Automatic Dataset Labelling and Feature Selection for Intrusion Detection Systems

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Correctly labelled datasets are commonly required. Three particular scenarios are highlighted, which showcase this need. When using supervised Intrusion Detection Systems (IDSs), these systems need labelled datasets to be trained. Also, the real nature of the analysed datasets must be known when evaluating the efficiency of the IDSs when detecting intrusions. Another scenario is the use of feature selection that works only if the processed datasets are labelled. In normal conditions, collecting labelled datasets from real networks is impossible. Currently, datasets are mainly labelled by implementing off-line forensic analysis, which is impractical because it does not allow real-time implementation. We have developed a novel approach to automatically generate labelled network traffic datasets using an unsupervised anomaly based IDS. The resulting labelled datasets are subsets of the original unlabelled datasets. The labelled dataset is then processed using a Genetic Algorithm (GA) based approach, which performs the task of feature selection. The GA has been implemented to automatically provide the set of metrics that generate the most appropriate intrusion detection results

Trimers, molecules and polarons in imbalanced atomic Fermi gases

We consider the ground state of a single "spin-down" impurity atom interacting attractively with a "spin-up" atomic Fermi gas. By constructing variational wave functions for polarons, molecules and trimers, we perform a detailed study of the transitions between each of these dressed bound states as a function of mass ratio $r=m_\uparrow/m_\downarrow$ and interaction strength. We find that the presence of a Fermi sea enhances the stability of the $p$-wave trimer, which can be viewed as a Fulde-Ferrell-Larkin-Ovchinnikov (FFLO) molecule that has bound an additional majority atom. For sufficiently large $r$, we find that the transitions lie outside the region of phase separation in imbalanced Fermi gases and should thus be observable in experiment, unlike the well-studied equal-mass case.Comment: 5 pages, 2 figure

Adding Contextual Information to Intrusion Detection Systems Using Fuzzy Cognitive Maps

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.In the last few years there has been considerable increase in the efficiency of Intrusion Detection Systems (IDSs). However, networks are still the victim of attacks. As the complexity of these attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of IDSs should be designed incorporating reasoning engines supported by contextual information about the network, cognitive information and situational awareness to improve their detection results. In this paper, we propose the use of a Fuzzy Cognitive Map (FCM) in conjunction with an IDS to incorporate contextual information into the detection process. We have evaluated the use of FCMs to adjust the Basic Probability Assignment (BPA) values defined prior to the data fusion process, which is crucial for the IDS that we have developed. The experimental results that we present verify that FCMs can improve the efficiency of our IDS by reducing the number of false alarms, while not affecting the number of correct detections

Using the Pattern-of-Life in Networks to Improve the Effectiveness of Intrusion Detection Systems

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high- level information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination

A Data Fusion Technique to Detect Wireless Network Virtual Jamming Attacks

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Wireless communications are potentially exposed to jamming due to the openness of the medium and, in particular, to virtual jamming, which allows more energy-efficient attacks. In this paper we tackle the problem of virtual jamming attacks on IEEE 802.11 networks and present a data fusion solution for the detection of a type of virtual jamming attack (namely, NAV attacks), based on the real-time monitoring of a set of metrics. The detection performance is evaluated in a number of real scenarios

Phase separation and collapse in Bose-Fermi mixtures with a Feshbach resonance

We consider a mixture of single-component bosonic and fermionic atoms with an interspecies interaction that is varied using a Feshbach resonance. By performing a mean-field analysis of a two-channel model, which describes both narrow and broad Feshbach resonances, we find an unexpectedly rich phase diagram at zero temperature: Bose-condensed and non-Bose-condensed phases form a variety of phase-separated states that are accompanied by both critical and tricritical points. We discuss the implications of our results for the experimentally observed collapse of Bose-Fermi mixtures on the attractive side of the Feshbach resonance, and we make predictions for future experiments on Bose-Fermi mixtures close to a Feshbach resonance.Comment: 7 pages, 3 figures. Extended versio

Automated detection of changes in computer network measurements using wavelets

Monitoring and measuring various metrics of high speed and high capacity networks produces a vast amount of information over a long period of time. For the collected monitoring data to be useful to administrators, these measurements need to be analyzed and processed in order to detect interesting characteristics such as sudden changes. In this paper wavelet analysis is used along with the universal threshold proposed by Donoho - Johnstone in order to detect abrupt changes in computer network measurements. Experimental results are obtained to compare the behaviour of the algorithm on delay and data rate signals. Both type of signals are measurements from real networks and not produced from a simulation tool. Results show that detection of anomalies is achievable in a variety of signals

Misbehaviour metrics in WiMAX networks under attack

Much effort has been taken to make WiMAX a secure technology. Due to its broadcast nature, WiMAX is more susceptible to security threats than a wired network. In this paper, we give a general overview of the security architecture and possible attacks that a WiMAX network may face. For each type of attack the misbehaviour metrics that may vary under these attacks are listed. This work can be used to select an appropriate threshold for detecting attack and can be applied to future research on IDS

Predicting multi-stage attacks based on IP information

Multi-stage attacks can evolve dramatically, causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal, and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a framework that predicts multi-stage attacks based on a different approach, which is an IP information evaluation. This approach was chosen after analysing three different multi-stage attack scenarios. This paper shows the analysis of those scenarios, detailing their steps and information hitherto unexploited in current intrusion detection systems. The paper also details the results obtained in the evaluation process, including detection and false positive rates

Predicting multi-stage attacks based on hybrid approach

Multi-stage attacks can evolve dramatically causing much loss and damage to organisations. These attacks are frequently instigated by exploiting actions, which in isolation are legal and are therefore particularly challenging to detect. Much research has been conducted in the multi-stage detection area, in order to build a framework based on an events correlation approach. This paper proposes a framework that predicts multi-stage attacks based on a hybrid approach, which combines two techniques; IP information evaluation and process query system (PQS). This paper shows the analysis of three multi stage attacks, detailing their steps and information hitherto unexploited in current intrusion detection systems. The paper also goes through the implementation of each technique used in the hybrid approach