data pre-processing to obtain the description of the network's state at a given moment. These modules give the model the ability to structure the data considering the delays of the multiple responses that the network delivers to a single monitoring probe and the multiple network interfaces that a peripheral device may have. Thus, a structured data stream is obtained, and it is ready to be analyzed. For this analysis, it was necessary to implement an incremental learning framework that respects networks' dynamic nature. It comprises three elements, an incremental learning algorithm, a data rebalancing strategy, and a concept drift detector. This framework is the fourth module of the PALADIN model named Diagnosis. In order to evaluate the PALADIN model, the Diagnosis module was implemented with 25 different incremental algorithms, ADWIN as concept-drift detector and SMOTE (adapted to streaming scenario) as the rebalancing strategy. On the other hand, a dataset was built through the first modules of the PALADIN model (SOFI dataset), which means that these data are the incoming data stream of the Diagnosis module used to evaluate its performance. The PALADIN Diagnosis module performs an online classification of network failures, so it is a learning model that must be evaluated in a stream context. Prequential evaluation is the most used method to perform this task, so we adopt this process to evaluate the model's performance over time through several stream evaluation metrics. RESULTS: This research first evidences the phenomenon of impact fault propagation, making it possible to detect fault symptoms at a monitored network's peripheral level. It translates into non-invasive monitoring of the network. Second, the PALADIN model is the major contribution in the fault detection context because it covers two aspects. An online learning model to continuously process the network symptoms and detect internal failures. Moreover, the concept-drift detection and rebalance data stream components which make resilience to dynamic network changes possible. Third, it is well known that the amount of available real-world datasets for imbalanced stream classification context is still too small. That number is further reduced for the networking context. The SOFI dataset obtained with the first modules of the PALADIN model contributes to that number and encourages works related to unbalanced data streams and those related to network fault diagnosis. CONCLUSIONS: The proposed model contains the necessary elements for the continuous and timely diagnosis of IPbased network faults; it introduces the idea of periodical monitorization of peripheral network elements and uses data analytics techniques to process it. Based on the analysis, processing, and classification of peripherally collected data, it can be concluded that PALADIN achieves the objective. The results indicate that the peripheral monitorization allows diagnosing faults in the internal network; besides, the diagnosis process needs an incremental learning process, conceptdrift detection elements, and rebalancing strategy. The results of the experiments showed that PALADIN makes it possible to learn from the network manifestations and diagnose internal network failures. The latter was verified with 25 different incremental algorithms, ADWIN as concept-drift detector and SMOTE (adapted to streaming scenario) as the rebalancing strategy. This research clearly illustrates that it is unnecessary to monitor all the internal network elements to detect a network's failures; instead, it is enough to choose the peripheral elements to be monitored. Furthermore, with proper processing of the collected status and traffic descriptors, it is possible to learn from the arriving data using incremental learning in cooperation with data rebalancing and concept drift approaches. This proposal continuously diagnoses the network symptoms without leaving the system vulnerable to failures while being resilient to the network's dynamic changes.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: José Manuel Molina López.- Secretario: Juan Carlos Dueñas López.- Vocal: Juan Manuel Corchado Rodrígue

Intrusion detection and management over the world wide web

As the Internet and society become ever more integrated so the number of Internet users continues to grow. Today there are 1.6 billion Internet users. They use its services to work from home, shop for gifts, socialise with friends, research the family holiday and manage their finances. Through generating both wealth and employment the Internet and our economies have also become interwoven. The growth of the Internet has attracted hackers and organised criminals. Users are targeted for financial gain through malware and social engineering attacks. Industry has responded to the growing threat by developing a range defences: antivirus software, firewalls and intrusion detection systems are all readily available. Yet the Internet security problem continues to grow and Internet crime continues to thrive. Warnings on the latest application vulnerabilities, phishing scams and malware epidemics are announced regularly and serve to heighten user anxiety. Not only are users targeted for attack but so too are businesses, corporations, public utilities and even states. Implementing network security remains an error prone task for the modern Internet user. In response this thesis explores whether intrusion detection and management can be effectively offered as a web service to users in order to better protect them and heighten their awareness of the Internet security threat

Insecure Deserialization Detection in Python

The importance of Cyber Security is increasing every single day. From the emergence of new ransomware to major data breaches, the online world is getting dangerous. A multinational non- profit group devoted to online application security is called OWASP, or the Open Web Application Security Project. The OWASP Top 10 is a frequently updated report that highlights the ten most important vulnerabilities to web application security. Among these 10 vulnerabilities, there exists a vulnerability called Software and Data Integrity Failures. A subset of this vulnerability is Insecure Deserialization. An object is transformed into a stream of bytes through the serialization process in order to be stored in memory, a database, or a file. Deserialization is the procedure used to transform bytes of serialized data into readable form. When a website deserializes user- controllable data without any validation, it is known as Insecure Deserialization. An attacker may be able to modify serialized objects in this way to introduce dangerous data into the application code. In this research, we discuss thoroughly Insecure Deserialization in Python and attempt to create an automated scanner for detecting it. We go into detail about the working of Insecure Deserialization and study this vulnerability in different languages such as Java, Python, and PHP. We also talk about various prevention technique