Addressing big data analytics for classification intrusion detection system

Currently, with the rapid developments communication technologies, large number of trustworthy online systems and facilities has been introduced. The cybersecurity is quiet on the rise threat from unauthorized; such security threats can be detected by an intrusion detection system. Thus, enhancing the intrusion detection system is main object of numbers of research and developers for monitoring the network security. Addressing challenges of big data in intrusion detection is one issue faced the researchers and developers due to dimensionality reduction in network data. In this paper, hybrid model is proposed to handle the dimensionality reduction in intrusion detection system. The genetic algorithm was applied as preprocessing steps for selecting most significant features from entire big network dataset. The genetic algorithm was applied to generate subset of relevant features from network data set for handling dimensionality reduction. The Support Vector Machine (SVM) algorithm was processed the relevant features for detecting intrusion. The NSL-KDD standard data was considered to test the performance of the hybrid model. Standard evaluation metrics were employed to presents the results of hybrid model. It is concluded that the empirical results of hybrid outperformed the performance of existing systems

Demand Response Management in Smart Grid Networks: a Two-Stage Game-Theoretic Learning-Based Approach

In this diploma thesis, the combined problem of power company selection and Demand Response Management in a Smart Grid Network consisting of multiple power companies and multiple customers is studied via adopting a distributed learning and game-theoretic technique. Each power company is characterized by its reputation and competitiveness. The customers who act as learning automata select the most appropriate power company to be served, in terms of price and electricity needs’ fulfillment, via a distributed learning based mechanism. Given customers\u27 power company selection, the Demand Response Management problem is formulated as a two-stage game theoretic optimization framework, where at the first stage the optimal customers\u27 electricity consumption is determined and at the second stage the optimal power companies’ pricing is calculated. The output of the Demand Response Management problem feeds the learning system in order to build knowledge and conclude to the optimal power company selection. A two-stage Power Company learning selection and Demand Response Management (PC-DRM) iterative algorithm is proposed in order to realize the distributed learning power company selection and the two-stage distributed Demand Response Management framework. The performance of the proposed approach is evaluated via modeling and simulation and its superiority against other state of the art approaches is illustrated

Satisfaction-Aware Data Offloading in Surveillance Systems

In this thesis, exploiting Fully Autonomous Aerial Systems\u27 (FAAS) and Mobile Edge Computing (MEC) servers\u27 computing capabilities to introduce a novel data offloading framework to support the energy and time-efficient video processing in surveillance systems based on satisfaction games. A surveillance system is introduced consisting of Areas of Interest (AoIs), where a MEC server is associated with each AoI, and a FAAS is flying above the AoIs to support the IP cameras\u27 computing demands. Each IP camera adopts a utility function capturing its Quality of Service (QoS) considering the experienced time and energy overhead to offload and process remotely or locally the data. A non-cooperative game among the cameras is formulated to determine the amount of offloading data to the MEC server and/or the FAAS, and the novel concept of Satisfaction Equilibrium (SE) is introduced where the IP cameras satisfy their minimum QoS prerequisites instead of maximizing their performance by consuming additional system resources. A distributed learning algorithm determines the IP cameras\u27 stable data offloading. Also, a reinforcement learning algorithm indicates the FAAS\u27s movement among the AoIs exploiting the accuracy, timeliness, and certainty of the collected data by the IP cameras per AoI. Detailed numerical and comparative results are presented to show the operation and efficiency of the proposed framework

Unsupervised detection of security threats in cyberphysical system and IoT devices based on power fingerprints and RBM autoencoders

Aim: A major problem in the Internet of Things (IoT) and Cyber-Physical System (CPS) devices is the detection of security threats in an efficient manner. Several recent incidents confirm that despite of the existing security solutions, security threats (e.g., malware and availability attacks) can still find their ways to such devices causing severe damages. Methods: In this paper, we propose a methodology that leverages the power consumption of wireless devices and Restricted Boltzmann Machine (RBM) Autoencoders (AE) to build a model that makes them more robust to the presence of security threats. The method consists of two stages: (i) Feature Extraction where stacked RBM AE and Principal Component Analysis (PCA) are used to extract features vector based on AE’s reconstruction errors. (ii) Classifier where One-Class Support Vector Machine (OC-SVM) is trained to perform the detection task. Results: The validation of the methodology is performed on real measurement datasets and covers a wide range of security threats (namely, malware, DDOS, and cryptojacking). The obtained results show good potential throughout the five datasets and prove that AEs’ reconstruction error can be used as a good discriminating feature. The obtained detection accuracy surpasses previously reported techniques, where it reaches up to ∼ 98% in most of scenarios. Conclusion: The performance of the proposed methodology shows a good generalization for detecting different security threats, and, hence, confirms the usefulness and applicability of the proposed approach

Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability

[ES] La presente tesis doctoral realiza un análisis en detalle de los elementos de decisión necesarios para mejorar la comprensión de la situación en ciberdefensa con especial énfasis en la percepción y comprensión del analista de un centro de operaciones de ciberseguridad (SOC). Se proponen dos arquitecturas diferentes basadas en el análisis forense de flujos de datos (NF3). La primera arquitectura emplea técnicas de Ensemble Machine Learning mientras que la segunda es una variante de Machine Learning de mayor complejidad algorítmica (lambda-NF3) que ofrece un marco de defensa de mayor robustez frente a ataques adversarios. Ambas propuestas buscan automatizar de forma efectiva la detección de malware y su posterior gestión de incidentes mostrando unos resultados satisfactorios en aproximar lo que se ha denominado un SOC de próxima generación y de computación cognitiva (NGC2SOC). La supervisión y monitorización de eventos para la protección de las redes informáticas de una organización debe ir acompañada de técnicas de visualización. En este caso, la tesis aborda la generación de representaciones tridimensionales basadas en métricas orientadas a la misión y procedimientos que usan un sistema experto basado en lógica difusa. Precisamente, el estado del arte muestra serias deficiencias a la hora de implementar soluciones de ciberdefensa que reflejen la relevancia de la misión, los recursos y cometidos de una organización para una decisión mejor informada. El trabajo de investigación proporciona finalmente dos áreas claves para mejorar la toma de decisiones en ciberdefensa: un marco sólido y completo de verificación y validación para evaluar parámetros de soluciones y la elaboración de un conjunto de datos sintéticos que referencian unívocamente las fases de un ciberataque con los estándares Cyber Kill Chain y MITRE ATT & CK.[CA] La present tesi doctoral realitza una anàlisi detalladament dels elements de decisió necessaris per a millorar la comprensió de la situació en ciberdefensa amb especial èmfasi en la percepció i comprensió de l'analista d'un centre d'operacions de ciberseguretat (SOC). Es proposen dues arquitectures diferents basades en l'anàlisi forense de fluxos de dades (NF3). La primera arquitectura empra tècniques de Ensemble Machine Learning mentre que la segona és una variant de Machine Learning de major complexitat algorítmica (lambda-NF3) que ofereix un marc de defensa de major robustesa enfront d'atacs adversaris. Totes dues propostes busquen automatitzar de manera efectiva la detecció de malware i la seua posterior gestió d'incidents mostrant uns resultats satisfactoris a aproximar el que s'ha denominat un SOC de pròxima generació i de computació cognitiva (NGC2SOC). La supervisió i monitoratge d'esdeveniments per a la protecció de les xarxes informàtiques d'una organització ha d'anar acompanyada de tècniques de visualització. En aquest cas, la tesi aborda la generació de representacions tridimensionals basades en mètriques orientades a la missió i procediments que usen un sistema expert basat en lògica difusa. Precisament, l'estat de l'art mostra serioses deficiències a l'hora d'implementar solucions de ciberdefensa que reflectisquen la rellevància de la missió, els recursos i comeses d'una organització per a una decisió més ben informada. El treball de recerca proporciona finalment dues àrees claus per a millorar la presa de decisions en ciberdefensa: un marc sòlid i complet de verificació i validació per a avaluar paràmetres de solucions i l'elaboració d'un conjunt de dades sintètiques que referencien unívocament les fases d'un ciberatac amb els estàndards Cyber Kill Chain i MITRE ATT & CK.[EN] This doctoral thesis performs a detailed analysis of the decision elements necessary to improve the cyber defence situation awareness with a special emphasis on the perception and understanding of the analyst of a cybersecurity operations center (SOC). Two different architectures based on the network flow forensics of data streams (NF3) are proposed. The first architecture uses Ensemble Machine Learning techniques while the second is a variant of Machine Learning with greater algorithmic complexity (lambda-NF3) that offers a more robust defense framework against adversarial attacks. Both proposals seek to effectively automate the detection of malware and its subsequent incident management, showing satisfactory results in approximating what has been called a next generation cognitive computing SOC (NGC2SOC). The supervision and monitoring of events for the protection of an organisation's computer networks must be accompanied by visualisation techniques. In this case, the thesis addresses the representation of three-dimensional pictures based on mission oriented metrics and procedures that use an expert system based on fuzzy logic. Precisely, the state-of-the-art evidences serious deficiencies when it comes to implementing cyber defence solutions that consider the relevance of the mission, resources and tasks of an organisation for a better-informed decision. The research work finally provides two key areas to improve decision-making in cyber defence: a solid and complete verification and validation framework to evaluate solution parameters and the development of a synthetic dataset that univocally references the phases of a cyber-attack with the Cyber Kill Chain and MITRE ATT & CK standards.Llopis Sánchez, S. (2023). Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19424

Symmetry-Adapted Machine Learning for Information Security

Symmetry-adapted machine learning has shown encouraging ability to mitigate the security risks in information and communication technology (ICT) systems. It is a subset of artificial intelligence (AI) that relies on the principles of processing future events by learning past events or historical data. The autonomous nature of symmetry-adapted machine learning supports effective data processing and analysis for security detection in ICT systems without the interference of human authorities. Many industries are developing machine-learning-adapted solutions to support security for smart hardware, distributed computing, and the cloud. In our Special Issue book, we focus on the deployment of symmetry-adapted machine learning for information security in various application areas. This security approach can support effective methods to handle the dynamic nature of security attacks by extraction and analysis of data to identify hidden patterns of data. The main topics of this Issue include malware classification, an intrusion detection system, image watermarking, color image watermarking, battlefield target aggregation behavior recognition model, IP camera, Internet of Things (IoT) security, service function chain, indoor positioning system, and crypto-analysis

Resource Allocation and Service Management in Next Generation 5G Wireless Networks

The accelerated evolution towards next generation networks is expected to dramatically increase mobile data traffic, posing challenging requirements for future radio cellular communications. User connections are multiplying, whilst data hungry content is dominating wireless services putting significant pressure on network's available spectrum. Ensuring energy-efficient and low latency transmissions, while maintaining advanced Quality of Service (QoS) and high standards of user experience are of profound importance in order to address diversifying user prerequisites and ensure superior and sustainable network performance. At the same time, the rise of 5G networks and the Internet of Things (IoT) evolution is transforming wireless infrastructure towards enhanced heterogeneity, multi-tier architectures and standards, as well as new disruptive telecommunication technologies. The above developments require a rethinking of how wireless networks are designed and operate, in conjunction with the need to understand more holistically how users interact with the network and with each other. In this dissertation, we tackle the problem of efficient resource allocation and service management in various network topologies under a user-centric approach. In the direction of ad-hoc and self-organizing networks where the decision making process lies at the user level, we develop a novel and generic enough framework capable of solving a wide array of problems with regards to resource distribution in an adaptable and multi-disciplinary manner. Aiming at maximizing user satisfaction and also achieve high performance - low power resource utilization, the theory of network utility maximization is adopted, with the examined problems being formulated as non-cooperative games. The considered games are solved via the principles of Game Theory and Optimization, while iterative and low complexity algorithms establish their convergence to steady operational outcomes, i.e., Nash Equilibrium points. This thesis consists a meaningful contribution to the current state of the art research in the field of wireless network optimization, by allowing users to control multiple degrees of freedom with regards to their transmission, considering mobile customers and their strategies as the key elements for the amelioration of network's performance, while also adopting novel technologies in the resource management problems. First, multi-variable resource allocation problems are studied for multi-tier architectures with the use of femtocells, addressing the topic of efficient power and/or rate control, while also the topic is examined in Visible Light Communication (VLC) networks under various access technologies. Next, the problem of customized resource pricing is considered as a separate and bounded resource to be optimized under distinct scenarios, which expresses users' willingness to pay instead of being commonly implemented by a central administrator in the form of penalties. The investigation is further expanded by examining the case of service provider selection in competitive telecommunication markets which aim to increase their market share by applying different pricing policies, while the users model the selection process by behaving as learning automata under a Machine Learning framework. Additionally, the problem of resource allocation is examined for heterogeneous services where users are enabled to dynamically pick the modules needed for their transmission based on their preferences, via the concept of Service Bundling. Moreover, in this thesis we examine the correlation of users' energy requirements with their transmission needs, by allowing the adaptive energy harvesting to reflect the consumed power in the subsequent information transmission in Wireless Powered Communication Networks (WPCNs). Furthermore, in this thesis a fresh perspective with respect to resource allocation is provided assuming real life conditions, by modeling user behavior under Prospect Theory. Subjectivity in decisions of users is introduced in situations of high uncertainty in a more pragmatic manner compared to the literature, where they behave as blind utility maximizers. In addition, network spectrum is considered as a fragile resource which might collapse if over-exploited under the principles of the Tragedy of the Commons, allowing hence users to sense risk and redefine their strategies accordingly. The above framework is applied in different cases where users have to select between a safe and a common pool of resources (CPR) i.e., licensed and unlicensed bands, different access technologies, etc., while also the impact of pricing in protecting resource fragility is studied. Additionally, the above resource allocation problems are expanded in Public Safety Networks (PSNs) assisted by Unmanned Aerial Vehicles (UAVs), while also aspects related to network security against malign user behaviors are examined. Finally, all the above problems are thoroughly evaluated and tested via a series of arithmetic simulations with regards to the main characteristics of their operation, as well as against other approaches from the literature. In each case, important performance gains are identified with respect to the overall energy savings and increased spectrum utilization, while also the advantages of the proposed framework are mirrored in the improvement of the satisfaction and the superior Quality of Service of each user within the network. Lastly, the flexibility and scalability of this work allow for interesting applications in other domains related to resource allocation in wireless networks and beyond