A Supervised Machine Learning Based Intrusion Detection Model for Detecting Cyber-Attacks Against Computer System

Internet usage has become essential for correspondence in almost every calling in our digital age. To protect a network, an effective intrusion detection system (IDS) is vital. Intrusion Detection System is a software application to detect network intrusion using various machine learning algorithms. The function of the expert has been lessened by machine learning approaches since knowledge is taken directly from the data. The fact that it makes use of all the features of an information packet spinning in the network for intrusion detection is weakened by the employment of various methods for detecting intrusions, such as statistical models, safe system approaches, etc. Machine learning has become a fundamental innovation for cyber security. Two of the key types of attacks that plague businesses, as proposed in this paper, are Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks. One of the most disastrous attacks on the Internet of Things (IOT) is a denial of service.  Two diverse Machine Learning techniques are proposed in this research work, mainly Supervised learning. To achieve this goal, the paper represents a regression algorithm, which is usually used in data science and machine learning to forecast the future. An innovative approach to detecting is by using the Machine Learning algorithm by mining application-specific logs. Cyber security is a way of providing their customers the peace of mind they need knowing that they have secured their information and money

Monitoring of a Veneer Lathe Knife by the use of an Industrial Internet of Things- Platform

The number of devices connected to the Internet grows constantly. This information entity has been labeled the Internet of Things (IoT). One important aspect of this is the industrial applications, sometimes labeled the Industrial Internet of Things (IIoT). Collecting and analyzing the massive amounts of data that industry generates will only become more and more important as technology and the need for efficiency increase. Novotek is a company with long and extensive experience of industrial IT and automation. Together with their customer Quant Service they are launching a project for predictive maintenance. This aims to monitor several different industrial sites using an industrial platform and the IIoT framework. The monitoring will allow for tracking of machine status and maintenance needs from both near and afar. One of the sites for this project is a veneer production line for composite wood products. As a part of the monitoring and predictive maintenance project, this report looks at the possibility of using the ThingWorx IIoT platform’s analytics functionality to determine the need for maintenance of the cutting knife on a veneer lathe. The goal is to look at its uses for monitoring and predictive maintenance for this particular case but also as a general method. The process for this will be twofold. Since the project uses the IIoT framework one part is how to collect the data from the site and then passing it through the platform and to the analytics program. The second part is the machine learning and statistical methods and algorithms used to analyze the data for predictions. For benchmarking, it will be compared to another analytics product. The results of the project are not conclusive concerning the knife predictions. Development of the measurement setup is needed. The IIoT platform does however show potential in being used for the intended purpose.Predictive Maintenance with the Industrial Internet of Things The Industrial Internet of Things is growing every day. When machines talk to each other, they will revolutionize industry as we know it. The Industrial Internet of Things (IIoT), meaning real-time interconnectedness of industrial devices, is said to play a big part in the next industrial revolution, Industry 4.0. Pretty much all industrial devices, or Things, generate data. But data is not information. If it is to be valuable, it must be analyzed with the right tools so that the right decisions can be made. Ultimately, this will lead to a complete automation of the industrial process with smart machines talking and giving advice to each other. Novotek, a company with long experience in the areas of industrial IT and automation, is launching an IIoT project together with a customer. As a part of this, a MSc thesis study was done on using an IIoT platform for predictive maintenance. The object of study was a veneer peeling lathe used in the manufacturing of composite wood products. Wood cutting constantly dulls the tools involved and they need to be sharpened or exchanged several times during a workday. If it is possible for the machine to “know” the sharpness of its knife, it can decide when the optimal point of maintenance should be. One possible method to predict this is to monitor overall vibrations in the lathe and look for any patterns. To handle all the communication, storing and analysis of the data, specialized tools are needed. One such tool is the IIoT platform ThingWorx. ThingWorx has functionality for a multitude of applications. It can keep track of all your Things and handle the communication between them. It also has components for advanced analysis of data, using machine learning and statistical algorithms. The results of the study are not conclusive but tests for the process imply the usefulness of the IIoT framework. The application implemented creates a well-defined path for data to follow. This functions both for the modeling of the problem as well facilitating predictive process monitoring in actual operation. Once an IIoT solution has been implemented a company has a complete structure for connecting and monitoring all parts of their business. This goes beyond just reading production parameters from afar. This kind of connected industry can monitor itself. It can make predictions and take the right decisions for the manufacturing autonomously, only involving humans when needed. The possibilities for optimization and efficiency goes far beyond what was thought possible only a decade ago

Improved Intrusion Detection System using Quantal Response Equilibrium-based Game Model and Rule-based Classification

Wireless sensor network has large number of low-cost tiny nodes with sensing capability.  These provide low cost solutions to many real world problems such as such as defence, Internet of things, healthcare, environment monitoring and so on. The sensor nodes of these networks are placed in vulnerable environment. Hence, the security of these networks is very important. Intrusion Detection System (IDS) plays an important role in providing a security to such type of networks. The sensor nodes of the network have limited power and, traditional security mechanisms such as key-management, encryption decryption and authentication techniques cannot be installed on the nodes. Hence, there is a need of special security mechanism to handle the intrusions. In this paper, intrusion detection system is designed and implemented using game theory and machine learning to identify multiple attacks. Game theory is designed and used to apply the IDS optimally in WSN. The game model is designed by defining the players and the corresponding strategies. Quantal Response Equilibrium (QRE) concept of game theory is used to select the strategies in optimal way for the intrusion’s detection. Further, these intrusions are classified as denial of service attack, rank attack or selective forwarding attacks using supervised machine learning technique based on different parameters and rules. Results show that all the attacks are detected with good detection rate and the proposed approach provides optimal usage of IDS

IMAT: A Lightweight IoT Network Intrusion Detection System based on Machine Learning techniques

Internet of Things (IoT) is one of the fast-expanding technologies nowadays, and promises to be revolutionary for the near future. IoT systems are in fact an incredible convenience due to centralized and computerized control of any electronic device. This technology allows various physical devices, home applications, vehicles, appliances, etc., to be interconnected and exposed to the Internet. On the other hand, it entails the fundamental need to protect the network from adversarial and unwanted alterations. To prevent such threats it is necessary to appeal to Intrusion Detection Systems (IDS), which can be used in information environments to monitor identified threats or anomalies. The most recent and efficient IDS applications involve the use of Machine Learning (ML) techniques which can automatically detect and prevent malicious attacks, such as distributed denial-of-service (DDoS), which represents a recurring thread to IoT networks in the last years. The work presented on this thesis comes with double purpose: build and test different light Machine Learning models which achieve great performance by running on resource-constrained devices; and at the same time we present a novel Network-based Intrusion Detection System based on the latter devices which can automatically detect IoT attack traffic. Our proposed system consists on deploying small low-powered devices to each component of an IoT environment where each device performs Machine Learning based Intrusion Detection at network level. In this work we describe and train different light-ML models which are tested on Raspberry Pis and FPGAs boards. The performance of such classifiers detecting benign and malicious traffic is presented and compared by response time, accuracy, precision, recall, f1-score and ROC-AUC metrics. The aim of this work is to test these machine learning models on recent datasets with the purpose of finding the most performing ones which can be used for intrusion-defense over IoT environments characterized by high flexibility, easy-installation and efficiency. The obtained results are above 0.99\% of accuracy for different models and they indicate that the proposed system can bring a remarkable layer of security. We show how Machine Learning applied to small low-cost devices is an efficient and versatile combination characterized by a bright future ahead.Internet of Things (IoT) is one of the fast-expanding technologies nowadays, and promises to be revolutionary for the near future. IoT systems are in fact an incredible convenience due to centralized and computerized control of any electronic device. This technology allows various physical devices, home applications, vehicles, appliances, etc., to be interconnected and exposed to the Internet. On the other hand, it entails the fundamental need to protect the network from adversarial and unwanted alterations. To prevent such threats it is necessary to appeal to Intrusion Detection Systems (IDS), which can be used in information environments to monitor identified threats or anomalies. The most recent and efficient IDS applications involve the use of Machine Learning (ML) techniques which can automatically detect and prevent malicious attacks, such as distributed denial-of-service (DDoS), which represents a recurring thread to IoT networks in the last years. The work presented on this thesis comes with double purpose: build and test different light Machine Learning models which achieve great performance by running on resource-constrained devices; and at the same time we present a novel Network-based Intrusion Detection System based on the latter devices which can automatically detect IoT attack traffic. Our proposed system consists on deploying small low-powered devices to each component of an IoT environment where each device performs Machine Learning based Intrusion Detection at network level. In this work we describe and train different light-ML models which are tested on Raspberry Pis and FPGAs boards. The performance of such classifiers detecting benign and malicious traffic is presented and compared by response time, accuracy, precision, recall, f1-score and ROC-AUC metrics. The aim of this work is to test these machine learning models on recent datasets with the purpose of finding the most performing ones which can be used for intrusion-defense over IoT environments characterized by high flexibility, easy-installation and efficiency. The obtained results are above 0.99\% of accuracy for different models and they indicate that the proposed system can bring a remarkable layer of security. We show how Machine Learning applied to small low-cost devices is an efficient and versatile combination characterized by a bright future ahead

Enabling peer-to-peer remote experimentation in distributed online remote laboratories

Remote Access Laboratories (RALs) are online platforms that allow human user interaction with physical instruments over the Internet. Usually RALs follow a client-server paradigm. Dedicated providers create and maintain experiments and corresponding educational content. In contrast, this dissertation focuses on a Peer-to-Peer (P2P) service model for RALs where users are encouraged to host experiments at their location. This approach can be seen as an example of an Internet of Things (IoT) system. A set of smart devices work together providing a cyber-physical interface for users to run experiments remotely via the Internet. The majority of traditional RAL learning activities focus on undergraduate education where hands-on experience such as building experiments, is not a major focus. In contrast this work is motivated by the need to improve Science, Technology, Engineering and Mathematics (STEM) education for school-aged children. Here physically constructing experiments forms a substantial part of the learning experience. In the proposed approach, experiments can be designed with relatively simple components such as LEGO Mindstorms or Arduinos. The user interface can be programed using SNAP!, a graphical programming tool. While the motivation for the work is educational in nature, this thesis focuses on the technical details of experiment control in an opportunistic distributed environment. P2P RAL aims to enable any two random participants in the system - one in the role of maker creating and hosting an experiment and one in the role of learner using the experiment - to establish a communication session during which the learner runs the remote experiment through the Internet without requiring a centralized experiment or service provider. The makers need to have support to create the experiment according to a common web based programing interface. Thus, the P2P approach of RALs requires an architecture that provides a set of heterogeneous tools which can be used by makers to create a wide variety of experiments. The core contribution of this dissertation is an automaton-based model (twin finite state automata) of the controller units and the controller interface of an experiment. This enables the creation of experiments based on a common platform, both in terms of software and hardware. This architecture enables further development of algorithms for evaluating and supporting the performance of users which is demonstrated through a number of algorithms. It can also ensure the safety of instruments with intelligent tools. The proposed network architecture for P2P RALs is designed to minimise latency to improve user satisfaction and learning experience. As experiment availability is limited for this approach of RALs, novel scheduling strategies are proposed. Each of these contributions has been validated through either simulations, e.g. in case of network architecture and scheduling, or test-bed implementations, in case of the intelligent tools. Three example experiments are discussed along with users' feedback on their experience of creating an experiment and using others’ experimental setup. The focus of the thesis is mainly on the design and hosting of experiments and ensuring user accessibility to them. The main contributions of this thesis are in regards to machine learning and data mining techniques applied to IoT systems in order to realize the P2P RALs system. This research has shown that a P2P architecture of RALs can provide a wide variety of experimental setups in a modular environment with high scalability. It can potentially enhance the user-learning experience while aiding the makers of experiments. It presents new aspects of learning analytics mechanisms to monitor and support users while running experiments, thus lending itself to further research. The proposed mathematical models are also applicable to other Internet of Things applications

Deep Learning Approach for Intrusion Detection System (IDS) in the Internet of Things (IoT) Network using Gated Recurrent Neural Networks (GRU)

The Internet of Things (IoT) is a complex paradigm where billions of devices are connected to a network. These connected devices form an intelligent system of systems that share the data without human-to-computer or human-to-human interaction. These systems extract meaningful data that can transform human lives, businesses, and the world in significant ways. However, the reality of IoT is prone to countless cyber-attacks in the extremely hostile environment like the internet. The recent hack of 2014 Jeep Cherokee, iStan pacemaker, and a German steel plant are a few notable security breaches. To secure an IoT system, the traditional high-end security solutions are not suitable, as IoT devices are of low storage capacity and less processing power. Moreover, the IoT devices are connected for longer time periods without human intervention. This raises a need to develop smart security solutions which are light-weight, distributed and have a high longevity of service. Rather than per-device security for numerous IoT devices, it is more feasible to implement security solutions for network data. The artificial intelligence theories like Machine Learning and Deep Learning have already proven their significance when dealing with heterogeneous data of various sizes. To substantiate this, in this research, we have applied concepts of Deep Learning and Transmission Control Protocol/Internet Protocol (TCP/IP) to build a light-weight distributed security solution with high durability for IoT network security. First, we have examined the ways of improving IoT architecture and proposed a light-weight and multi-layered design for an IoT network. Second, we have analyzed the existingapplications of Machine Learning and Deep Learning to the IoT and Cyber-Security. Third, we have evaluated deep learning\u27s Gated Recurrent Neural Networks (LSTM and GRU) on the DARPA/KDD Cup \u2799 intrusion detection data set for each layer in the designed architecture. Finally, from the evaluated metrics, we have proposed the best neural network design suitable for the IoT Intrusion Detection System. With an accuracy of 98.91% and False Alarm Rate of 0.76 %, this unique research outperformed the performance results of existing methods over the KDD Cup \u2799 dataset. For this first time in the IoT research, the concepts of Gated Recurrent Neural Networks are applied for the IoT security

An intelligent, distributed and collaborative DDoS defense system

The Distributed Denial-of-Service (DDoS) attack is known as one of the most destructive attacks on the Internet. With the advent of new computing paradigms, such as Cloud and Mobile computing, and the emergence of pervasive technology, such as the Internet of Things, on one hand, these revolutionized technologies enable the availability of services and applications to everyone. On the other hand, these techniques also benefit attackers to exploit the vulnerabilities and deploy attacks in more efficient ways. Latest network security reports have shown that distributed Denial of Service (DDoS) attacks have been growing dramatically in volume, frequency, sophistication and impact, making it one of the most challenging threats in the Internet. An unfortunate state of affairs is that the remediation strategies have fallen behind attackers. The severe impact caused by recent DDoS attacks strongly indicates the need for an effective DDoS defense system. We study the current existing solution space, and summarize three fundamental requirements for an effective DDoS defense system: 1) an accurate detection with minimal false alarms; 2) an effective inline inspection and instant mitigation, and 3) a dynamic, distributed and collaborative defense infrastructure. This thesis aims at providing such a defense system that fulfills all the requirements. In this thesis, we explore and address the problem from three directions: 1) we strive to understand the existing detection strategies and provide a survey of an empirical analysis of machine learning based detection techniques; 2) we develop a novel hybrid detection model which ensembles a deep learning model for a practical flow by flow detection and a classic machine learning model that is aware of the network status, and 3) we present the design and implementation of an intelligent, distributed and collaborative DDoS defense system that effectively mitigate the impact of DDoS attacks. The performance evaluation results show that our proposed defense system is capable of effectively mitigating DDoS attacks impacts and maintaining a limited disturbing for legitimate services

Next Generation Machine Learning Based Real Time Fraud Detection

Define a real time monitoring architecture that can scale as the network of devices monitored grows. From the research work carried out and the knowledge about the nature of the business, it was possible to develop a clustering methodology over the data streams that allows to detect patterns on entities. The methodology used is based on the concept of micro-cluster, which is a structure that maintains a summary of the patterns detected on entities.In telecommunications there are several schemes to defraud the telecommunications companies causing great financial losses. We can considerer three major categories in telecom fraud based on who the fraudsters are targeting. These categories are: Traffic Pumping Schemes, Defraud Telecom Service Providers, Conducted Over the Telephone. Traffic Pumping Schemes use "access stimulation" techniques to boost traffic to a high cost destination, which then shares the revenue with the fraudster. Defraud Telecom Service Providers are the most complicated, and exploit telecom service providers using SIP trunking, regulatory loopholes, and more. Conducted Over the Telephone, also known as "Phone Fraud", this category covers all types of general fraud that are perpetrated over the telephone. Telecommunications fraud negatively impacts everyone, including good paying customers. The losses increase the companies operating costs. While telecom companies take every measure to stop the fraud and reduce their losses, the criminals continue their attacks on companies with perceived weaknesses. The telecom business is facing a serious hazard growing as fast as the industry itself. Communications Fraud Control Association (CFCA) stated that telecom fraud represented nearly $30 billion globally in 2017 cite{telecomengine}. Another problem is to stay on top of the game with effective anti-fraud technologies. The need to ensure a secure and trustable Internet of Things (IoT) network brings the challenge to continuously monitor massive volumes of machine data in streaming. Therefore a different approach is required in the scope of Fraud Detection, where detection engines need to detect risk situations in real time and be able to adapt themselves to evolving behavior patterns. Machine learning based online anomaly detection can support this new approach. For applications involving several data streams, the challenge of detecting anomalies has become harder over time, as data can dynamically evolve in subtle ways following changes in the underlying infrastructure. The goal of this paper is to research existing online anomaly detection algorithms to select a set of candidates in order to test them in Fraud Detection scenarios