Cyber-Physical Security with RF Fingerprint Classification through Distance Measure Extensions of Generalized Relevance Learning Vector Quantization

Radio frequency (RF) fingerprinting extracts fingerprint features from RF signals to protect against masquerade attacks by enabling reliable authentication of communication devices at the “serial number” level. Facilitating the reliable authentication of communication devices are machine learning (ML) algorithms which find meaningful statistical differences between measured data. The Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier is one ML algorithm which has shown efficacy for RF fingerprinting device discrimination. GRLVQI extends the Learning Vector Quantization (LVQ) family of “winner take all” classifiers that develop prototype vectors (PVs) which represent data. In LVQ algorithms, distances are computed between exemplars and PVs, and PVs are iteratively moved to accurately represent the data. GRLVQI extends LVQ with a sigmoidal cost function, relevance learning, and PV update logic improvements. However, both LVQ and GRLVQI are limited due to a reliance on squared Euclidean distance measures and a seemingly complex algorithm structure if changes are made to the underlying distance measure. Herein, the authors (1) develop GRLVQI-D (distance), an extension of GRLVQI to consider alternative distance measures and (2) present the Cosine GRLVQI classifier using this framework. To evaluate this framework, the authors consider experimentally collected Z -wave RF signals and develop RF fingerprints to identify devices. Z -wave devices are low-cost, low-power communication technologies seen increasingly in critical infrastructure. Both classification and verification, claimed identity, and performance comparisons are made with the new Cosine GRLVQI algorithm. The results show more robust performance when using the Cosine GRLVQI algorithm when compared with four algorithms in the literature. Additionally, the methodology used to create Cosine GRLVQI is generalizable to alternative measures

DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey

Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks are typically explicit attempts to exhaust victim2019;s bandwidth or disrupt legitimate users2019; access to services. Traditional architecture of internet is vulnerable to DDoS attacks and it provides an opportunity to an attacker to gain access to a large number of compromised computers by exploiting their vulnerabilities to set up attack networks or Botnets. Once attack network or Botnet has been set up, an attacker invokes a large-scale, coordinated attack against one or more targets. Asa result of the continuous evolution of new attacks and ever-increasing range of vulnerable hosts on the internet, many DDoS attack Detection, Prevention and Traceback mechanisms have been proposed, In this paper, we tend to surveyed different types of attacks and techniques of DDoS attacks and their countermeasures. The significance of this paper is that the coverage of many aspects of countering DDoS attacks including detection, defence and mitigation, traceback approaches, open issues and research challenges

The 1st International Conference on Computational Engineering and Intelligent Systems

Computational engineering, artificial intelligence and smart systems constitute a hot multidisciplinary topic contrasting computer science, engineering and applied mathematics that created a variety of fascinating intelligent systems. Computational engineering encloses fundamental engineering and science blended with the advanced knowledge of mathematics, algorithms and computer languages. It is concerned with the modeling and simulation of complex systems and data processing methods. Computing and artificial intelligence lead to smart systems that are advanced machines designed to fulfill certain specifications. This proceedings book is a collection of papers presented at the first International Conference on Computational Engineering and Intelligent Systems (ICCEIS2021), held online in the period December 10-12, 2021. The collection offers a wide scope of engineering topics, including smart grids, intelligent control, artificial intelligence, optimization, microelectronics and telecommunication systems. The contributions included in this book are of high quality, present details concerning the topics in a succinct way, and can be used as excellent reference and support for readers regarding the field of computational engineering, artificial intelligence and smart system

Feature Selection and Classifier Development for Radio Frequency Device Identification

The proliferation of simple and low-cost devices, such as IEEE 802.15.4 ZigBee and Z-Wave, in Critical Infrastructure (CI) increases security concerns. Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting facilitates biometric-like identification of electronic devices emissions from variances in device hardware. Developing reliable classifier models using RF-DNA fingerprints is thus important for device discrimination to enable reliable Device Classification (a one-to-many looks most like assessment) and Device ID Verification (a one-to-one looks how much like assessment). AFITs prior RF-DNA work focused on Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) and Generalized Relevance Learning Vector Quantized Improved (GRLVQI) classifiers. This work 1) introduces a new GRLVQI-Distance (GRLVQI-D) classifier that extends prior GRLVQI work by supporting alternative distance measures, 2) formalizes a framework for selecting competing distance measures for GRLVQI-D, 3) introducing response surface methods for optimizing GRLVQI and GRLVQI-D algorithm settings, 4) develops an MDA-based Loadings Fusion (MLF) Dimensional Reduction Analysis (DRA) method for improved classifier-based feature selection, 5) introduces the F-test as a DRA method for RF-DNA fingerprints, 6) provides a phenomenological understanding of test statistics and p-values, with KS-test and F-test statistic values being superior to p-values for DRA, and 7) introduces quantitative dimensionality assessment methods for DRA subset selection

Towards Efficient Intrusion Detection using Hybrid Data Mining Techniques

The enormous development in the connectivity among different type of networks poses significant concerns in terms of privacy and security. As such, the exponential expansion in the deployment of cloud technology has produced a massive amount of data from a variety of applications, resources and platforms. In turn, the rapid rate and volume of data creation in high-dimension has begun to pose significant challenges for data management and security. Handling redundant and irrelevant features in high-dimensional space has caused a long-term challenge for network anomaly detection. Eliminating such features with spectral information not only speeds up the classification process, but also helps classifiers make accurate decisions during attack recognition time, especially when coping with large-scale and heterogeneous data such as network traffic data. Furthermore, the continued evolution of network attack patterns has resulted in the emergence of zero-day cyber attacks, which nowadays has considered as a major challenge in cyber security. In this threat environment, traditional security protections like firewalls, anti-virus software, and virtual private networks are not always sufficient. With this in mind, most of the current intrusion detection systems (IDSs) are either signature-based, which has been proven to be insufficient in identifying novel attacks, or developed based on absolute datasets. Hence, a robust mechanism for detecting intrusions, i.e. anomaly-based IDS, in the big data setting has therefore become a topic of importance. In this dissertation, an empirical study has been conducted at the initial stage to identify the challenges and limitations in the current IDSs, providing a systematic treatment of methodologies and techniques. Next, a comprehensive IDS framework has been proposed to overcome the aforementioned shortcomings. First, a novel hybrid dimensionality reduction technique is proposed combining information gain (IG) and principal component analysis (PCA) methods with an ensemble classifier based on three different classification techniques, named IG-PCA-Ensemble. Experimental results show that the proposed dimensionality reduction method contributes more critical features and reduced the detection time significantly. The results show that the proposed IG-PCA-Ensemble approach has also exhibits better performance than the majority of the existing state-of-the-art approaches

Distributed System for Attack Classification in VoIP Infrastructure Based on SIP Protocol

Import 14/02/2017Dizertační práce se zaměřuje na strojové metody klasifikace SIP útoků. Data o VoIP útocích jsou získána distribuovanou sítí detekčních sond s honeypot aplikacemi. Zachycené útoky následně zpracovává centralizovaný expertní systém Beekeeper. Tento systém provádí transformaci dat a jejich klasifikaci algoritmy strojového učení. V práci rozebírám různé typy těchto algoritmů, využívající učení bez i s učitelem, kdy nejlepších výsledků klasifikace dosahuje MLP neuronová síť. Tato neuronová síť je blíže popsána a testována v různých konfiguracích a nastaveních. Výsledná implementace obsahuje i techniky k vylepšení přesnosti, které stávající implementace nevyužívají. V práci seznamuji čtenáře se SIP protokolem, VoIP útoky a současným stavem na poli detekce těchto útoků. Navrhované řešení spoléhá na nasazení expertního systému Beekeeper s distribuovanou sítí detekčních sond. Koncept systému Beekeeper má modulární design s moduly pro agregaci a čištění dat, analýzu a vyhodnocení útoku, monitoring stavu jednotlivých sond, webové rozhraní pro komunikaci s uživateli atd. Různorodost a široká škála dostupných sond umožňuje jejich snadné nasazení v cílové síti, přičemž vyhodnocení nežádoucího provozu provádí autonomně systém Beekeeper. Díky modulární architektuře však není nutné omezovat funkci tohoto systému jen na detekci útoků. Věrohodnost a přesnost klasifikace útoků neuronovou sítí byla ověřena srovnáním s ostatními algoritmy strojového učení a výhody modelu byly popsány.The dissertation thesis focuses on machine learning methods for SIP attack classification. VoIP attacks are gathered with various types of detection nodes through a set of a honeypot applications. The data uncovered by different nodes collects centralized expert system Beekeeper. The system transforms attacks to the database and classifies them with machine learning algorithms. The thesis covers various supervised and unsupervised algorithms, but the best results and highest classification accuracy achieves MLP neural network. The neural network model is closely described and tested under varying condition and settings. The final neural network implementation contains the latest improvements for enhancing the MLP accuracy. The thesis familiarizes the reader with SIP protocol, VoIP attacks and the current state of the art methods for attack detection and mitigation. I propose the concept of a centralized expert system with distributed detection nodes. This concept also provides techniques for attack aggregation, data cleaning, node state monitoring, an analysis module, web interface and so on. The expert system Beekeeper is a modular system for attack classification and evaluation. Various detection nodes enable easy deployment in target network by the administrator, while the Beekeeper interprets the malicious traffic on the node. But the general nature and modularity of the expert system Beekeeper allow it to be used in other cases as well. The reliability and accuracy of the neural network model are verified and compared with other machine learning available nowadays. The benefits of proposed model are highlighted.440 - Katedra telekomunikační technikyvyhově

Machine Learning

Machine Learning can be defined in various ways related to a scientific domain concerned with the design and development of theoretical and implementation tools that allow building systems with some Human Like intelligent behavior. Machine learning addresses more specifically the ability to improve automatically through experience

Natural Disaster Detection Using Wavelet and Artificial Neural Network

Indonesia, by the location of its geographic and geologic, it have more potential encounters for natural disasters. This nation is traversed by three tectonic plates, namely: IndoAustralian, the Eurasian and the Pacific plates. One of the tools employed to detect danger and send an early disaster warning is sensor device for ocean waves, but it has drawbacks related to the very limited time gap between information/warnings obtained and the real disaster event, which is only less than 30 minutes. Natural disaster early detection information system is essential to prevent potential danger. The system can make use of the pattern recognition of satellite imagery sequences that take place before and during the natural disaster. This study is conducted to determine the right wavelet to compress the satellite image sequences and to perform the pattern recognition process of a natural disaster employing an artificial neural network. This study makes use of satellite imagery sequences of tornadoes and hurricanes

Segurança da rede de comunicações numa instituição de ensino superior

Mestrado em Engenharia Eletrónica e TelecomunicaçõesA segurança no ambiente de redes de computadores é um elemento essencial para a proteção dos recursos da rede, dos sistemas e da informação. Os mecanismos de segurança normalmente utilizados são criptografia de dados, firewalls, mecanismos de controlo de acesso e sistemas de deteção de intrusões. Os sistemas de deteção de intrusões têm sido alvo de muita investigação já que constituem um mecanismo muito importante para a monitorização e deteção de eventos suspeitos em redes de computadores. A investigação nesta área visa adequar os mecanismos de deteção por forma a aumentar a sua eficiência. Ameaças na Internet tornaram-se cada vez mais sofisticados e são capazes de contornar as soluções básicas de segurança, como firewalls e antivírus. É portanto necessária uma proteção adicional para aumentar a segurança global da rede. Uma possível solução para melhorar a segurança é adicionar um sistema de deteção de intrusões (IDS) como uma camada adicional nas soluções de segurança. A deteção de intrusões aparece muitas vezes associada à prevenção de intrusões, que pode ser definida como o processo de detetar e impedir as intrusões, no sentido de evitar as possíveis consequências nefastas. Os Sistemas de Deteção e Prevenção de Intrusões (IDPS) estão focados em identificar possíveis incidentes, evitar o acesso a informação de login e reportar todos os resultados ao administrador de segurança. Além disso, as organizações utilizam IDPS para outros fins, tais como a identificação de problemas com as políticas de segurança, documentar ameaças existentes e identificar quem tenta violar as políticas de segurança. Os IDPS tornaram-se assim num complemento necessário para a infraestrutura de segurança de quase todas as organizações. Esta dissertação pretende analisar a rede de comunicações do Instituto Politécnico de Tomar, identificando as suas principais deficiências de segurança e propondo soluções capazes de atenuar os problemas identificados.Security in the computer network environment is an essential element for the protection of the network resources, systems and information. The security mechanisms that are usually applied include data cryptography, firewalls, access control mechanisms and intrusion detection systems. Intrusion detection systems have been largely investigated in recent years because they are an important mechanism for monitoring and detecting suspicious events in computer network environments. Research in this area aims to improve the efficiency of the detection mechanisms. Security threats are becoming more and more sophisticated and able to bypass basic security solutions, such as firewalls and antivirus scanners. Therefore, additional protection is needed to enhance the network overall security. One possible solution is the deployment of an intrusion detection system (IDS) as an additional security layer. Intrusion detection is the process of monitoring events occurring in a computer system or network, analyzing them and look for signs of possible incidents, which can be violations or imminent threats of violation of computer security policies. Intrusion prevention is the process of performing intrusion detection and attempting to avoid detected incidents. Intrusion detection and prevention systems (IDPS) are mainly focused on identifying possible incidents, logging information about them, try to stop those incidents and report them to security administrators. Organizations also use IDPSs for other purposes, such as identify problems on security policies, document security threats and avoid individuals from violating security policies. So, IDPSs became a necessary addition to the security infrastructure of every organization. This thesis aims to analyze the communications network of the Polytechnical Institute of Tomar, identifying their major security deficiencies and proposing solutions that can mitigate those problems