Evaluation of Intelligent Intrusion Detection Models

This paper discusses an evaluation methodology that can be used to assess the performance of intelligent techniques at detecting, as well as predicting, unauthorised activities in networks. The effectiveness and the performance of any developed intrusion detection model will be determined by means of evaluation and validation. The evaluation and the learning prediction performance for this task will be discussed, together with a description of validation procedures. The performance of developed detection models that incorporate intelligent elements can be evaluated using well known standard methods, such as matrix confusion, ROC curves and Lift charts. In this paper these methods, as well as other useful evaluation approaches, are discussed.Peer reviewe

A Fingerprint Matching Model using Unsupervised Learning Approach

The increase in the number of interconnected information systems and networks to the Internet has led to an increase in different security threats and violations such as unauthorised remote access. The existing network technologies and communication protocols are not well designed to deal with such problems. The recent explosive development in the Internet allowed unwelcomed visitors to gain access to private information and various resources such as financial institutions, hospitals, airports ... etc. Those resources comprise critical-mission systems and information which rely on certain techniques to achieve effective security. With the increasing use of IT technologies for managing information, there is a need for stronger authentication mechanisms such as biometrics which is expected to take over many of traditional authentication and identification solutions. Providing appropriate authentication and identification mechanisms such as biometrics not only ensures that the right users have access to resources and giving them the right privileges, but enables cybercrime forensics specialists to gather useful evidence whenever needed. Also, critical-mission resources and applications require mechanisms to detect when legitimate users try to misuse their privileges; certainly biometrics helps to provide such services. This paper investigates the field of biometrics as one of the recent developed mechanisms for user authentication and evidence gathering despite its limitations. A biometric-based solution model is proposed using various statistical-based unsupervised learning approaches for fingerprint matching. The proposed matching algorithm is based on three various similarity measures, Cosine similarity measure, Manhattan distance measure and Chebyshev distance measure. In this paper, we introduce a model which uses those similarity measures to compute a fingerprint’s matching factor. The calculated matching factor is based on a certain threshold value which could be used by a forensic specialist for deciding whether a suspicious user is actually the person who claims to be or not. A freely available fingerprint biometric SDK has been used to develop and implement the suggested algorithm. The major findings of the experiments showed promising and interesting results in terms of the performance of all the proposed similarity measures.Final Accepted Versio

Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)

Intrusion Detection System using Bayesian Network Modeling

Computer Network Security has become a critical and important issue due to ever increasing cyber-crimes. Cybercrimes are spanning from simple piracy crimes to information theft in international terrorism. Defence security agencies and other militarily related organizations are highly concerned about the confidentiality and access control of the stored data. Therefore, it is really important to investigate on Intrusion Detection System (IDS) to detect and prevent cybercrimes to protect these systems. This research proposes a novel distributed IDS to detect and prevent attacks such as denial service, probes, user to root and remote to user attacks. In this work, we propose an IDS based on Bayesian network classification modelling technique. Bayesian networks are popular for adaptive learning, modelling diversity network traffic data for meaningful classification details. The proposed model has an anomaly based IDS with an adaptive learning process. Therefore, Bayesian networks have been applied to build a robust and accurate IDS. The proposed IDS has been evaluated against the KDD DAPRA dataset which was designed for network IDS evaluation. The research methodology consists of four different Bayesian networks as classification models, where each of these classifier models are interconnected and communicated to predict on incoming network traffic data. Each designed Bayesian network model is capable of detecting a major category of attack such as denial of service (DoS). However, all four Bayesian networks work together to pass the information of the classification model to calibrate the IDS system. The proposed IDS shows the ability of detecting novel attacks by continuing learning with different datasets. The testing dataset constructed by sampling the original KDD dataset to contain balance number of attacks and normal connections. The experiments show that the proposed system is effective in detecting attacks in the test dataset and is highly accurate in detecting all major attacks recorded in DARPA dataset. The proposed IDS consists with a promising approach for anomaly based intrusion detection in distributed systems. Furthermore, the practical implementation of the proposed IDS system can be utilized to train and detect attacks in live network traffi

Bayesian Learning Networks Approach to Cybercrime Detection

The growing dependence of modern society on telecommunication and information networks has become inevitable. The increase in the number of interconnected networks to the Internet has led to an increase in security threats and cybercrimes such as Distributed Denial of Service (DDoS) attacks. Any Internet based attack typically is prefaced by a reconnaissance probe process, which might take just a few minutes, hours, days, or even months before the attack takes place. In order to detect distributed network attacks as early as possible, an under research and development probabilistic approach, which is known by Bayesian networks has been proposed. This paper shows how probabilistically Bayesian network detects communication network attacks, allowing for generalization of Network Intrusion Detection Systems (NIDSs). Learning Agents which deploy Bayesian network approach are considered to be a promising and useful tool in determining suspicious early events of Internet threats and consequently relating them to the following occurring activities.Peer reviewe

Information Security and Digital Forensics in the world of Cyber Physical Systems

Andrew Jones, Stilianos Vidalis, Nasser Abouzakhar, ‘Information Security and Digital Forensics in the world of Cyber Physical Systems’, paper presented at the 11th International Conference on Digital Information Management, Porto, Portugal, 19-21 September, 2016.The security of Cyber Physical Systems and any digital forensic investigations into them will be highly dependent on data that is stored and processed in the Cloud. This paper looks at a number of the issues that will need to be addressed if this environment is to be trusted to securely hold both system critical and personal information and to enable investigations into incidents to be undertaken

Developing an Intelligent User Manager System for controlling Smart School Network Resources

This paper presents an Intelligent User Manager System (UMAS) for controlling access to network resources in a Smart School network. Network resources, especially in a Smart School, are in short supply and relatively expensive to acquire, therefore a control mechanism should be in place so that available resources can be allocated for legitimate usages only. An intelligent mechanism using Fuzzy Logic is deployed for the purpose of knowledge learning in order to process all the user requests accordingly. A decision of granting a network resource request needs to be based on several data sets that represent the current network state, transmission state and users. The system is analysed and designed using the Tropos Methodology. Tropos was chosen because it covers four stages of development. The proposed system was modelled using Fuzzy Logic algorithms for simulation purposes in order to find the relationship between two fuzzy sets with the computed allocated time

Critical Infrastructure Cybersecurity : A Review of Recent Threats and Violations

Most of current industries and their critical infrastructure rely heavily on the Internet for everything. The increase in the online services and operations for various industries has led to an increase in different security threats and malicious activities. In US, the department of homeland security reported recently that there have been 200 attacks on core critical infrastructures in the transportation, energy, and communication industries (Erwin et al., 2012). This paper is concerned with the growing dependence of modern society on the Internet, which has become an ideal channel and vital source of malicious activities and various security threats. These threats could have an impact on different distributed systems within and across all the critical infrastructures, such as industrial networks, financial online systems and services, nuclear power generation and control systems, airlines and railway traffic controllers, satellite communication networks, national healthcare information systems … etc. The major problem is that the existing Internet mechanisms and protocols are not appropriately designed to deal with such recently developed problems. Therefore, a rigorous research is required to develop security approaches and technologies that are capable of responding to this new evolving context. This paper presents various security threats and incidents over the past recent years on different critical infrastructure domains. It introduces some security measures including vulnerability assessment and penetration testing approaches for critical infrastructure.Peer reviewe

A Chi-square testing-based intrusion detection Model

The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical - mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts as a necessary element for monitoring traffic packets on computer networks, performs analysis to suspicious traffic and makes vital decisions. IDSs allow cybercrime forensic specialists to gather useful evidence whenever needed. This paper presents the design and development process of a Network Intrusion Detection System (NIDS) solution, which aims at providing an effective anomaly based detection model using Chi-Square statistics. One of the design objectives in this paper is to minimise the limitations of current statistical network forensics and intrusion detection. Throughout the development process of this statistical detection model several aspects of the process of building an effective detection model are emphasized. These aspects include dataset pre - processing and feature selection, network traffic analysis, statistical testing and detection model development. The calculated / output statistical figures of this model are based on certain threshold values which could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious event took place. The modelling and development process of this proposed anomaly detection has been achieved using various software and development tools. In this paper we focus on modelling dynamic anomaly detection using the Chi-square technique. It investigates a network traffic dataset collected by CAIDA in 2008 that contains signs for denial of service (DoS) attacks called backscatter. The normal dataset patterns are analysed to build a profile for the legitimate network traffic. Any deviations from these normal profiles will be considered anomalous. The dataset was pre - processed using Wireshark and T-Shark, the detection model was developed using MATLAB for different variants of denial of services attacks and promising results were achieved

An Enhanced Eigenfaces-based Biometric Forensic Model

The recent explosive development of the Internet allowed unwelcomed visitors to gain access to private information and various critical - mission resources such as financial institutions, hospitals, airports ... etc. Internet security has become a hot topic and relies on advanced technology. Now, more than ever, there is an increasing need for stronger identification mechanisms such as biometrics, which are in the process of replacing traditional identification solutions. Also, critical - mission systems and applications require mechanisms to detect when legitimate users try to misuse their privileges. Biometrics enables cybercrime forensics specialists to gather evidence whenever needed. This paper aims to introduce a biometric forensic model using facial identification approach. This model is based on the Eigenfaces approach for recognition proposed by Turk and Pentland [1]. Here, an unknown input image is compared with a set of images stored in a database to identify the best match. A freely accessible faces database has been used to develop our model which is based on a mathematical approach, called Principle Component Analysis (PCA). The paper addresses the issue of extracting global features of the images which are stored separately in the database. The features of a test image were compared with a set of images whose features were stored. The distance of the two images was calculated and when was minimum and below a certain threshold, the two images were considered to be the same and belong to a particular person. The calculated distance could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious user is actually the person who claims to be. The performance of the proposed face identification model was evaluated using standard methods. Distance values were used to express the similarity between any input image and other stored images. The model’s performance was evaluated using FAR (False Acceptance Rate), FRR (False Rejection Rate) and EER (Equal Error Rate). In FAR, each user’s image was compared with all images present in the database excluding the user’s own image. In FRR, each user’s image was compared with his own stored in the database. The major findings of the experiments showed promising and interesting results in terms of the model’s performance and similarity measures