Designing a Microwave Filter by Studying and Simulating the Discontinuity in the Waveguide

This research aims to design a microwave filter by studying and simulating the discontinuity in the waveguide. We suggest a filter consists of three waveguides connected to each other and different dimensions. Changing the dimensions of the waveguide will change the conditions of propagation of microwaves and in our suggested filter we have two discontinuity regions affecting on the modes of frequencies propagated through the waveguide. We apply Galerkin method for studying the discontinuity region in the waveguide. We have modelled all the calculations and results by Matlab program so we could simulate the filter and study and the effect of changing the dimensions on the propagated modes, calculate [Z] matrix and scattering matrix [S] for the designed filter and find the relation between transmission coefficient (T), reflection coefficient (R) and the frequency (f) to determine the properties of the designed filter.Tento výzkum si klade za cíl navrhnout mikrovlnný filtr studiem a simulaci nespojitosti vlnovodu. Diskutovaný filtr se skládá ze tří vzájemně propojených vlnovodů o rozdílných mechanických rozměrech. Změnou rozměrů vlnovodu se mění podmínky pro šíření mikrovln, přičemž v našem návrhu filtru jsou dvě nespojitosti ovlivňující frekvence šířené vlnovodem. Aplikujeme Galerkinovu metodu pro studium oblasti diskontinuity vlnovodu. Pro modelování těchto jevů byly použity nástroje programu Matlab, takže jsme mohli simulovat a studovat vliv změn rozměrů filtru na parametry matice šíření [Z] a rozptylové matice [S] pro navržený filtr a najít vztah mezi součinitel prostupu (T), činitel odrazu (R) a frekvence (f) k určení vlastností navrženého filtru.This research aims to design a microwave filter by studying and simulating the discontinuity in the waveguide. We suggest a filter consists of three waveguides connected to each other and different dimensions. Changing the dimensions of the waveguide will change the conditions of propagation of microwaves and in our suggested filter we have two discontinuity regions affecting on the modes of frequencies propagated through the waveguide. We apply Galerkin method for studying the discontinuity region in the waveguide. We have modelled all the calculations and results by Matlab program so we could simulate the filter and study and the effect of changing the dimensions on the propagated modes, calculate [Z] matrix and scattering matrix [S] for the designed filter and find the relation between transmission coefficient (T), reflection coefficient (R) and the frequency (f) to determine the properties of the designed filter

Proposed Approach for Targeted Attacks Detection

For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps.Provozovatelé a uživatelé počítačových sítí se dlouhou dobu snaží eliminovat vliv hackerů a jejich škodlivého SW na své informační systémy s různým stupněm úspěšnosti. Na druhou stranu, počítačoví zločinci vytvářejí stále důmyslnější techniky pro kompromitaci internetové infrastruktury. Cílený útok typu pokročilá trvalá hrozba (APT) je novou metodou jak ovládnout atakovanou síť. APT jsou v současnosti největší hrozbou pro státní instituce a jejich organizace. Tento článek diskutuje související teoretický otázky a navrhnuje nový přístup ke struktuře systému detekcí průniků, který zpracovává síťový provoz a schopen odhalit potenciální APT útoky. Tato detekce APT útoků je založena na korelaci mezi událostmi, které získáme jako výstupy našich detekčních metod. Každá metoda detekce si klade za cíl odhalit jednu techniku používanou v jednom z kroků APT kroku.For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps

A machine-learning-based system for real-time advanced persistent threat detection and prediction

It is widely cited that cyber attacks have become more prevalent on a global scale. In light of this, the cybercrime industry has been established for various purposes such as political, economic and socio-cultural aims. Such attacks can be used as a harmful weapon and cyberspace is often cited as a battlefield. One of the most serious types of cyber attacks is the Advanced Persistent Threat (APT), which is a new and more complex version of multi-step attack. The main aim of the APT attack is espionage and data exfiltration, which has the potential to cause significant damage and substantial financial loss. This research aims to develop a novel system to detect and predict APT attacks. A Machine-Learning-based APT detection system, called MLAPT, is proposed. MLAPT runs through three main phases: (1) Threat detection, in which eight methods are developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aiming to find alerts that could be related and belong to one APT scenario; and (3) Attack prediction, in which a machine-learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. The correlation framework and prediction module are two other major contributions in this work. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%

An overview of safety and security analysis frameworks for the Internet of Things

YesThe rapid progress of the Internet of Things (IoT) has continued to offer humanity numerous benefits, including many security and safety-critical applications. However, unlocking the full potential of IoT applications, especially in high-consequence domains, requires the assurance that IoT devices will not constitute risk hazards to the users or the environment. To design safe, secure, and reliable IoT systems, numerous frameworks have been proposed to analyse the safety and security, among other properties. This paper reviews some of the prominent classical and model-based system engineering (MBSE) approaches for IoT systems’ safety and security analysis. The review established that most analysis frameworks are based on classical manual approaches, which independently evaluate the two properties. The manual frameworks tend to inherit the natural limitations of informal system modelling, such as human error, a cumbersome processes, time consumption, and a lack of support for reusability. Model-based approaches have been incorporated into the safety and security analysis process to simplify the analysis process and improve the system design’s efficiency and manageability. Conversely, the existing MBSE safety and security analysis approaches in the IoT environment are still in their infancy. The limited number of proposed MBSE approaches have only considered limited and simple scenarios, which are yet to adequately evaluate the complex interactions between the two properties in the IoT domain. The findings of this survey are that the existing methods have not adequately addressed the analysis of safety/security interdependencies, detailed cyber security quantification analysis, and the unified treatment of safety and security properties. The existing classical and MBSE frameworks’ limitations obviously create gaps for a meaningful assessment of IoT dependability. To address some of the gaps, we proposed a possible research direction for developing a novel MBSE approach for the IoT domain’s safety and security coanalysis framework

A basic probability assignment methodology for unsupervised wireless intrusion detection

YesThe broadcast nature of wireless local area networks has made them prone to several types of wireless injection attacks, such as Man-in-the-Middle (MitM) at the physical layer, deauthentication, and rogue access point attacks. The implementation of novel intrusion detection systems (IDSs) is fundamental to provide stronger protection against these wireless injection attacks. Since most attacks manifest themselves through different metrics, current IDSs should leverage a cross-layer approach to help toward improving the detection accuracy. The data fusion technique based on the Dempster–Shafer (D-S) theory has been proven to be an efficient technique to implement the cross-layer metric approach. However, the dynamic generation of the basic probability assignment (BPA) values used by D-S is still an open research problem. In this paper, we propose a novel unsupervised methodology to dynamically generate the BPA values, based on both the Gaussian and exponential probability density functions, the categorical probability mass function, and the local reachability density. Then, D-S is used to fuse the BPA values to classify whether the Wi-Fi frame is normal (i.e., non-malicious) or malicious. The proposed methodology provides 100% true positive rate (TPR) and 4.23% false positive rate (FPR) for the MitM attack and 100% TPR and 2.44% FPR for the deauthentication attack, which confirm the efficiency of the dynamic BPA generation methodology.Gulf Science, Innovation and Knowledge Economy Programme of the U.K. Government under UK-Gulf Institutional Link Grant IL 279339985 and in part by the Engineering and Physical Sciences Research Council (EPSRC), U.K., under Grant EP/R006385/1

Hidden Markov models and alert correlations for the prediction of advanced persistent threats

YesCyber security has become a matter of a global interest, and several attacks target industrial companies and governmental organizations. The advanced persistent threats (APTs) have emerged as a new and complex version of multi-stage attacks (MSAs), targeting selected companies and organizations. Current APT detection systems focus on raising the detection alerts rather than predicting APTs. Forecasting the APT stages not only reveals the APT life cycle in its early stages but also helps to understand the attacker's strategies and aims. This paper proposes a novel intrusion detection system for APT detection and prediction. This system undergoes two main phases; the first one achieves the attack scenario reconstruction. This phase has a correlation framework to link the elementary alerts that belong to the same APT campaign. The correlation is based on matching the attributes of the elementary alerts that are generated over a configurable time window. The second phase of the proposed system is the attack decoding. This phase utilizes the hidden Markov model (HMM) to determine the most likely sequence of APT stages for a given sequence of correlated alerts. Moreover, a prediction algorithm is developed to predict the next step of the APT campaign after computing the probability of each APT stage to be the next step of the attacker. The proposed approach estimates the sequence of APT stages with a prediction accuracy of at least 91.80%. In addition, it predicts the next step of the APT campaign with an accuracy of 66.50%, 92.70%, and 100% based on two, three, and four correlated alerts, respectively.The Gulf Science, Innovation and Knowledge Economy Programme of the U.K. Government under UK-Gulf Institutional Link Grant IL 279339985 and in part by the Engineering and Physical Sciences Research Council (EPSRC), U.K., under Grant EP/R006385/1

Multi-stage attack detection using contextual information

The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%

A basic probability assignment methodology for unsupervised wireless intrusion detection

The broadcast nature of Wireless Local Area Networks (WLANs) has made them prone to several types of wireless injection attacks, such as Man-in-the-Middle (MitM) at the physical layer, deauthentication and rogue access point attacks. The implementation of novel Intrusion Detection Systems (IDSs) is fundamental to provide stronger protection against these wireless injection attacks. Because most attacks manifest themselves through different metrics, current IDSs should leverage a cross-layer approach to help towards improving the detection accuracy. The data fusion technique based on Dempster-Shafer (D-S) theory has been proven to be an efficient data fusion technique to implement the cross-layer metric approach. However, the dynamic generation of the Basic Probability Assignment (BPA) values used by D-S is still an open research problem. In this paper, we propose a novel unsupervised methodology to dynamically generate the BPA values, based on both the Gaussian and exponential probability density functions (pdf), the categorical probability mass function (pmf), and the local reachability density (lrd). Then, D-S is used to fuse the BPA values to classify whether the Wi-Fi frame is normal (i.e. non-malicious) or malicious. The proposed methodology provides 100% True Positive Rate (TPR) and 4.23% False Positive Rate (FPR) for the MitM attack, and 100% TPR and 2.44% FPR for the deauthentication attack, which confirm the efficiency of the dynamic BPA generation methodology

Code for Unsupervised ML based Basic Probability Assignment

This is the code accompanying the IEEE Access journal "A Basic Probability Assignment Methodology for Unsupervised Wireless Intrusion Detection"

Dataset of Advanced Persistent Threat (APT) alerts

Due to the lack of publicly available data of Advanced Persistent Threat (APT) traffic, we built a synthetic dataset which contains APT alerts. This dataset contains 3676 APT alerts that belong to 1000 APT campaigns. The APT alerts were generated to simulate APT scenarios targeting a university campus network. Each APT scenario takes into consideration the following steps of APT life cycle:1- Intelligence gathering2- Point of entry3- Command and control communication4- Lateral movement5- Asset discovery6- Data exfiltrationThe dataset contains the following columns:[1] Alert type[2] Timestamp[3] Source IP address[4] Source port[5] Destination IP address[6] Destination port[7] Infected machineThe database can be opened in software such as SQLite.For more details about generating the dataset, please refer to our work in: https://www.sciencedirect.com/science/article/pii/S0167739X18307532.</div