304 research outputs found
Network Intrusion Detection System using Deep Learning Technique
The rise in the usage of the internet in this recent time had led to tremendous development in computer networks with large volumes of information transported daily. This development has generated lots of security threats and privacy concerns on networks and data. To tackle these issues, several protective measures have been developed including the Intrusion Detection Systems (IDSs). IDS plays a major backbone in network security and provides an extra layer of security to other security defence mechanisms in a network. However, existing IDS built on a signature base such as snort and the likes are unable to detect unknown and novel threats. Anomaly detection-based IDSs that use Machine Learning (ML) approaches are not scalable when enormous data are presented, and during modelling, the runtime increases as the dataset size increases which needs high computational resources to fulfil the runtime requirements.
This thesis proposes a Feedforward Deep Neural Network (FFDNN) for an intrusion detection system that performs a binary classification on the popular NSL-Knowledge discovery and data mining (NSL-KDD) dataset. The model was developed from Keras API integrated into TensorFlow in Google's colaboratory software environment. Three variants of FFDNNs were trained using the NSL-KDD dataset and the network architecture consisted of two hidden layers with 64 and 32; 32 and 16; 512 and 256 neurons respectively, and each with the ReLu activation function. The sigmoid activation function for binary classification was used in the output layer and the prediction loss function used was the binary cross-entropy. Regularization was set to a dropout rate of 0.2 and the Adam optimizer was used. The deep neural networks were trained for 16, 20, 20 epochs respectively for batch sizes of 256, 64, and 128. After evaluating the performances of the FFDNNs on the training data, the prediction was made on test data, and accuracies of 89%, 84%, and 87% were achieved. The experiment was also conducted on the same training dataset (NSL-KDD) using the conventional machine learning algorithms (Random Forest; K-nearest neighbor; Logistic regression; Decision tree; and Naïve Bayes) and predictions of each algorithm on the test data gave different performance accuracies of 81%, 76%, 77%, 77%, 77%, respectively.
The performance results of the FFDNNs were calculated based on some important metrics (FPR, FAR, F1 Measure, Precision), and these were compared to the conventional ML algorithms and the outcome shows that the deep neural networks performed best due to their dense architecture that made it scalable with the large size of the dataset and also offered a faster run time during training in contrast to the slow run time of the Conventional ML. This implies that when the dataset is large and a faster computation is required, then FFDNN is a better choice for best performance accuracy
Performance of Machine Learning and Big Data Analytics paradigms in Cybersecurity and Cloud Computing Platforms
The purpose of the research is to evaluate Machine Learning and Big Data Analytics paradigms for use in Cybersecurity. Cybersecurity refers to a combination of technologies, processes and operations that are framed to protect information systems, computers, devices, programs, data and networks from internal or external threats, harm, damage, attacks or unauthorized access. The main characteristic of Machine Learning (ML) is the automatic data analysis of large data sets and production of models for the general relationships found among data. ML algorithms, as part of Artificial Intelligence, can be clustered into supervised, unsupervised, semi-supervised, and reinforcement learning algorithms
Water filtration by using apple and banana peels as activated carbon
Water filter is an important devices for reducing the contaminants in raw water. Activated from charcoal is used to absorb the contaminants. Fruit peels are some of the suitable alternative carbon to substitute the charcoal. Determining the role of fruit peels which were apple and banana peels powder as activated carbon in water filter is the main goal. Drying and blending the peels till they become powder is the way to allow them to absorb the contaminants. Comparing the results for raw water before and after filtering is the observation. After filtering the raw water, the reading for pH was 6.8 which is in normal pH and turbidity reading recorded was 658 NTU. As for the colour, the water becomes more clear compared to the raw water. This study has found that fruit peels such as banana and apple are an effective substitute to charcoal as natural absorbent
Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape
Anomaly detection aims at identifying unexpected fluctuations in the expected
behavior of a given system. It is acknowledged as a reliable answer to the
identification of zero-day attacks to such extent, several ML algorithms that
suit for binary classification have been proposed throughout years. However,
the experimental comparison of a wide pool of unsupervised algorithms for
anomaly-based intrusion detection against a comprehensive set of attacks
datasets was not investigated yet. To fill such gap, we exercise seventeen
unsupervised anomaly detection algorithms on eleven attack datasets. Results
allow elaborating on a wide range of arguments, from the behavior of the
individual algorithm to the suitability of the datasets to anomaly detection.
We conclude that algorithms as Isolation Forests, One-Class Support Vector
Machines and Self-Organizing Maps are more effective than their counterparts
for intrusion detection, while clustering algorithms represent a good
alternative due to their low computational complexity. Further, we detail how
attacks with unstable, distributed or non-repeatable behavior as Fuzzing, Worms
and Botnets are more difficult to detect. Ultimately, we digress on
capabilities of algorithms in detecting anomalies generated by a wide pool of
unknown attacks, showing that achieved metric scores do not vary with respect
to identifying single attacks.Comment: Will be published on ACM Transactions Data Scienc
TOWARDS A HOLISTIC EFFICIENT STACKING ENSEMBLE INTRUSION DETECTION SYSTEM USING NEWLY GENERATED HETEROGENEOUS DATASETS
With the exponential growth of network-based applications globally, there has been a transformation in organizations\u27 business models. Furthermore, cost reduction of both computational devices and the internet have led people to become more technology dependent. Consequently, due to inordinate use of computer networks, new risks have emerged. Therefore, the process of improving the speed and accuracy of security mechanisms has become crucial.Although abundant new security tools have been developed, the rapid-growth of malicious activities continues to be a pressing issue, as their ever-evolving attacks continue to create severe threats to network security. Classical security techniquesfor instance, firewallsare used as a first line of defense against security problems but remain unable to detect internal intrusions or adequately provide security countermeasures. Thus, network administrators tend to rely predominantly on Intrusion Detection Systems to detect such network intrusive activities. Machine Learning is one of the practical approaches to intrusion detection that learns from data to differentiate between normal and malicious traffic. Although Machine Learning approaches are used frequently, an in-depth analysis of Machine Learning algorithms in the context of intrusion detection has received less attention in the literature.Moreover, adequate datasets are necessary to train and evaluate anomaly-based network intrusion detection systems. There exist a number of such datasetsas DARPA, KDDCUP, and NSL-KDDthat have been widely adopted by researchers to train and evaluate the performance of their proposed intrusion detection approaches. Based on several studies, many such datasets are outworn and unreliable to use. Furthermore, some of these datasets suffer from a lack of traffic diversity and volumes, do not cover the variety of attacks, have anonymized packet information and payload that cannot reflect the current trends, or lack feature set and metadata.This thesis provides a comprehensive analysis of some of the existing Machine Learning approaches for identifying network intrusions. Specifically, it analyzes the algorithms along various dimensionsnamely, feature selection, sensitivity to the hyper-parameter selection, and class imbalance problemsthat are inherent to intrusion detection. It also produces a new reliable dataset labeled Game Theory and Cyber Security (GTCS) that matches real-world criteria, contains normal and different classes of attacks, and reflects the current network traffic trends. The GTCS dataset is used to evaluate the performance of the different approaches, and a detailed experimental evaluation to summarize the effectiveness of each approach is presented. Finally, the thesis proposes an ensemble classifier model composed of multiple classifiers with different learning paradigms to address the issue of detection accuracy and false alarm rate in intrusion detection systems
Applications in security and evasions in machine learning : a survey
In recent years, machine learning (ML) has become an important part to yield security and privacy in various applications. ML is used to address serious issues such as real-time attack detection, data leakage vulnerability assessments and many more. ML extensively supports the demanding requirements of the current scenario of security and privacy across a range of areas such as real-time decision-making, big data processing, reduced cycle time for learning, cost-efficiency and error-free processing. Therefore, in this paper, we review the state of the art approaches where ML is applicable more effectively to fulfill current real-world requirements in security. We examine different security applications' perspectives where ML models play an essential role and compare, with different possible dimensions, their accuracy results. By analyzing ML algorithms in security application it provides a blueprint for an interdisciplinary research area. Even with the use of current sophisticated technology and tools, attackers can evade the ML models by committing adversarial attacks. Therefore, requirements rise to assess the vulnerability in the ML models to cope up with the adversarial attacks at the time of development. Accordingly, as a supplement to this point, we also analyze the different types of adversarial attacks on the ML models. To give proper visualization of security properties, we have represented the threat model and defense strategies against adversarial attack methods. Moreover, we illustrate the adversarial attacks based on the attackers' knowledge about the model and addressed the point of the model at which possible attacks may be committed. Finally, we also investigate different types of properties of the adversarial attacks
Automated Inference System for End-To-End Diagnosis of Network Performance Issues in Client-Terminal Devices
Traditional network diagnosis methods of Client-Terminal Device (CTD)
problems tend to be laborintensive, time consuming, and contribute to increased
customer dissatisfaction. In this paper, we propose an automated solution for
rapidly diagnose the root causes of network performance issues in CTD. Based on
a new intelligent inference technique, we create the Intelligent Automated
Client Diagnostic (IACD) system, which only relies on collection of
Transmission Control Protocol (TCP) packet traces. Using soft-margin Support
Vector Machine (SVM) classifiers, the system (i) distinguishes link problems
from client problems and (ii) identifies characteristics unique to the specific
fault to report the root cause. The modular design of the system enables
support for new access link and fault types. Experimental evaluation
demonstrated the capability of the IACD system to distinguish between faulty
and healthy links and to diagnose the client faults with 98% accuracy. The
system can perform fault diagnosis independent of the user's specific TCP
implementation, enabling diagnosis of diverse range of client devicesComment: arXiv admin note: substantial text overlap with arXiv:1207.356
Improving Network-Based Anomaly Detection in Smart Home Environment
The Smart Home (SH) has become an appealing target of cyberattacks. Due to the limitation of hardware resources and the various operating systems (OS) of current SH devices, existing security features cannot protect such an environment. Generally, the traffic patterns of an SH IoT device under attack often changes in the Home Area Network (HAN). Therefore, a Network-Based Intrusion Detection System (NIDS) logically becomes the forefront security solution for the SH. In this paper, we propose a novel method to assist classification machine learning algorithms generate an anomaly-based NIDS detection model, hence, detecting the abnormal SH IoT device network behaviour. Three network-based attacks were used to evaluate our NIDS solution in a simulated SH test-bed environment. The detection model generated by traditional and ensemble classification Mechanical Learning (ML) methods shows outstanding overall performance. The accuracy of all detection models is over 98.8%
A novel approach to data mining using simplified swarm optimization
Data mining has become an increasingly important approach to deal with the rapid
growth of data collected and stored in databases. In data mining, data classification
and feature selection are considered the two main factors that drive people when
making decisions. However, existing traditional data classification and feature
selection techniques used in data management are no longer enough for such massive
data. This deficiency has prompted the need for a new intelligent data mining
technique based on stochastic population-based optimization that could discover
useful information from data.
In this thesis, a novel Simplified Swarm Optimization (SSO) algorithm is proposed as
a rule-based classifier and for feature selection. SSO is a simplified Particle Swarm
Optimization (PSO) that has a self-organising ability to emerge in highly distributed
control problem space, and is flexible, robust and cost effective to solve complex
computing environments. The proposed SSO classifier has been implemented to
classify audio data. To the author’s knowledge, this is the first time that SSO and PSO
have been applied for audio classification.
Furthermore, two local search strategies, named Exchange Local Search (ELS) and
Weighted Local Search (WLS), have been proposed to improve SSO performance.
SSO-ELS has been implemented to classify the 13 benchmark datasets obtained from
the UCI repository database. Meanwhile, SSO-WLS has been implemented in
Anomaly-based Network Intrusion Detection System (A-NIDS). In A-NIDS, a novel
hybrid SSO-based Rough Set (SSORS) for feature selection has also been proposed.
The empirical analysis showed promising results with high classification accuracy
rate achieved by all proposed techniques over audio data, UCI data and KDDCup 99
datasets. Therefore, the proposed SSO rule-based classifier with local search
strategies has offered a new paradigm shift in solving complex problems in data
mining which may not be able to be solved by other benchmark classifiers
- …