A New Efficient Method for the Detection of Intrusion in 5G and beyond Networks using ML

60-65The 5G networks are very important to support complex application by connecting different types of machines and devices, which provide the platform for different spoofing attacks. Traditional physical layer and cryptography authentication methods are facing problems in dynamic complex environment, including less reliability, security overhead also problem in predefined authentication system, giving protection and learn about time-varying attributes. In this paper, intrusion detection framework has been designed using various machine learning methods with the help of physical layer attributes and to provide more efficient system to increase the security. Machine learning methods for the intelligent intrusion detection are introduced, especially for supervised and non-supervised methods. Our machine learning based intelligent intrusion detection technique for the 5G and beyond networks is evaluated in terms of recall, precision, accuracy and f-value are validated for unpredictable dynamics and unknown conditions of networks

Automating Cyberdeception Evaluation with Deep Learning

A machine learning-based methodology is proposed and implemented for conducting evaluations of cyberdeceptive defenses with minimal human involvement. This avoids impediments associated with deceptive research on humans, maximizing the efficacy of automated evaluation before human subjects research must be undertaken. Leveraging recent advances in deep learning, the approach synthesizes realistic, interactive, and adaptive traffic for consumption by target web services. A case study applies the approach to evaluate an intrusion detection system equipped with application-layer embedded deceptive responses to attacks. Results demonstrate that synthesizing adaptive web traffic laced with evasive attacks powered by ensemble learning, online adaptive metric learning, and novel class detection to simulate skillful adversaries constitutes a challenging and aggressive test of cyberdeceptive defenses

Detecting Novel Variants of Application Layer (D)DoS Attacks using Supervised Learning

Denial of Service (DoS) attacks and their distributed variant (DDoS) are major digital threats in today’s cyberspace. Defense mechanisms such as Intrusion Detection Systems aim at finding these and other malicious activities in network traffic. They predominantly use signature-based approaches to effectively detect intrusions. Unfortunately, constructing a database with signatures is very time-consuming and this approach can only find previously seen variants. Machine learning algorithms are known to be effective tools in detecting intrusions, but it has not been studied if they are also able to detect unseen variants. In this research, we study to what extent supervised learning algorithms are able to detect novel variants of application layer (D)DoS attacks. To be more precise, we focus on detecting HTTP attacks targeting a web server. The contributions of this research are as follows: we provide a procedure to create intrusion detection datasets combining information from the transport, network, and application layer to be directly used for machine learning purposes. We show that specific (D)DoS variants are successfully detected by binary classifiers learned to distinguish benign entries from another (D)DoS attack. Despite this result, we demonstrate that the performance of a classifier trained on detecting variant A and tested on finding variant B is not necessarily similar to its performance when trained on B and tested on A. At last, we show that using more types of (D)DoS attacks in the training set does not necessarily lead to a higher detection rate of unseen variants. Thus, selecting the right combination of a machine learning model with a (small) set of intrusions included in the training data can result in a higher novel intrusion detection rate

In-depth comparative evaluation of supervised machine learning approaches for detection of cybersecurity threats

This paper describes the process and results of analyzing CICIDS2017, a modern, labeled data set for testing intrusion detection systems. The data set is divided into several days, each pertaining to different attack classes (Dos, DDoS, infiltration, botnet, etc.). A pipeline has been created that includes nine supervised learning algorithms. The goal was binary classification of benign versus attack traffic. Cross-validated parameter optimization, using a voting mechanism that includes five classification metrics, was employed to select optimal parameters. These results were interpreted to discover whether certain parameter choices were dominant for most (or all) of the attack classes. Ultimately, every algorithm was retested with optimal parameters to obtain the final classification scores. During the review of these results, execution time, both on consumerand corporate-grade equipment, was taken into account as an additional requirement. The work detailed in this paper establishes a novel supervised machine learning performance baseline for CICIDS2017