111 research outputs found
A MEC-IIoT intelligent threat detector based on machine learning boosted tree algorithms
In recent years, new management methods have appeared that mark the beginning of a new industrial revolution called Industry 4.0 or the Industrial Internet of Things (IIoT). IIoT brings together new emerging technologies, such as the Internet of Things (IoT), Deep Learning (DL) and Machine Learning (ML), that contribute to new applications, industrial processes and efficiency management in factories. This combination of new technologies and contexts is paired with Multi-access Edge Computing (MEC) to reduce costs through the virtualisation of networks and services. As these new paradigms increase in growth, so does the number of threats and vulnerabilities, making IIoT a very desirable target for cybercriminals. In addition, IIoT devices have certain intrinsic limitations, especially due to their limited resources, and this makes it impossible, in many cases, to detect attacks by using solutions designed for other paradigms. So it is necessary to design, implement and evaluate new solutions or adapt existing ones. Therefore, this paper proposes an intelligent threat detector based on boosted tree algorithms. Such detectors have been implemented and evaluated in an environment specifically designed to test IIoT deployments. In this way, we can learn how these algorithms, which have been successful in multiple contexts, behave in a paradigm with known constraints. The results obtained in the study show that our intelligent threat detector achieves a mean efficiency of between 95%–99% in the F1 Score metric, indicating that it is a good option for implementation in these scenarios
AI-based algorithm for intrusion detection on a real Dataset
[Abstract]: In this Project, Novel Machine Learning proposals are given to produce a Network Intrusion
Detection System (NIDS). For this, a state of the art Dataset for Cyclo Stationary NIDS has
been used, together with a previously proposed standard methodology to compare the results
of different models over the same Dataset. An extensive research has been done for
this Project about the different Datasets available for NIDS, as has been done to expose the
evolution and functioning of IDSs.
Finally, experiments have been made with Outlier Detectors, Ensemble Methods, Deep
Learning and Conventional Classifiers to compare with previously published results over the
same Dataset and with the same methodology. The findings reveal that the Ensemble Methods
have been capable to improve the results from prior research being the best approach the
Extreme Gradient Boosting method.[Resumen]: En este Proyecto, se presentan novedosas propuestas de Aprendizaje Automático para
producir un Sistema de Detección de Intrusos en Red (NIDS). Para ello, se ha utilizado un
Dataset de última generación para NIDS Cicloestacionarios, junto con una metodología estándar
previamente propuesta para comparar los resultados de diferentes modelos sobre el
mismo Dataset. Para este Proyecto se ha realizado una extensa investigación sobre los diferentes
conjuntos de datos disponibles para NIDS, así como se ha expuesto la evolución y
funcionamiento de los IDSs.
Por último, se han realizado experimentos con Detectores de Anomalias, Métodos de
Conjunto, Aprendizaje Profundo y Clasificadores Convencionales para comparar con resultados
previamente publicados sobre el mismo Dataset y con la misma metodología. Los resultados
revelan que los Métodos de Conjunto han sido capaces de mejorar los resultados de
investigaciones previas siendo el mejor enfoque el método de Extreme Gradient Boosting.Traballo fin de grao (UDC.FIC). Enxeñaría Informática. Curso 2022/202
Malware Resistant Data Protection in Hyper-connected Networks: A survey
Data protection is the process of securing sensitive information from being
corrupted, compromised, or lost. A hyperconnected network, on the other hand,
is a computer networking trend in which communication occurs over a network.
However, what about malware. Malware is malicious software meant to penetrate
private data, threaten a computer system, or gain unauthorised network access
without the users consent. Due to the increasing applications of computers and
dependency on electronically saved private data, malware attacks on sensitive
information have become a dangerous issue for individuals and organizations
across the world. Hence, malware defense is critical for keeping our computer
systems and data protected. Many recent survey articles have focused on either
malware detection systems or single attacking strategies variously. To the best
of our knowledge, no survey paper demonstrates malware attack patterns and
defense strategies combinedly. Through this survey, this paper aims to address
this issue by merging diverse malicious attack patterns and machine learning
(ML) based detection models for modern and sophisticated malware. In doing so,
we focus on the taxonomy of malware attack patterns based on four fundamental
dimensions the primary goal of the attack, method of attack, targeted exposure
and execution process, and types of malware that perform each attack. Detailed
information on malware analysis approaches is also investigated. In addition,
existing malware detection techniques employing feature extraction and ML
algorithms are discussed extensively. Finally, it discusses research
difficulties and unsolved problems, including future research directions.Comment: 30 pages, 9 figures, 7 tables, no where submitted ye
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, Internet of Things (IoT) has cyber
weaknesses due to the vulnerabilities in the wireless medium. Machine learning
(ML)-based methods are widely used against cyber threats in IoT networks with
promising performance. Advanced persistent threat (APT) is prominent for
cybercriminals to compromise networks, and it is crucial to long-term and
harmful characteristics. However, it is difficult to apply ML-based approaches
to identify APT attacks to obtain a promising detection performance due to an
extremely small percentage among normal traffic. There are limited surveys to
fully investigate APT attacks in IoT networks due to the lack of public
datasets with all types of APT attacks. It is worth to bridge the
state-of-the-art in network attack detection with APT attack detection in a
comprehensive review article. This survey article reviews the security
challenges in IoT networks and presents the well-known attacks, APT attacks,
and threat models in IoT systems. Meanwhile, signature-based, anomaly-based,
and hybrid intrusion detection systems are summarized for IoT networks. The
article highlights statistical insights regarding frequently applied ML-based
methods against network intrusion alongside the number of attacks types
detected. Finally, open issues and challenges for common network intrusion and
APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table
Machine learning approaches for malware classification based on hybrid artefacts
Malware could be developed and transformed into various forms to deceive users and evade antivirus and security endpoint detection. Furthermore, if one machine in the network is compromised, it could be used for lateral movement--when malware spreads stealthily without sending an alarm to monitoring systems. Malware attacks pose security threats to modern enterprises and can cause massive financial, reputation, and data loss to major enterprises. Therefore, it is important to detect these attacks effectively to reduce the loss to the minimum level. The current research uses different approaches, including static and dynamic analysis, to detect and analyze malware categories using distinct feature sets, such as imported modules, opcodes, and API calls, which can improve performance in binary and multi-class classification problems.
This thesis proposes a method for identifying and analyzing malware samples via static and dynamic approaches, including memory analysis and consecutive application operation sequences performed on the Windows 10 virtual environment. Standard classifiers and frequently used sequence models are utilized to expose the malware characteristics and benefit predictive capabilities. The features used in these algorithms are extracted from the static and dynamic analysis of malware samples, such as the rich header feature, debug information, temporary files, prefetch files, and event logs. The measurement of the classifiers and the degree of correctness are calculated using the accuracy, f1-score, Mean Absolute Error (MAE), confusion matrix, and Area under the ROC Curve (AUC). Combining two feature sets can provide the best classification performance on static file properties and dynamic analysis results, regardless of whether applying feature selection or not, achieving the accuracy and f1_score at 97% for integrating two datasets. For consecutive sequences, concatenating the Gated Recurrent Unit (GRU) and Transformers model can yield the highest accuracy at 97% for Noriben operations, while GRU can achieve the maximum accuracy for Opcode sequences at 89%
Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation
Intrusion detection systems (IDSs) are intrinsically linked to a comprehensive solution of cyberattacks prevention instruments. To achieve a higher detection rate, the ability to design an improved detection framework is sought after, particularly when utilizing ensemble learners. Designing an ensemble often lies in two main challenges such as the choice of available base classifiers and combiner methods. This paper performs an overview of how ensemble learners are exploited in IDSs by means of systematic mapping study. We collected and analyzed 124 prominent publications from the existing literature. The selected publications were then mapped into several categories such as years of publications, publication venues, datasets used, ensemble methods, and IDS techniques. Furthermore, this study reports and analyzes an empirical investigation of a new classifier ensemble approach, called stack of ensemble (SoE) for anomaly-based IDS. The SoE is an ensemble classifier that adopts parallel architecture to combine three individual ensemble learners such as random forest, gradient boosting machine, and extreme gradient boosting machine in a homogeneous manner. The performance significance among classification algorithms is statistically examined in terms of their Matthews correlation coefficients, accuracies, false positive rates, and area under ROC curve metrics. Our study fills the gap in current literature concerning an up-to-date systematic mapping study, not to mention an extensive empirical evaluation of the recent advances of ensemble learning techniques applied to IDSs. (C) 2020 Elsevier Inc. All rights reserved
AI-powered Fraud Detection in Decentralized Finance: A Project Life Cycle Perspective
In recent years, blockchain technology has introduced decentralized finance
(DeFi) as an alternative to traditional financial systems. DeFi aims to create
a transparent and efficient financial ecosystem using smart contracts and
emerging decentralized applications. However, the growing popularity of DeFi
has made it a target for fraudulent activities, resulting in losses of billions
of dollars due to various types of frauds. To address these issues, researchers
have explored the potential of artificial intelligence (AI) approaches to
detect such fraudulent activities. Yet, there is a lack of a systematic survey
to organize and summarize those existing works and to identify the future
research opportunities. In this survey, we provide a systematic taxonomy of
various frauds in the DeFi ecosystem, categorized by the different stages of a
DeFi project's life cycle: project development, introduction, growth, maturity,
and decline. This taxonomy is based on our finding: many frauds have strong
correlations in the stage of the DeFi project. According to the taxonomy, we
review existing AI-powered detection methods, including statistical modeling,
natural language processing and other machine learning techniques, etc. We find
that fraud detection in different stages employs distinct types of methods and
observe the commendable performance of tree-based and graph-related models in
tackling fraud detection tasks. By analyzing the challenges and trends, we
present the findings to provide proactive suggestion and guide future research
in DeFi fraud detection. We believe that this survey is able to support
researchers, practitioners, and regulators in establishing a secure and
trustworthy DeFi ecosystem.Comment: 38 pages, update reference
- …