Unsupervised anomaly detection for unlabelled wireless sensor networks data

With the advances in sensor technology, sensor nodes, the tiny yet powerful device are used to collect data from the various domain. As the sensor nodes communicate continuously from the target areas to base station, hundreds of thousands of data are collected to be used for the decision making. Unfortunately, the big amount of unlabeled data collected and stored at the base station. In most cases, data are not reliable due to several reasons. Therefore, this paper will use the unsupervised one-class SVM (OCSVM) to build the anomaly detection schemes for better decision making. Unsupervised OCSVM is preferable to be used in WSNs domain due to the one class of data training is used to build normal reference model. Furthermore, the dimension reduction is used to minimize the resources usage due to resource constraint incurred in WSNs domain. Therefore one of the OCSVM variants namely Centered Hyper-ellipsoidal Support Vector Machine (CESVM) is used as classifier while Candid-Covariance Free Incremental Principal Component Analysis (CCIPCA) algorithm is served as dimension reduction for proposed anomaly detection scheme. Environmental dataset collected from available WSNs data is used to evaluate the performance measures of the proposed scheme. As the results, the proposed scheme shows comparable results for all datasets in term of detection rate, detection accuracy and false alarm rate as compared with other related methods

Distributed CESVM-DR anomaly detection for wireless sensor network

Nowadays, the advancement of the sensor technology, has introduced the smart living community where the sensor is communicating with each other or to other entities. This has introduced the new term called internet-of-things (IoT). The data collected from sensor nodes will be analyzed at the endpoint called based station or sink for decision making. Unfortunately, accurate data is not usually accurate and reliable which will affect the decision making at the base station. There are many reasons constituted to the inaccurate and unreliable data like the malicious attack, harsh environment as well as the sensor node failure itself. In a worse case scenario, the node failure will also lead to the dysfunctional of the entire network. Therefore, in this paper, an unsupervised one-class SVM (OCSVM) is used to build the anomaly detection schemes in recourse constraint Wireless Sensor Networks (WSNs). Distributed network topology will be used to minimize the data communication in the network which can prolong the network lifetime. Meanwhile, the dimension reduction has been providing the lightweight of the anomaly detection schemes. In this paper Distributed Centered Hyperellipsoidal Support Vector Machine (DCESVM-DR) anomaly detection schemes is proposed to provide the efficiency and effectiveness of the anomaly detection schemes

Lightweight Anomaly Detection Scheme Using Incremental Principal Component Analysis and Support Vector Machine

Wireless Sensors Networks have been the focus of significant attention from research and development due to their applications of collecting data from various fields such as smart cities, power grids, transportation systems, medical sectors, military, and rural areas. Accurate and reliable measurements for insightful data analysis and decision-making are the ultimate goals of sensor networks for critical domains. However, the raw data collected by WSNs usually are not reliable and inaccurate due to the imperfect nature of WSNs. Identifying misbehaviours or anomalies in the network is important for providing reliable and secure functioning of the network. However, due to resource constraints, a lightweight detection scheme is a major design challenge in sensor networks. This paper aims at designing and developing a lightweight anomaly detection scheme to improve efficiency in terms of reducing the computational complexity and communication and improving memory utilization overhead while maintaining high accuracy. To achieve this aim, oneclass learning and dimension reduction concepts were used in the design. The One-Class Support Vector Machine (OCSVM) with hyper-ellipsoid variance was used for anomaly detection due to its advantage in classifying unlabelled and multivariate data. Various One-Class Support Vector Machine formulations have been investigated and Centred-Ellipsoid has been adopted in this study due to its effectiveness. Centred-Ellipsoid is the most effective kernel among studies formulations. To decrease the computational complexity and improve memory utilization, the dimensions of the data were reduced using the Candid Covariance-Free Incremental Principal Component Analysis (CCIPCA) algorithm. Extensive experiments were conducted to evaluate the proposed lightweight anomaly detection scheme. Results in terms of detection accuracy, memory utilization, computational complexity, and communication overhead show that the proposed scheme is effective and efficient compared few existing schemes evaluated. The proposed anomaly detection scheme achieved the accuracy higher than 98%, with O(nd) memory utilization and no communication overhead

Ransomware detection using the dynamic analysis and machine learning: A survey and research directions

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research

Deep Kalman neuro fuzzy-based adaptive broadcasting scheme for Vehicular Ad Hoc Network: A context-aware approach

Vehicular Ad Hoc Networks (VANETs) are among the main enablers for future Intelligent Transportation Systems (ITSs) as they facilitate information sharing, which improves road safety, traffic efficiency, and provides passengers' comfort. Due to the dynamic nature of VANETs, vehicles need to exchange the Cooperative Awareness Messages (CAMs) more frequently to maintain network agility and preserve applications' performance. However, in many situations, broadcasting at a high rate leads to congest the communication channel, rendering VANET unreliable. Existing broadcasting schemes designed for VANET use partial context variables to control the broadcasting rate. Additionally, CAMs uncertainty, which is context-dependent has been neglected and a predefined fixed certainty threshold has been used instead, which is not suitable for the highly dynamic context. Consequently, vehicles disseminate a high rate of unnecessary CAMs which degrades VANET performance. A good broadcasting scheme should accurately determine which and when CAMs are broadcasted. To this end, this study proposes a Context-Aware Adaptive Cooperative Awareness Messages Broadcasting Scheme (CA-ABS) using combinations of Adaptive Kalman Filter, Autoregression, and Sequential Deep Learning and Fuzzy inference system. Four context variables have been used to represent the vehicular context, namely, individual driving behaviors, CAMs uncertainty, vehicle density, and traffic flow. Kalman Filter and Autoregression are used to estimate and predict the CAMs messages respectively. The deep learning model has been constructed to estimate the CAMs' uncertainties which is an important context variable that has been neglected in the previous research. Fuzzy Inference System takes context variables as input and determines an accurate broadcasting threshold and broadcasting interval. Extensive simulations have been conducted to evaluate the proposed scheme. Results show that the proposed scheme improves the CAMs delivery ratio and decreases the CAMs prediction errors

Anomaly intrusion detection system using immune network with reduced network traffic features

Intrusion Detection Systems (IDS) are developed to be the defense against these security threats. Current signature based IDS like firewalls and anti viruses, which rely on labeled training data, generally can not detect novel attacks. A method that offers a promise to solve this problem is the anomaly based IDS. Literature has shown that direction towards reducing false positive rate and thus enhancing the detection rate and speed have shifted from accurate machine learning classifiers to the adaptive models like bio-inspired models. Consequently, this study has been introduced to enhance the detection rate and speed up the detection process by reducing the network traffic features. Moreover, it aimed to investigate the implementation of the bio-inspired Immune Network approach for clustering different kinds of attacks. This approach aimed at enhancing the detection rate of novel attacks and thus decreasing the high false positive rate in IDS. Rough Set method was applied to reduce the dimension of KDD CUP ’99 dataset which used by this study and select only the features that best represent all kinds of attacks. Immune Network clustering was then applied using aiNet algorithm in order to cluster normal data from attacks in the testing dataset. The results revealed that detection rate and speed were enhanced by using only the most significant features. Furthermore, it was found that Immune Network clustering method is robust in detecting novel attacks in the test dataset. The principal conclusion was that IDS is enhanced by the use of significant network traffic features besides the implementation of the Immune Network clustering to detect novel attacks

A survey of intrusion detection schemes in wireless sensor networks

Wireless Sensor Networks (WSNs) are currently used in many application areas including military applications, health related applications, control and tracking applications and environment and habitat monitoring applications. The harsh and unattended deployment of these networks along with their resource restrictions makes their security issue very important. Prevention-based security approaches like cryptography, authentication and key management have been used to protect WSNs from different kinds of attacks but these approaches are not enough to protect the network from insider attacks that may extract sensitive information even in the presence of the prevention-based solution. Detection-based approaches are then proposed to protect WSNs from insider attacks and act as a second line defense after the failure of the prevention-based approaches. Many intrusion detection schemes have been introduced for WSN in the literature. In this article, we present a survey of intrusion detection schemes in WSNs. First, we present the similar works and show their differences from this work. After that, we outline the fundamentals of intrusion detection in WSNs, describing the types of attacks and state the motivation for intrusion detection in WSNs. Then, we demonstrate the challenges of developing an ideal intrusion detection scheme for WSNs followed by the main requirements of a good candidate intrusion detection scheme. The state-of-the-art intrusion detection schemes are then presented based on the techniques used in each scheme and categorizing them into four main categories: rule-based, data mining and computational intelligence based, game theoretical based and statistical based. The analysis of each scheme in these categories is presented showing their advantages and drawbacks. By the end of each category, we state the general advantages and shortcomings of each category. The survey ends by recommending some important research opportunities in this field for future research

A Trust Management Model for IoT Devices and Services Based on the Multi-Criteria Decision-Making Approach and Deep Long Short-Term Memory Technique

Recently, Internet of Things (IoT) technology has emerged in many aspects of life, such as transportation, healthcare, and even education. IoT technology incorporates several tasks to achieve the goals for which it was developed through smart services. These services are intelligent activities that allow devices to interact with the physical world to provide suitable services to users anytime and anywhere. However, the remarkable advancement of this technology has increased the number and the mechanisms of attacks. Attackers often take advantage of the IoTs’ heterogeneity to cause trust problems and manipulate the behavior to delude devices’ reliability and the service provided through it. Consequently, trust is one of the security challenges that threatens IoT smart services. Trust management techniques have been widely used to identify untrusted behavior and isolate untrusted objects over the past few years. However, these techniques still have many limitations like ineffectiveness when dealing with a large amount of data and continuously changing behaviors. Therefore, this paper proposes a model for trust management in IoT devices and services based on the simple multi-attribute rating technique (SMART) and long short-term memory (LSTM) algorithm. The SMART is used for calculating the trust value, while LSTM is used for identifying changes in the behavior based on the trust threshold. The effectiveness of the proposed model is evaluated using accuracy, loss rate, precision, recall, and F-measure on different data samples with different sizes. Comparisons with existing deep learning and machine learning models show superior performance with a different number of iterations. With 100 iterations, the proposed model achieved 99.87% and 99.76% of accuracy and F-measure, respectively

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

Concerns about cybersecurity and attack methods have risen in the information age. Many techniques are used to detect or deter attacks, such as intrusion detection systems (IDSs), that help achieve security goals, such as detecting malicious attacks before they enter the system and classifying them as malicious activities. However, the IDS approaches have shortcomings in misclassifying novel attacks or adapting to emerging environments, affecting their accuracy and increasing false alarms. To solve this problem, researchers have recommended using machine learning approaches as engines for IDSs to increase their efficacy. Machine-learning techniques are supposed to automatically detect the main distinctions between normal and malicious data, even novel attacks, with high accuracy. However, carefully designed adversarial input perturbations during the training or testing phases can significantly affect their predictions and classifications. Adversarial machine learning (AML) poses many cybersecurity threats in numerous sectors that use machine-learning-based classification systems, such as deceiving IDS to misclassify network packets. Thus, this paper presents a survey of adversarial machine-learning strategies and defenses. It starts by highlighting various types of adversarial attacks that can affect the IDS and then presents the defense strategies to decrease or eliminate the influence of these attacks. Finally, the gaps in the existing literature and future research directions are presented