Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network

Intrusion detection and prevention are two of the most important issues to solve in network security infrastructure. Intrusion detection systems (IDSs) protect networks by using patterns to detect malicious traffic. As attackers have tried to dissimulate traffic in order to evade the rules applied, several machine learning-based IDSs have been developed. In this study, we focused on one such model involving several algorithms and used the NSL-KDD dataset as a benchmark to train and evaluate its performance. We demonstrate a way to create adversarial instances of network traffic that can be used to evade detection by a machine learning-based IDS. Moreover, this traffic can be used for training in order to improve performance in the case of new attacks. Thus, a generative adversarial network (GAN)—i.e., an architecture based on a deep-learning algorithm capable of creating generative models—was implemented. Furthermore, we tested the IDS performance using the generated adversarial traffic. The results showed that, even in the case of the GAN-generated traffic (which could successfully evade IDS detection), by using the adversarial traffic in the testing process, we could improve the machine learning-based IDS performance

LAN Traffic Capture Applications Using the Libtins Library

Capturing traffic and processing its contents is a valuable skill that when put in the right hands makes diagnosing and troubleshooting network issues an approachable task. Apart from aiding in fixing common problems, packet capture can also be used for any application that requires getting a deeper understanding of how things work under the hood. Many tools have been developed in order to allow the user to study the flow of data inside of a network. This paper focuses on documenting the process of creating such tools and showcasing their use in different contexts. This is achieved by leveraging the power of the C++ programming language and of the libtins library in order to create custom extensible sniffing tools, which are then used in VoIP (Voice over IP) and IDS (Intrusion Detection System) applications

Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network

Intrusion detection and prevention are two of the most important issues to solve in network security infrastructure. Intrusion detection systems (IDSs) protect networks by using patterns to detect malicious traffic. As attackers have tried to dissimulate traffic in order to evade the rules applied, several machine learning-based IDSs have been developed. In this study, we focused on one such model involving several algorithms and used the NSL-KDD dataset as a benchmark to train and evaluate its performance. We demonstrate a way to create adversarial instances of network traffic that can be used to evade detection by a machine learning-based IDS. Moreover, this traffic can be used for training in order to improve performance in the case of new attacks. Thus, a generative adversarial network (GAN)—i.e., an architecture based on a deep-learning algorithm capable of creating generative models—was implemented. Furthermore, we tested the IDS performance using the generated adversarial traffic. The results showed that, even in the case of the GAN-generated traffic (which could successfully evade IDS detection), by using the adversarial traffic in the testing process, we could improve the machine learning-based IDS performance

LAN Traffic Capture Applications Using the Libtins Library

Capturing traffic and processing its contents is a valuable skill that when put in the right hands makes diagnosing and troubleshooting network issues an approachable task. Apart from aiding in fixing common problems, packet capture can also be used for any application that requires getting a deeper understanding of how things work under the hood. Many tools have been developed in order to allow the user to study the flow of data inside of a network. This paper focuses on documenting the process of creating such tools and showcasing their use in different contexts. This is achieved by leveraging the power of the C++ programming language and of the libtins library in order to create custom extensible sniffing tools, which are then used in VoIP (Voice over IP) and IDS (Intrusion Detection System) applications

Software tool for passive real-time measurement of QoS parameters

The paper presents the designing of a software tool for real-time measurement of the following quality of service parameters: one-way delay, average one-way delay, IP packet delay variation and average IP packet delay variation. The solution is an improved version of OreNETa (One-way delay REaltime NETwork Analyzer), by optimizing the traffic between the meter and the analyzer. When a new flow is detected, the meter assemblies a flow descriptor and sends it to the analyzer. Following the flow recording, it will announce the meter to send a shorter message, called header, for all the packets belonging to the newly registered flow.Postprint (published version

Software tool for passive real-time measurement of QoS parameters

The paper presents the designing of a software tool for real-time measurement of the following quality of service parameters: one-way delay, average one-way delay, IP packet delay variation and average IP packet delay variation. The solution is an improved version of OreNETa (One-way delay REaltime NETwork Analyzer), by optimizing the traffic between the meter and the analyzer. When a new flow is detected, the meter assemblies a flow descriptor and sends it to the analyzer. Following the flow recording, it will announce the meter to send a shorter message, called header, for all the packets belonging to the newly registered flow

Sdn-based network slicing mechanism for a scalable 4g/5g core network

Funding Information: Acknowledgments: This work was supported in part by the Business Finland under the project 5G Finnish Open Research Collaboration Ecosystem (5G-FORCE) and Academy of Finland under Project No. 319003. This work has been performed in the framework of the H2020 project 5G-SMART, co-funded by the EU. The authors would like to acknowledge the contributions of their colleagues. This information reflects the consortium’s view, but the consortium is not liable for any use that may be made of any of the information contained therein. Funding Information: This work was supported in part by the Business Finland under the project 5G Finnish Open Re-search Collaboration Ecosystem (5G-FORCE) and Academy of Finland under Project No. 319003. This work has been performed in the framework of the H2020 project 5G-SMART, co-funded by the EU. Funding Information: Funding: This work was supported in part by the Business Finland under the project 5G Finnish Open Re-search Collaboration Ecosystem (5G-FORCE) and Academy of Finland under Project No. 319003. This work has been performed in the framework of the H2020 project 5G-SMART, co-funded by the EU. Publisher Copyright: © 2021 by the authors. Licensee MDPI, Basel, Switzerland.Managing the large volumes of IoT and M2M traffic requires the evaluation of the scala-bility and reliability for all the components in the end-to-end system. This includes connectivity, mobile network functions, and application or services receiving and processing the data from end devices. Firstly, this paper discusses the design of a containerized IoT and M2M application and the mechanisms for delivering automated scalability and high availability when deploying it in: (1) the edge using balenaCloud; (2) the Amazon Web Services cloud with EC2 instances; and (3) the dedi-cated Amazon Web Services IoT service. The experiments showed that there are no significant differences between edge and cloud deployments regarding resource consumption. Secondly, the solutions for scaling the 4G/5G network functions and mobile backhaul that provide the connectivity between devices and IoT/M2M applications are analyzed. In this case, the scalability and high availability of the 4G/5G components are provided by Kubernetes. The experiments showed that our proposed scaling algorithm for network slicing managed with SDN guarantees the necessary radio and network resources for end-to-end high availability.Peer reviewe

Software tool for passive real-time measurement of QoS parameters

The paper presents the designing of a software tool for real-time measurement of the following quality of service parameters: one-way delay, average one-way delay, IP packet delay variation and average IP packet delay variation. The solution is an improved version of OreNETa (One-way delay REaltime NETwork Analyzer), by optimizing the traffic between the meter and the analyzer. When a new flow is detected, the meter assemblies a flow descriptor and sends it to the analyzer. Following the flow recording, it will announce the meter to send a shorter message, called header, for all the packets belonging to the newly registered flow

Traffic Aware Scheduler for Time-Slotted Channel-Hopping-Based IPv6 Wireless Sensor Networks

Wireless sensor networks (WSNs) are becoming increasingly prevalent in numerous fields. Industrial applications and natural-disaster-detection systems need fast and reliable data transmission, and in several cases, they need to be able to cope with changing traffic conditions. Thus, time-slotted channel hopping (TSCH) offers high reliability and efficient power management at the medium access control (MAC) level; TSCH considers two dimensions, time and frequency when allocating communication resources. However, the scheduler, which decides where in time and frequency these communication resources are allotted, is not part of the standard. Orchestra has been proposed as a scheduler which allocates the communication resources based on information collected through the IPv6 routing protocol for low-power and lossy networks (RPL). Orchestra is a very elegant solution, but does not adapt to high traffic. This research aims to build an Orchestra-based scheduler for applications with unpredictable traffic bursts. The implemented scheduler allocates resources based on traffic congestion measured for the children of the root and RPL subtree size of the same nodes. The performance analysis of the proposed scheduler shows lower latency and higher packet delivery ratio (PDR) compared to Orchestra during bursts, with negligible impact outside them