A situation assessment and prediction mechanism for network security situation awareness

Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organizations. However, the University of South Wales reported that seven big-brand IPS had failed to detect and block 34% - 49% of attacks in web-based applications. The accuracy of IPS can be improved if the network situation is also considered in preventing intrusion attempts. Knowledge about current and incoming network security situation is required before any precaution can be taken. Situation assessment and prediction are two main phases of Network Security Situation Awareness. The existing assessment models do not consider cost factor as an assessment criterion. Moreover, there has been a lack of standard guidelines to determine the importance of network assets. On prediction, training self-learning detectors are difficult due to incomplete and insufficient data. Furthermore, First-order One-variable grey model (GM(l, 1 )) has not been suitable to predict non-stationary random sequence. In addition, mean generation sequence depresses the model precision with delay error

An enhanced adaptive grey verhulst prediction model for network security situation

Situation prediction is an increasingly important focus in network security. The information of incoming security situation in the network is important and helps the network administrator to make good decisions before taking some defense remedies towards the attack exploitation. Although Grey Verhulst prediction model has demonstrated satisfactory results in other fields but some further investigations are still required to improve its performance in predicting incoming network security situation. In order to attain higher predictive accuracy of the existing Grey Verhulst prediction models, this paper tends to seek an enhancement of the adaptive Grey Verhulst security situation prediction model by forecasting the incoming residual based on the historical prediction residuals. The proposed model applied Kalman Filtering algorithm to predict the residual in the next time-frame and closer the deviation between the predicted and actual network security situation. Benchmark datasets such as DARPA 1999 and 2000 have been used to verify the accuracy of the proposed model. The results shown that the enhanced adaptive Grey Verhulst prediction model has better prediction capability in predicting incoming network security situation and also achieved a significant improvement Verhulst prediction models

A novel adaptive grey verhulst model for network security situation prediction

Recently, researchers have shown an increased interest in predicting the situation of incoming security situation for organization’s network. Many prediction models have been produced for this purpose, but many of these models have various limitations in practical applications. In addition, literature shows that far too little attention has been paid in utilizing the grey Verhulst model predicting network security situation although it has demonstrated satisfactory results in other fields. By considering the nature of intrusion attacks and shortcomings of traditional grey Verhulst model, this paper puts forward an adaptive grey Verhust model with adjustable generation sequence to improve the prediction accuracy. The proposed model employs the combination methods of Trapezoidal rule and Simpson’s 1/3rd rule to obtain the background value in grey differential equation which will directly influence the forecast result. In order to verify the performance of the proposed model, benchmarked datasets, DARPA 1999 and 2000 have been used to highlight the efficacy of the proposed model. The results show that the proposed adaptive grey Verhulst surpassed GM(1,1) and traditional grey Verhulst in forecasting incoming security situation in a network

Development of a diversified ensemble data summarization (DDS) tool for learning medical data in a multi relational environment

Medical or scientific data are normally stored in relational databases in which data are stored in multiple tables. A data summarization approach to knowledge discovery in structured medical datasets is often limited due to the complexity of the database schema. Since most of these data are stored in multiple tables, designing a suitable data summarization method for each individual table that is associated with the target table is required in order to get the best result in summarizing the overall data stored in a multi-relational environment. A diversified data summarization ensemble method is best applied in the task of learning data stored in multiple tables since ensemble methods improve quality and robustness of the results. This research investigates the feasibility of combining a few types of data summarization methods ( e.g., DARA) in order to learn data stored in relational databases with high cardinality attributes (one-to-many relations between entities). The proposed algorithm is called a diversified data summarization ensemble method. With this new algorithm, one could facilitate the task of data modelling for data stored in a multi-relational setting by improving the predictive accuracy of the data modelling task. This can be achieved by summarizing each table that exists in the database by using a more appropriate data summarization method depending on the type of data stored in each individual table. This research helps the understandi'ng and development of a diversified data summarization ensemble method that is able to summarize relational data. By applying a subset of data summarization methods to summarize different sets of the relational datasets, more interpretable and useful information can be extracted

A Perspective Towards NCIFA and CIFA in Named-Data Networking Architecture

Named-Data Networking (NDN) is the most promising architecture in the future Internet. NDN ensure high availability of contents and security of the data packet. However, it may disturb the stability and security in NDN routing such as Interest Flooding Attack (IFA). There are many existing detection and mitigation technique about IFA which labelled a non-collusive type of routing threats where it causes the PIT resources to exhausted and legitimate request could not perform in communication. Unfortunately, all the existing counter-measure mechanism could not defend the Collusive Interest Flooding Attack (CIFA). The attacks initiated with a satisfying interest and malicious data producer will reply to the corresponding request before the expiry of existing PIT entries in NDN router along the path. CIFA is classified as low rate intermittent attack which is very difficult in distinguish with legitimate requests. Thus, CIFA is more vulnerable and threatens than previous NCIFA. Moreover, there is no benchmark datasets or any public datasets to perform further experiments on detecting CIFA. Thus, there is a need to produce reliable datasets for future investigation in detection or mitigation relevant attacks in NDN

Application of modal decomposition technique in network traffic prediction

Network traffic prediction is an important means of network security monitoring, and modal decomposition technology is the key to improve the accuracy of network traffic prediction. Therefore, it is imperative to study modal decomposition technology. In this paper, the advantages of Variational Mode Decomposition (VMD) are explored by summarizing and reviewing the application of modal decomposition in network traffic prediction. The findings show that the performance of VMD mainly depends on its decomposition layers k, penalty factor C and Lagrange multiplier Θ. We propose a novel algorithm structure based on square root difference and minimum Theil inequality coefficient to optimize the performance of VMD by finding the best value for these parameters. Optimized Variational Mode Decomposition (OVMD) has improved the network traffic prediction accuracy in network security management

DDoS attacks in VoIP: a brief review of detection and mitigation techniques

Voice communication in recent trends has shown rapid growth in homes and businesses with the development of Voice over Internet Protocol (VoIP). The growth in VoIP subscribers was determined by the increase in VoIP flexibility, Quality of Service and monetary savings. The fall in public switched telephone network and raise in phone portability migrated PSTN to VoIP. The Session initiation protocol being an application layer protocol helps to create session between the caller and the called for bidirectional communication using SIP messages. The VoIP became targeted victim of different attacks as internet became the medium of transmission. The security vulnerabilities arise from new protocols and the existing infrastructure of traditional data network. Flood-based attacks are more threatening and annoying than other attacks. This brief review paper discusses on different types of VoIP attacks along with the existing VoIP detection and mitigation techniques based on Entropy, Wavelet, Sketch and Hellinger distance, Sunshine and RQA are presented

An Investigation of Generality in two-layer Multi-agent Framework towards different domains

This paper proposes a two-layer multi-agent communication in two different environments. The communications in both layers of the framework are studied in order to determine the relevancy of agents to manage themselves towards different constraints across several domains. In this context, the generality of the multi-agent framework is measure by how well the agents improve the quality of solution compared with existing meta-heuristics. The two domains considered are university course timetabling and examination timetabling problems in Universiti Malaysia Sabah. The results are then compared with meta-heuristics introduced in previous studies using the same domains

Sequential constructive algorithm incorporate with fuzzy logic for solving real world course timetabling problem

Sequential constructive algorithm is one of the popular methods for solving timetabling problems. The concept of the algorithm is to assign event based on their difficulty value by using different sequential heuristic. The most common sequential heuristics are largest enrolment, largest degree and saturation degree. Each sequential heuristic has its own criteria to obtain events’ difficulty value. Instead of single sequential heuristic, this paper presents to use fuzzy logic to consider multiple sequential heuristics in order to obtain the difficulty value of the events. The proposed method will be used to generate feasible solution as well as improve the quality of the solution. Another objective of this paper is to tackle a real world course timetabling problem from Universiti Malaysia Sabah Labuan International Campus (UMSLIC). Currently, UMSLIC generates course timetable manually which is very time consuming and ineffective.The experimental results show that the proposed method is able to produce better quality of solution less than one minute. In terms of quality of timetable and efficiency, the proposed method is outperforming UMSLIC’s manual method