Intrusion Detection: Embedded Software Machine Learning and Hardware Rules Based Co-Designs

Security of innovative technologies in future generation networks such as (Cyber Physical Systems (CPS) and Wi-Fi has become a critical universal issue for individuals, economy, enterprises, organizations and governments. The rate of cyber-attacks has increased dramatically, and the tactics used by the attackers are continuing to evolve and have become ingenious during the attacks. Intrusion Detection is one of the solutions against these attacks. One approach in designing an intrusion detection system (IDS) is software-based machine learning. Such approach can predict and detect threats before they result in major security incidents. Moreover, despite the considerable research in machine learning based designs, there is still a relatively small body of literature that is concerned with imbalanced class distributions from the intrusion detection system perspective. In addition, it is necessary to have an effective performance metric that can compare multiple multi-class as well as binary-class systems with respect to class distribution. Furthermore, the expectant detection techniques must have the ability to identify real attacks from random defects, ingrained defects in the design, misconfigurations of the system devices, system faults, human errors, and software implementation errors. Moreover, a lightweight IDS that is small, real-time, flexible and reconfigurable enough to be used as permanent elements of the system's security infrastructure is essential. The main goal of the current study is to design an effective and accurate intrusion detection framework with minimum features that are more discriminative and representative. Three publicly available datasets representing variant networking environments are adopted which also reflect realistic imbalanced class distributions as well as updated attack patterns. The presented intrusion detection framework is composed of three main modules: feature selection and dimensionality reduction, handling imbalanced class distributions, and classification. The feature selection mechanism utilizes searching algorithms and correlation based subset evaluation techniques, whereas the feature dimensionality reduction part utilizes principal component analysis and auto-encoder as an instance of deep learning. Various classifiers, including eight single-learning classifiers, four ensemble classifiers, one stacked classifier, and five imbalanced class handling approaches are evaluated to identify the most efficient and accurate one(s) for the proposed intrusion detection framework. A hardware-based approach to detect malicious behaviors of sensors and actuators embedded in medical devices, in which the safety of the patient is critical and of utmost importance, is additionally proposed. The idea is based on a methodology that transforms a device's behavior rules into a state machine to build a Behavior Specification Rules Monitoring (BSRM) tool for four medical devices. Simulation and synthesis results demonstrate that the BSRM tool can effectively identify the expected normal behavior of the device and detect any deviation from its normal behavior. The performance of the BSRM approach has also been compared with a machine learning based approach for the same problem. The FPGA module of the BSRM can be embedded in medical devices as an IDS and can be further integrated with the machine learning based approach. The reconfigurable nature of the FPGA chip adds an extra advantage to the designed model in which the behavior rules can be easily updated and tailored according to the requirements of the device, patient, treatment algorithm, and/or pervasive healthcare application

Access Analysis of GEO, MEO, & LEO Satellite Systems

The goal of this study is to calculate access duration and intervals for three different kinds of satellite schemes to support a WSN (wireless sensor network). The first scenario involves only LEO-level satellites. The second scenario involves LEO, MEO, and GEO level satellites. The third scenario involves only MEO level satellites. These scenarios are simulated using STK (Systems Tool Kit)

Detecting Malicious Behavior for the Sensors and Actuators Embedded in Medical Devices: A Hardware Approach

The goal of this study is to investigate a behavior-rule based technique for detecting the malicious behavior of the sensors and actuators embedded in medical devices such as Vital Sign Monitor (VSM), Patient Analgesic Control (PCA), Cardiac Device (CD), and Continuous Glaucous Monitor (CGM). First, a set of behavior rules for both malicious and normal behaviors are proposed. Second, a transformation methodology has been used to transfer the proposed set of behavior rules into a state machine. Finally, a Finite State Machine (FSM) has been built using Altera ModelSim and Quartus II toolset. The simulation and synthesis results using a Field Programmable Gate Array (FPGA) demonstrate that our FSM hardware model can effectively identify malicious behavior from normal behavior

A Dynamic Clustering Algorithm for Object Tracking and Localization in WSN

A Wireless Sensor Network (WSN) is an assemblage of cooperative sensor nodes acting together into an environment to monitor an event of interest. However, one of the most limiting factors is the energy constrain for each node; therefore, it is a trade-off is required for that factor in designing of a network, while reporting, tracking or visualizing an event to be considered. In this paper, two object tracking techniques used in Wireless Sensor Networks based on cluster algorithms have been combined together to perform many functions in the proposed algorithm. The benefit of using clusters algorithms can be count as the detection node in a cluster reports an event to the Cluster Head (CH) node according to a query, and then the CH sends all the collected information to the sink or the base station. This way reduces energy consuming and required communication bandwidth. Furthermore, the algorithm is highly scalable while it prolongs the life time of the network

Machine Learning Approaches for Flow-Based Intrusion Detection Systems

In cybersecurity, machine/deep learning approaches can predict and detect threats before they result in major security incidents. The design and performance of an effective machine learning (ML) based Intrusion Detection System (IDS) depends upon the selected attributes and the classifier. This project considers multi-class classification for the Aegean Wi-Fi Intrusion Dataset (AWID) where classes represent 17 types of the IEEE 802.11 MAC Layer attacks. The proposed work extracts four attribute sets of 32, 10, 7 and 5 attributes, respectfully. The classifiers achieved high accuracy with minimum false positive rates, and the presented work outperforms previous related work in terms of number of classes, attributes and accuracy. The proposed work achieved maximum accuracy of 99.64% for Random Forest with supply test and 99.99% using the 10-fold cross validation approach for Random Forest and J48

Towards Efficient Features Dimensionality Reduction for Network Intrusion Detection on Highly Imbalanced Traffic

The performance of an IDS is significantly improved when the features are more discriminative and representative. This research effort is able to reduce the CICIDS2017 dataset’s feature dimensions from 81 to 10, while maintaining a high accuracy of 99.6% in multi-class and binary classification. Furthermore, we propose a Multi-Class Combined performance metric CombinedMc with respect to class distribution to compare various multi-class and binary classification systems through incorporating FAR, DR, Accuracy, and class distribution parameters. In addition, we developed a uniform distribution based balancing approach to handle the imbalanced distribution of the minority class instances in the CICIDS 2017 network intrusion dataset

Features Dimensionality Reduction Approaches for Machine Learning Based Network Intrusion Detection

The security of networked systems has become a critical universal issue that influences individuals, enterprises and governments. The rate of attacks against networked systems has increased dramatically, and the tactics used by the attackers are continuing to evolve. Intrusion detection is one of the solutions against these attacks. A common and effective approach for designing Intrusion Detection Systems (IDS) is Machine Learning. The performance of an IDS is significantly improved when the features are more discriminative and representative. This study uses two feature dimensionality reduction approaches: (i) Auto-Encoder (AE): an instance of deep learning, for dimensionality reduction, and (ii) Principle Component Analysis (PCA). The resulting low-dimensional features from both techniques are then used to build various classifiers such as Random Forest (RF), Bayesian Network, Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) for designing an IDS. The experimental findings with low-dimensional features in binary and multi-class classification show better performance in terms of Detection Rate (DR), F-Measure, False Alarm Rate (FAR), and Accuracy. This research effort is able to reduce the CICIDS2017 dataset’s feature dimensions from 81 to 10, while maintaining a high accuracy of 99.6% in multi-class and binary classification. Furthermore, in this paper, we propose a Multi-Class Combined performance metric CombinedMc with respect to class distribution to compare various multi-class and binary classification systems through incorporating FAR, DR, Accuracy, and class distribution parameters. In addition, we developed a uniform distribution based balancing approach to handle the imbalanced distribution of the minority class instances in the CICIDS2017 network intrusion dataset.http://dx.doi.org/10.3390/electronics803032

Machine Learning Based Feature Reduction for Network Intrusion Detection

The security of networked systems has become a critical universal issue. The rate of attacks against networked systems has increased dramatically, and the tactics used by the attackers are continuing to evolve. Intrusion detection is one of the solutions against these attacks. A common and effective approach for designing Intrusion Detection Systems (IDS) is Machine Learning. The performance of an IDS is significantly improved when the features are more discriminative and representative. This study uses two feature dimensionality reduction approaches: i) Auto-Encoder (AE): an instance of deep learning, for dimensionality reduction, and ii) Principle Component Analysis (PCA). The resulting low-dimensional features from both techniques are then used to build various classifiers such as Random Forest (RF), Bayesian Network, Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) for designing an IDS. The experimental findings with low-dimensional features in binary and multi-class classification show better performance in terms of Detection Rate (DR), F-Measure, False Alarm Rate (FAR), and Accuracy. This research effort is able to reduce the CICIDS2017 dataset's feature dimensions from 81 to 10, while maintaining a high accuracy of 99.6%. Furthermore, we propose a Multi-Class Combined performance metric CombinedMc with respect to class distribution to compare various multi-class and binary classification systems through incorporating FAR, DR, Accuracy, and class distribution parameters. In addition, we developed a uniform distribution based balancing approach to handle the imbalanced distribution of the minority class instances in the CICIDS2017 network intrusion dataset

Marketing libraries journal : (MLJ)

The increasing amount of network throughput and security threat makes intrusion detection a major research problem. In the literature, intrusion detection has been approached by either a hardware or software technique. This work reviews and compares hardware based techniques that are commonly used in intrusion detection systems (IDS) with a special emphasis on modern hardware platforms such as FPGA, GPU, MCP and ASIC