8,651 research outputs found
Spatiotemporal Patterns and Predictability of Cyberattacks
Y.C.L. was supported by Air Force Office of Scientific Research (AFOSR) under grant no. FA9550-10-1-0083 and Army Research Office (ARO) under grant no. W911NF-14-1-0504. S.X. was supported by Army Research Office (ARO) under grant no. W911NF-13-1-0141. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Peer reviewedPublisher PD
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches
Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR'16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further
Analyzing pattern matching algorithms applied on snort intrusion detection system
Currently, intrusion detection system has become widely used as a network perimeter security. The used of IDS to prevent the extremely sophisticated attacks in most of our industries, governmental organization and educational institutions .However ,Intrusion detection system can be either host-based or network based intrusion detection system, in a host-base intrusion it monitors the host where its configured while the network-based IDS it monitors both inbound and outbound traffic network. Furthermore, signature based or anomaly based detection techniques are used to detect malicious packets or attack in both network and host-based intrusion detection systems. Therefore, the challenges faced by most of the signature based detection systems like Snort tool is incapability to detect malicious traffic at higher traffic network, which resulted in a packet drooping and subjected the network where this signature based system is configured as a network perimeter security. The challenges resulted as a result of inefficiency of the pattern matching algorithms to efficiently perform pattern matching. Moreover, this project research work aim to compare the current Boyer-Moore pattern matching algorithm applied by the snort IDS with the Quick Search pattern matching algorithm in order to evaluate their performance and recommend for the implementation of the new pattern matching algorithm that will enhance snort detection performance
Millimeter-wave Wireless LAN and its Extension toward 5G Heterogeneous Networks
Millimeter-wave (mmw) frequency bands, especially 60 GHz unlicensed band, are
considered as a promising solution for gigabit short range wireless
communication systems. IEEE standard 802.11ad, also known as WiGig, is
standardized for the usage of the 60 GHz unlicensed band for wireless local
area networks (WLANs). By using this mmw WLAN, multi-Gbps rate can be achieved
to support bandwidth-intensive multimedia applications. Exhaustive search along
with beamforming (BF) is usually used to overcome 60 GHz channel propagation
loss and accomplish data transmissions in such mmw WLANs. Because of its short
range transmission with a high susceptibility to path blocking, multiple number
of mmw access points (APs) should be used to fully cover a typical target
environment for future high capacity multi-Gbps WLANs. Therefore, coordination
among mmw APs is highly needed to overcome packet collisions resulting from
un-coordinated exhaustive search BF and to increase the total capacity of mmw
WLANs. In this paper, we firstly give the current status of mmw WLANs with our
developed WiGig AP prototype. Then, we highlight the great need for coordinated
transmissions among mmw APs as a key enabler for future high capacity mmw
WLANs. Two different types of coordinated mmw WLAN architecture are introduced.
One is the distributed antenna type architecture to realize centralized
coordination, while the other is an autonomous coordination with the assistance
of legacy Wi-Fi signaling. Moreover, two heterogeneous network (HetNet)
architectures are also introduced to efficiently extend the coordinated mmw
WLANs to be used for future 5th Generation (5G) cellular networks.Comment: 18 pages, 24 figures, accepted, invited paper
Knowing Your Population: Privacy-Sensitive Mining of Massive Data
Location and mobility patterns of individuals are important to environmental
planning, societal resilience, public health, and a host of commercial
applications. Mining telecommunication traffic and transactions data for such
purposes is controversial, in particular raising issues of privacy. However,
our hypothesis is that privacy-sensitive uses are possible and often beneficial
enough to warrant considerable research and development efforts. Our work
contends that peoples behavior can yield patterns of both significant
commercial, and research, value. For such purposes, methods and algorithms for
mining telecommunication data to extract commonly used routes and locations,
articulated through time-geographical constructs, are described in a case study
within the area of transportation planning and analysis. From the outset, these
were designed to balance the privacy of subscribers and the added value of
mobility patterns derived from their mobile communication traffic and
transactions data. Our work directly contrasts the current, commonly held
notion that value can only be added to services by directly monitoring the
behavior of individuals, such as in current attempts at location-based
services. We position our work within relevant legal frameworks for privacy and
data protection, and show that our methods comply with such requirements and
also follow best-practice
Security Features in a Hybrid Software-Defined Network
The paper presents a novel paradigm of software-defined network that is significantly different from previous traditional networks and enables new opportunities in the architecture and implementation of security solutions. The analysis of network environments will compare traditional networks and software-defined networks and emphasize significant differences. A survey of the existing research includes vector attacks and troubleshooting using the capabilities of SDN with an emphasis on access control, detection, and prevention of attacks. This paper uses previous research and results to obtain information that will be used in improving critical system network protection and compares it with the existing conventional approach as well as implements it through a hybrid software-defined network
A Hybridized- Logistic Regression and Deep Learning-based Approaches for Precise Anomaly Detection in Cloud
Anomaly Detection plays a pivot role in determining the abnormal behaviour in the cloud domain. The objective of the manuscript is to present two approaches for Precise Anomaly Detection Approaches by hybridizing RBM with LR and SVM models. The various phases in the present approach are (a) Data collection (b) Pre-processing and normalization; OneHot Encoder for converting categorical values to numerical values followed by encoding the binary features through normalization (c) training the data (d) Building the Feedforward Deep Belief Network (EDBN) using hybridizing Restricted Boltzmann Machine (RBM) with Logistic Regression (LR) and Support Vector Machine (SVM); In the first approach, RBM model is trained through unsupervised pre-training followed by fine-tuning using LR model. In the later approach, RBM model is trained through unsupervised pre-training followed by fine-tuning using SVM model; both the approaches adopt unsupervised pre-training followed by supervised-fine-tuning operations (e) Model Evaluation using the significant parameters such as Precision, Recall, Accuracy, F1-score and Confusion Matrix. The experimental evaluations concluded the effective anomaly detection techniques by integrating the RBM with LR and SVM for capturing the intricate patterns and complex relationships among the data. The proposed approaches paves a path to improved anomaly detection technique, thereby enhancing the security features and anomaly monitoring systems across distinct domains
- …