Development of an adaptive learning network-attack detection system

The proliferation of Internet and the increase of the number of network computers cause a raise of network attacks that attempt to confidentiality, integrity and availability of the computer infrastructures. Therefore Intrusion Detection Systems (IDSs) have become an essential part of today’s security infrastructures. There exists different kind of IDS. The separation that interest us the most for this study is misuse and anomaly-based IDSs. The first of them detects and classifies attacks with predefined rules and the second checks how much traffic differs from “normal” traffic and adapts itself to know in each moment what is normal and what not. The goal of this study is to propose a new IDS for the Stuttgart’s University network since the current one called Peakflow is a misuse IDS and can’t detect novel attacks. Here it is proposed SPADE as new IDS. SPADE detects anomalies based in probabilities and decides through a threshold that adapts according with the last results. SPADE solves the problem of novel attacks but we will see that this isn’t always very efficient because it can considerer abnormal traffic to be normal when the attacks are continuous or when there isn’t enough traffic normal in order to calculate the probabilities correctly and introduce a high false alarm rate. _______________________________________La proliferación de Internet y el aumento del número de redes de ordenadores están provocando un incremento de ataques a la red que atentan a diferentes aspectos de la comunicación: • Integridad: Fiabilidad de la información. • Disponibilidad: los recursos tienen que estar disponibles cuando se necesitan. • Confidencialidad: acceso limitado a la información a usuarios autorizados. En la universidad de Stuttgart, el sistema de monitorización de la red se llama Peakflow y se basa en la detección de usos indebidos a través de patrones por lo que no es eficiente para la detección de nuevos ataques. Por lo tanto, el objetivo de este proyecto consistía en mejorar este sistema proponiendo una detección basada en anomalías.Ingeniería de Telecomunicació

Proposed neural intrusion detection system to detect denial of service attacks in MANETs

MANTs are groups of mobiles hosts that arrange themselves into a grid lacking some preexist organization where the active network environment makes it simple in danger by an attacker. A node leaves out, and another node enters in the network, making it easy to penetration. This paper aims to design a new method of intrusion detection in the MANET and avoiding Denial of Service (DoS) basis on the neural networks and Zone Sampling-Based Traceback algorithm (ZSBT). There are several restrictions in outdating intrusion detection, such as time-intense, regular informing, non-adaptive, accuracy, and suppleness. Therefore, a novel intrusion detection system is stimulated by Artificial Neural Network and ZSBT algorithm using a simulated MANET. Using KDD cup 99 as a dataset, the experiments demonstrate that the model could can detect DoS effectively

Identification of Biometric-Based Continuous user Authentication and Intrusion Detection System for Cluster Based Manet

Mobile ad hoc is an infrastructure less dynamic network used in many applications; it has been targets of various attacks and makes security problems. This work aims to provide an enhanced level of security by using the prevention based and detection based approaches such as authentication and intrusion detection. The multi-model biometric technology is used for continuous authentication and intrusion detection in high security cluster based MANET. In this paper, an attempt has been made to combine continuous authentication and intrusion detection. In this proposed scheme, Dempster-Shafer theory is used for data fusion because more than one device needs to be chosen and their observation can be used to increase observation accuracy

Characterization and modeling of top spam botnets

The increasing impact of the Internet in the global economy has transformed Botnets into one of the most relevant security threats for citizens, organizations and governments. Despite the significant efforts that have been made over the last years to understand this phenomenon and develop detection techniques and countermeasures, this continues to be a field with big challenges to address. Several approaches can be taken to study Botnets: analyze its source code, which can be a hard task because it is usually unavailable; study the control mechanism, particularly the activity of its Command and Control server(s); study its behavior, by measuring real traffic and collecting relevant statistics. In this work, we have installed some of the most popular spam Botnets, captured the originated traffic and characterized it in order to identify the main trends/patterns of their activity. From the intensive statistics that were collected, it was possible to conclude that there are distinct features between Botnets that can be explored to build efficient detection methodologies. Based on this study, the second part of the paper proposes a generic and systematic model to describe the network dynamics whenever a Botnet threat is detected, defining all actors, dimensions, states and actions that need to be taken into account at each moment. We believe that this type of modeling approach is the basis for developing systematic and integrated frameworks and strategies to predict and fight Botnet threats in an efficient way.This research was supported by Fundação para a Ciência e a Tecnologia, under research project PTDC/EEA-TEL/101880/2008

Hybrid clouds for data-Intensive, 5G-Enabled IoT applications: an overview, key issues and relevant architecture

Hybrid cloud multi-access edge computing (MEC) deployments have been proposed as efficient means to support Internet of Things (IoT) applications, relying on a plethora of nodes and data. In this paper, an overview on the area of hybrid clouds considering relevant research areas is given, providing technologies and mechanisms for the formation of such MEC deployments, as well as emphasizing several key issues that should be tackled by novel approaches, especially under the 5G paradigm. Furthermore, a decentralized hybrid cloud MEC architecture, resulting in a Platform-as-a-Service (PaaS) is proposed and its main building blocks and layers are thoroughly described. Aiming to offer a broad perspective on the business potential of such a platform, the stakeholder ecosystem is also analyzed. Finally, two use cases in the context of smart cities and mobile health are presented, aimed at showing how the proposed PaaS enables the development of respective IoT applications.Peer ReviewedPostprint (published version

Paoding: Supervised Robustness-preserving Data-free Neural Network Pruning

When deploying pre-trained neural network models in real-world applications, model consumers often encounter resource-constraint platforms such as mobile and smart devices. They typically use the pruning technique to reduce the size and complexity of the model, generating a lighter one with less resource consumption. Nonetheless, most existing pruning methods are proposed with a premise that the model after being pruned has a chance to be fine-tuned or even retrained based on the original training data. This may be unrealistic in practice, as the data controllers are often reluctant to provide their model consumers with the original data. In this work, we study the neural network pruning in the \emph{data-free} context, aiming to yield lightweight models that are not only accurate in prediction but also robust against undesired inputs in open-world deployments. Considering the absence of the fine-tuning and retraining that can fix the mis-pruned units, we replace the traditional aggressive one-shot strategy with a conservative one that treats the pruning as a progressive process. We propose a pruning method based on stochastic optimization that uses robustness-related metrics to guide the pruning process. Our method is implemented as a Python package named \textsc{Paoding} and evaluated with a series of experiments on diverse neural network models. The experimental results show that it significantly outperforms existing one-shot data-free pruning approaches in terms of robustness preservation and accuracy

A Review on Artificial Intelligence Applications for Grid-Connected Solar Photovoltaic Systems

The use of artificial intelligence (AI) is increasing in various sectors of photovoltaic (PV) systems, due to the increasing computational power, tools and data generation. The currently employed methods for various functions of the solar PV industry related to design, forecasting, control, and maintenance have been found to deliver relatively inaccurate results. Further, the use of AI to perform these tasks achieved a higher degree of accuracy and precision and is now a highly interesting topic. In this context, this paper aims to investigate how AI techniques impact the PV value chain. The investigation consists of mapping the currently available AI technologies, identifying possible future uses of AI, and also quantifying their advantages and disadvantages in regard to the conventional mechanisms

Feature Subset Selection in Intrusion Detection Using Soft Computing Techniques

Intrusions on computer network systems are major security issues these days. Therefore, it is of utmost importance to prevent such intrusions. The prevention of such intrusions is entirely dependent on their detection that is a main part of any security tool such as Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Adaptive Security Alliance (ASA), checkpoints and firewalls. Therefore, accurate detection of network attack is imperative. A variety of intrusion detection approaches are available but the main problem is their performance, which can be enhanced by increasing the detection rates and reducing false positives. Such weaknesses of the existing techniques have motivated the research presented in this thesis. One of the weaknesses of the existing intrusion detection approaches is the usage of a raw dataset for classification but the classifier may get confused due to redundancy and hence may not classify correctly. To overcome this issue, Principal Component Analysis (PCA) has been employed to transform raw features into principal features space and select the features based on their sensitivity. The sensitivity is determined by the values of eigenvalues. The recent approaches use PCA to project features space to principal feature space and select features corresponding to the highest eigenvalues, but the features corresponding to the highest eigenvalues may not have the optimal sensitivity for the classifier due to ignoring many sensitive features. Instead of using traditional approach of selecting features with the highest eigenvalues such as PCA, this research applied a Genetic Algorithm (GA) to search the principal feature space that offers a subset of features with optimal sensitivity and the highest discriminatory power. Based on the selected features, the classification is performed. The Support Vector Machine (SVM) and Multilayer Perceptron (MLP) are used for classification purpose due to their proven ability in classification. This research work uses the Knowledge Discovery and Data mining (KDD) cup dataset, which is considered benchmark for evaluating security detection mechanisms. The performance of this approach was analyzed and compared with existing approaches. The results show that proposed method provides an optimal intrusion detection mechanism that outperforms the existing approaches and has the capability to minimize the number of features and maximize the detection rates