Contemporary sequential network attacks prediction using hidden Markov model

Intrusion prediction is a key task for forecasting network intrusions. Intrusion detection systems have been primarily deployed as a first line of defence in a network, however; they often suffer from practical testing and evaluation due to unavailability of rich datasets. This paper evaluates the detection accuracy of determining all states (AS), the current state (CS), and the prediction of next state (NS) of an observation sequence, using the two conventional Hidden Markov Model (HMM) training algorithms, namely, Baum Welch (BW) and Viterbi Training (VT). Both BW and VT were initialised using uniform, random and count-based parameters and the experiment evaluation was conducted on the CSE-CICIDS2018 dataset. Results show that the BW and VT countbased initialisation techniques perform better than uniform and random initialisation when detecting AS and CS. In contrast, for NS prediction, uniform and random initialisation techniques perform better than BW and VT count-based approaches

Hidden Markov models for detecting and predicting sequential network attacks

Hidden Markov models for detecting and predicting sequential network attack

Design of outdoor wireless networks using computer simulation

In this paper, we design a pilot outdoor wireless network based on IEEE 802.11b standard for HealthCare Applications through computer simulation. The purpose is to demonstrate the use of computer simulation in designing outdoor wireless networks. We use a free software tool called Radio Mobile and freely available geographical elevation data downloaded from NASA to determine the radio frequency (RF) coverage of a wireless networking base-station and radio link performance. Furthermore, we demonstrate the flexibility of computer simulation in assessing design alternatives

Predicting Sequential Network Attacks Using Hidden Markov Model - MATLAB Code

This code reproduces the results for the research paper titled Contemporary Sequential Network Attacks Prediction Using Hidden Markov Model by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan presented at the 17th International Conference on Privacy, Security and Trust (PST), IEEE, Fredericton, NB, Canada, 2019. This is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite the above paper.This work is on the evaluation of detection accuracy for determining all states, the current state, and the prediction of next state of an observation sequence, using the two conventional hidden Markov model training algorithms, namely, Baum Welch and Viterbi training. The training algorithms are initialised using uniform, random and count-based parameters. The experimental evaluation is conducted on the CSE-CIC-IDS2018, a modern dataset comprising seven different attack scenarios over a large network environment. The different attacks are sequentially aggregated to constitute an attack sequence. Viterbi decoding has been used to estimate the next state upon computation of the next attack manifestation.The code is run by executing the main.m file in MATLAB.</p

Transfer Learning with Hidden Markov Models Applied on Network Security - MATLAB Code

This code is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite our 2020 IEEE Access paper “Learning to Learn Sequential Network Attacks using Hidden Markov Models".This code reproduces the work and results as described in the IEEE Access article "Learning to Learn Sequential Network Attacks Using Hidden Markov Model" by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan.This code considers a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. Five unsupervised hidden Markov model techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch, Viterbi training, gradient descent, differential evolution and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. The experiments are conducted on DARPA 2000 processed Snort alerts. A comparative performance evaluation between conventional machine learning and TL has been made using the following metrics: prediction and detection accuracy, Bayesian inference criterion, mean square error and adjusted random index.To run this code, simply set your path to the root Code folder and run the main.m file.</div

Learning to learn sequential network attacks using hidden Markov models

The global surge of cyber-attacks in the form of sequential network attacks has propelled the need for robust intrusion detection and prediction systems. Such attacks are difficult to reveal using current intrusion detection systems, since each individual attack phase may appear benign when examined outside of its context. In addition, there are challenges in building supervised learning models for such attacks, since there are limited labelled datasets available. Hence, there is a need for updating already built models to specific operational environments and for addressing the concept drift. Hidden Markov models (HMMs) is a popular framework for sequential modelling, however, in addition to the above challenges, the model parameters are difficult to optimise. This paper proposes a transfer learning (TL) approach that exploits already learned knowledge, gained from a labelled source dataset, and adapts it on a different, unlabelled target dataset. The datasets may be from a different but related domain. Five unsupervised HMM techniques are developed utilising a TL approach and evaluated against conventional machine learning approaches. Baum-Welch (BW), Viterbi training, gradient descent, differential evolution (DE) and simulated annealing, are deployed for the detection of attack stages in the network traffic, as well as, forecasting both the next most probable attack stage and its method of manifestation. Specifically, for the prediction of the three next most likely states and observations, TL with DE achieved a maximum accuracy improvement of 48.3%, and 27.4%, respectively. Finally, the actual detection prediction for the three next most probable states and methods of manifestation reaches 78.9% and 96.3% using TL with BW and DE, respectively

Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks

Hidden Markov Models have been extensively used for determining computer systems under a Multi-Stage Network Attack (MSA), however, acquisition of optimal model training parameters remains a formidable challenge. This paper critically analyses the detection and prediction accuracy of a wide range of training and initialisation algorithms including the expectation-maximisation, spectral, Baum-Welch, differential evolution, K-means, and segmental K-means. The performance of these algorithms has been evaluated, both individually and in a hybrid approach, for detecting all the states and current state, and predicting the next state (NS), and the next observation (NO) of a given alert observation sequence. For generating this alert sequence, the Snort signaturebased intrusion detection system was utilised, using either bespoke or default rules, to raise alerts while examining the DARPA 2000 MSA dataset. The investigation also sheds further light on alternative approaches for forecasting the possible NS and NO in an MSA campaign, as well as, the impact of window size on the prediction performance for all analysed techniques. The results and discussion emphasise on the appropriateness of various techniques for the prediction of NS and NO. Furthermore, NO prediction accuracy has indicated a performance increase of up to 44.95% in the proposed hybrid approaches

Analysis of Hidden Markov Model Learning Algorithms for the Detection and Prediction of Multi-stage Network Attacks - MATLAB Code

This work implements a critical analysis of the detection and prediction accuracy of supervised learning as well as a wide range of unsupervised training and initialisation algorithms including the spectral, Baum–Welch, differential evolution, K-means (with and without using predefined stages), and segmental K-means. The performance of these algorithms has been evaluated, both individually and in a hybrid approach, for detecting all the states and current state, and predicting the next state (NS), and the next observation (NO) of a given alert observation sequence. For generating this alert sequence, the Snort signature-based intrusion detection system was utilised, using either bespoke or default rules, to raise alerts while examining the DARPA 2000 MSA dataset. The results also shed further light on alternative approaches for forecasting the possible NS and NO in an MSA campaign, as well as, the impact of window size on the prediction performance for all analysed techniques.This code reproduces the work and results as described in the Elsevier article "Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks" by Timothy Chadza, Konstantinos Kyriakopoulos & Sangarapillai Lambotharan, published in Future Generation Computer Systems, 2020 (https://doi.org/10.1016/j.future.2020.03.014). This is published under GNU GENERAL PUBLIC LICENSE Version 3. If you use this code, please, cite the above article. To run this code, simply run the main.m file.</div

Experimental performance analysis of wireless links for healthcare applications

Wireless networking is currently being deployed for various applications. However, the application of wireless networking in healthcare remains a challenge mainly because of security and reliability concerns. This paper presents experimental results of performance analysis of a wireless network for healthcare application in the City of Blantyre. The results show that the use of wireless networking in healthcare application will be limited by packet loss, delay and jitter when the number of hops involved in the transmission of information is large. Nevertheless, deployment of wireless networking for healthcare applications is viable when the number of hops a packet has to transverse is small