9 research outputs found
Contemporary sequential network attacks prediction using hidden Markov model
Intrusion prediction is a key task for forecasting
network intrusions. Intrusion detection systems have been
primarily deployed as a first line of defence in a network,
however; they often suffer from practical testing and evaluation
due to unavailability of rich datasets. This paper evaluates
the detection accuracy of determining all states (AS), the
current state (CS), and the prediction of next state (NS) of
an observation sequence, using the two conventional Hidden
Markov Model (HMM) training algorithms, namely, Baum
Welch (BW) and Viterbi Training (VT). Both BW and VT were
initialised using uniform, random and count-based parameters
and the experiment evaluation was conducted on the CSE-CICIDS2018 dataset. Results show that the BW and VT countbased initialisation techniques perform better than uniform and
random initialisation when detecting AS and CS. In contrast,
for NS prediction, uniform and random initialisation techniques
perform better than BW and VT count-based approaches
Hidden Markov models for detecting and predicting sequential network attacks
Hidden Markov models for detecting and predicting sequential network attack
Design of outdoor wireless networks using computer simulation
In this paper, we design a pilot outdoor wireless network based on IEEE 802.11b standard
for HealthCare Applications through computer simulation. The purpose is to demonstrate
the use of computer simulation in designing outdoor wireless networks. We use a free
software tool called Radio Mobile and freely available geographical elevation data
downloaded from NASA to determine the radio frequency (RF) coverage of a wireless
networking base-station and radio link performance. Furthermore, we demonstrate the
flexibility of computer simulation in assessing design alternatives
Predicting Sequential Network Attacks Using Hidden Markov Model - MATLAB Code
This code reproduces the results for the research paper titled Contemporary Sequential Network Attacks Prediction Using Hidden Markov Model by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan presented at the 17th International Conference on Privacy, Security and Trust (PST), IEEE, Fredericton, NB, Canada, 2019. This is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite the above paper.This work is on the evaluation of detection accuracy for determining all states, the current state, and the prediction of next state of an observation sequence, using the two conventional hidden Markov model training algorithms, namely, Baum Welch and Viterbi training. The training algorithms are initialised using uniform, random and count-based parameters. The experimental evaluation is conducted on the CSE-CIC-IDS2018, a modern dataset comprising seven different attack scenarios over a large network environment. The different attacks are sequentially aggregated to constitute an attack sequence. Viterbi decoding has been used to estimate the next state upon computation of the next attack manifestation.The code is run by executing the main.m file in MATLAB.</p
Transfer Learning with Hidden Markov Models Applied on Network Security - MATLAB Code
This code is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite our 2020 IEEE Access paper “Learning to Learn Sequential Network Attacks using Hidden Markov Models".This code reproduces the work and results as described in the IEEE Access article "Learning to Learn Sequential Network Attacks Using Hidden Markov Model" by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan.This code considers a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. Five unsupervised hidden Markov model techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch, Viterbi training, gradient descent, differential evolution and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. The experiments are conducted on DARPA 2000 processed Snort alerts. A comparative performance evaluation between conventional machine learning and TL has been made using the following metrics: prediction and detection accuracy, Bayesian inference criterion, mean square error and adjusted random index.To run this code, simply set your path to the root Code folder and run the main.m file.</div
Learning to learn sequential network attacks using hidden Markov models
The global surge of cyber-attacks in the form of sequential network attacks has propelled the need for robust intrusion detection and prediction systems. Such attacks are difficult to reveal using current intrusion detection systems, since each individual attack phase may appear benign when examined outside of its context. In addition, there are challenges in building supervised learning models for such attacks, since there are limited labelled datasets available. Hence, there is a need for updating already built models to specific operational environments and for addressing the concept drift. Hidden Markov models (HMMs) is a popular framework for sequential modelling, however, in addition to the above challenges, the model parameters are difficult to optimise. This paper proposes a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. The datasets may be from a different but related domain. Five unsupervised HMM techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch (BW), Viterbi training, gradient descent, differential evolution (DE) and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. Specifically, for the prediction of the three next most likely states and observations, TL with DE achieved a maximum accuracy improvement of 48.3%, and 27.4%, respectively. Finally, the actual detection prediction for the three next most probable states and methods of manifestation reaches 78.9% and 96.3% using TL with BW and DE, respectively
Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks
Hidden Markov Models have been extensively used for determining computer systems under a Multi-Stage Network Attack (MSA),
however, acquisition of optimal model training parameters remains a formidable challenge. This paper critically analyses the
detection and prediction accuracy of a wide range of training and initialisation algorithms including the expectation-maximisation,
spectral, Baum-Welch, differential evolution, K-means, and segmental K-means. The performance of these algorithms has been
evaluated, both individually and in a hybrid approach, for detecting all the states and current state, and predicting the next state
(NS), and the next observation (NO) of a given alert observation sequence. For generating this alert sequence, the Snort signaturebased intrusion detection system was utilised, using either bespoke or default rules, to raise alerts while examining the DARPA
2000 MSA dataset. The investigation also sheds further light on alternative approaches for forecasting the possible NS and NO in
an MSA campaign, as well as, the impact of window size on the prediction performance for all analysed techniques. The results and
discussion emphasise on the appropriateness of various techniques for the prediction of NS and NO. Furthermore, NO prediction
accuracy has indicated a performance increase of up to 44.95% in the proposed hybrid approaches
Analysis of Hidden Markov Model Learning Algorithms for the Detection and Prediction of Multi-stage Network Attacks - MATLAB Code
This work implements a critical analysis of the detection and prediction accuracy of supervised learning as well as a wide range of unsupervised training and initialisation algorithms including the spectral, Baum–Welch, differential evolution, K-means (with and without using predefined stages), and segmental K-means. The performance of these algorithms has been evaluated, both individually and in a hybrid approach, for detecting all the states and current state, and predicting the next state (NS), and the next observation (NO) of a given alert observation sequence. For generating this alert sequence, the Snort signature-based intrusion detection system was utilised, using either bespoke or default rules, to raise alerts while examining the DARPA 2000 MSA dataset. The results also shed further light on alternative approaches for forecasting the possible NS and NO in an MSA campaign, as well as, the impact of window size on the prediction performance for all analysed techniques.This code reproduces the work and results as described in the Elsevier article "Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks" by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan, published in Future Generation Computer Systems, 2020 (https://doi.org/10.1016/j.future.2020.03.014). This is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite the above article. To run this code, simply run the main.m file.</div
Experimental performance analysis of wireless links for healthcare applications
Wireless networking is currently being deployed for various applications. However, the application
of wireless networking in healthcare remains a challenge mainly because of security and reliability
concerns. This paper presents experimental results of performance analysis of a wireless network for
healthcare application in the City of Blantyre. The results show that the use of wireless networking
in healthcare application will be limited by packet loss, delay and jitter when the number of hops
involved in the transmission of information is large. Nevertheless, deployment of wireless networking
for healthcare applications is viable when the number of hops a packet has to transverse is small