LiaaS: Lawful Interception as a Service

Machine learning techniques are the key to success for big data analytics in forthcoming 5G and cloud networks. Internet Service Providers (ISPs) and mobile networks are still relying on traditional Lawful Interception (LI) mechanisms that use error prone meta data and are vulnerable to cyber-attacks. While new identity methods are used to monitor suspected end users, the major challenge is the amount of data that needs to be monitored to find the traffic of interest related to the specific targets. On the other hand, for a conversation (audio or video) between two or multiple attendees, such as a conference call or interview, extracting, briefing and classifying important information can be prone to errors and exhaustion of resources if it is done by humans. This paper proposes an intelligent, secure, fast and reliable platform called Lawful interception as a Service (LiaaS) to detect, analyze and intercept content from different media such as voice and video call. The proposed platform also extracts the minutes of conversation and the most important information from the media (audio or video) so any desired detail can be searched from it.Peer reviewe

A deep density based and self-determining clustering approach to label unknown traffic

Publisher Copyright: © 2022 The Author(s)Analyzing non-labeled data is a major concern in the field of intrusion detection as the attack clusters are continuously evolving which are unknown for the system. Many studies have been conducted on different techniques such as clustering to solve this issue. Consequently, in this paper the clustering techniques are applied based on the packets’ similarity to categorize unknown traffic. After clustering is done by the proposed architecture, the security investigator analyzes one packet from each cluster (instead of thousands of packets) and generalize the result of analysis to all packets belonging to the cluster. The proposed architecture, namely Associated Density Based Clustering (ADBC) applies multiple unsupervised algorithms and a co-association matrix to detect attack clusters of any shape as long as they have density-connected elements. Furthermore, the architecture automatically determines the best number of clusters in order to categorize non-labeled data. The performance of proposed architecture is evaluated based on the various metrics, while its generalization capability is tested with three publicly available datasets.Peer reviewe

An Intelligent Defense and Filtration Platform for Network Traffic

Part 2: Learning-Based NetworkingInternational audienceHybrid Anomaly Detection Model (HADM) is a security platform to detect and prevent cyber-attacks on communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms allows the HADM to achieve improved efficiency in terms of accuracy and computation time in order to detect cyber-attacks over existing solutions

Performance Evaluation of a Combined Anomaly Detection Platform

Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining techniques to tackle effectively the security issues in high load communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time to detect cyber-attacks over existing solutions. While authors’ previous paper evaluated HADM efficiency (accuracy and computation time) against related studies, this paper, concentrates on HADM robustness and scalability. For this purpose, five datasets, including ISCX-2012, UNSW-NB15 Jan, UNSW-NB15 Feb, ISCX-2017, and MAWILab-2018, with various size and diverse attacks have been used. Different feature selection methods are applied to find the best features. The feature selection methods are selected based on the algorithms’ computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets and based on the metrics such as cross-entropy loss, precision, recall, and computation time. The result of HADM platform shows robustness and scalability against datasets with different size and diverse attacks.Peer reviewe

Improving Data Generalization with Variational Autoencoders for Network Traffic Anomaly Detection

Publisher Copyright: CCBY Copyright: Copyright 2021 Elsevier B.V., All rights reserved.Deep generative models have increasingly become popular in different domains such as image processing, though, they hardly appear in the cybersecurity arena. While the main application of these models is dimensionality reduction, marginally they have been utilized for overcoming challenges such as data generalization and overfitting issues inherited from feature selection methods. To solve the mentioned challenges, we propose a combined architecture comprising a Conditional Variational AutoEncoder (CVAE) and a Random Forest (RF) classifier to automatically learn similarity among input features, provide data distribution in order to extract discriminative features from original features, and finally classify various types of attacks. CVAE introduces the labels of traffic packets into a latent space in order to better learn the changes of input samples and distinguish the data characteristics of each class. It avoids the confusion between classes while learning the whole data distribution. Compared with featureselection mechanisms such as Support Vector Machine Online (SVMo) by considering various evaluation metrics, the proposed architecture demonstrates considerable improvement in terms of performance. To verify the versatility of the proposed architecture, two publicly available datasets have been used in experiments.Peer reviewe