35 research outputs found
Designing a Microwave Filter by Studying and Simulating the Discontinuity in the Waveguide
This research aims to design a microwave filter by studying and simulating the discontinuity in the waveguide. We suggest a filter consists of three waveguides connected to each other and different dimensions. Changing the dimensions of the waveguide will change the conditions of propagation of microwaves and in our suggested filter we have two discontinuity regions affecting on the modes of frequencies propagated through the waveguide. We apply Galerkin method for studying the discontinuity region in the waveguide. We have modelled all the calculations and results by Matlab program so we could simulate the filter and study and the effect of changing the dimensions on the propagated modes, calculate [Z] matrix and scattering matrix [S] for the designed filter and find the relation between transmission coefficient (T), reflection coefficient (R) and the frequency (f) to determine the properties of the designed filter.Tento výzkum si klade za cíl navrhnout mikrovlnný filtr studiem a simulaci nespojitosti vlnovodu. Diskutovaný filtr se skládá ze tří vzájemně propojených vlnovodů o rozdílných mechanických rozměrech. Změnou rozměrů vlnovodu se mění podmínky pro šíření mikrovln, přičemž v našem návrhu filtru jsou dvě nespojitosti ovlivňující frekvence šířené vlnovodem. Aplikujeme Galerkinovu metodu pro studium oblasti diskontinuity vlnovodu. Pro modelování těchto jevů byly použity nástroje programu Matlab, takže jsme mohli simulovat a studovat vliv změn rozměrů filtru na parametry matice šíření [Z] a rozptylové matice [S] pro navržený filtr a najít vztah mezi součinitel prostupu (T), činitel odrazu (R) a frekvence (f) k určení vlastností navrženého filtru.This research aims to design a microwave filter by studying and simulating the discontinuity in the waveguide. We suggest a filter consists of three waveguides connected to each other and different dimensions. Changing the dimensions of the waveguide will change the conditions of propagation of microwaves and in our suggested filter we have two discontinuity regions affecting on the modes of frequencies propagated through the waveguide. We apply Galerkin method for studying the discontinuity region in the waveguide. We have modelled all the calculations and results by Matlab program so we could simulate the filter and study and the effect of changing the dimensions on the propagated modes, calculate [Z] matrix and scattering matrix [S] for the designed filter and find the relation between transmission coefficient (T), reflection coefficient (R) and the frequency (f) to determine the properties of the designed filter
Proposed Approach for Targeted Attacks Detection
For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps.Provozovatelé a uživatelé počítačových sítí se dlouhou dobu snaží eliminovat vliv hackerů a jejich škodlivého SW na své informační systémy s různým stupněm úspěšnosti. Na druhou stranu, počítačoví zločinci vytvářejí stále důmyslnější techniky pro kompromitaci internetové infrastruktury. Cílený útok typu pokročilá trvalá hrozba (APT) je novou metodou jak ovládnout atakovanou síť. APT jsou v současnosti největší hrozbou pro státní instituce a jejich organizace. Tento článek diskutuje související teoretický otázky a navrhnuje nový přístup ke struktuře systému detekcí průniků, který zpracovává síťový provoz a schopen odhalit potenciální APT útoky. Tato detekce APT útoků je založena na korelaci mezi událostmi, které získáme jako výstupy našich detekčních metod. Každá metoda detekce si klade za cíl odhalit jednu techniku používanou v jednom z kroků APT kroku.For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps
A machine-learning-based system for real-time advanced persistent threat detection and prediction
It is widely cited that cyber attacks have become more prevalent on a
global scale. In light of this, the cybercrime industry has been established for
various purposes such as political, economic and socio-cultural aims. Such
attacks can be used as a harmful weapon and cyberspace is often cited as
a battlefield. One of the most serious types of cyber attacks is the Advanced
Persistent Threat (APT), which is a new and more complex version
of multi-step attack. The main aim of the APT attack is espionage and
data exfiltration, which has the potential to cause significant damage and
substantial financial loss.
This research aims to develop a novel system to detect and predict APT
attacks. A Machine-Learning-based APT detection system, called MLAPT,
is proposed. MLAPT runs through three main phases: (1) Threat detection,
in which eight methods are developed to detect different techniques used
during the various APT steps. The implementation and validation of these
methods with real traffic is a significant contribution to the current body of
research; (2) Alert correlation, in which a correlation framework is designed
to link the outputs of the detection methods, aiming to find alerts that could
be related and belong to one APT scenario; and (3) Attack prediction, in
which a machine-learning-based prediction module is proposed based on the
correlation framework output, to be used by the network security team to
determine the probability of the early alerts to develop a complete APT attack.
The correlation framework and prediction module are two other major
contributions in this work. MLAPT is experimentally evaluated and the
presented system is able to predict APT in its early steps with a prediction
accuracy of 84.8%
Recommended from our members
An overview of safety and security analysis frameworks for the Internet of Things
YesThe rapid progress of the Internet of Things (IoT) has continued to offer humanity numerous benefits, including many security and safety-critical applications. However, unlocking the full potential of IoT applications, especially in high-consequence domains, requires the assurance that IoT devices will not constitute risk hazards to the users or the environment. To design safe, secure, and reliable IoT systems, numerous frameworks have been proposed to analyse the safety and security, among other properties. This paper reviews some of the prominent classical and model-based system engineering (MBSE) approaches for IoT systems’ safety and security analysis. The review established that most analysis frameworks are based on classical manual approaches, which independently evaluate the two properties. The manual frameworks tend to inherit the natural limitations of informal system modelling, such as human error, a cumbersome processes, time consumption, and a lack of support for reusability. Model-based approaches have been incorporated into the safety and security analysis process to simplify the analysis process and improve the system design’s efficiency and manageability. Conversely, the existing MBSE safety and security analysis approaches in the IoT environment are still in their infancy. The limited number of proposed MBSE approaches have only considered limited and simple scenarios, which are yet to adequately evaluate the complex interactions between the two properties in the IoT domain. The findings of this survey are that the existing methods have not adequately addressed the analysis of safety/security interdependencies, detailed cyber security quantification analysis, and the unified treatment of safety and security properties. The existing classical and MBSE frameworks’ limitations obviously create gaps for a meaningful assessment of IoT dependability. To address some of the gaps, we proposed a possible research direction for developing a novel MBSE approach for the IoT domain’s safety and security coanalysis framework
A basic probability assignment methodology for unsupervised wireless intrusion detection
YesThe broadcast nature of wireless local area networks has made them prone to several types
of wireless injection attacks, such as Man-in-the-Middle (MitM) at the physical layer, deauthentication, and
rogue access point attacks. The implementation of novel intrusion detection systems (IDSs) is fundamental to
provide stronger protection against these wireless injection attacks. Since most attacks manifest themselves
through different metrics, current IDSs should leverage a cross-layer approach to help toward improving the
detection accuracy. The data fusion technique based on the Dempster–Shafer (D-S) theory has been proven
to be an efficient technique to implement the cross-layer metric approach. However, the dynamic generation
of the basic probability assignment (BPA) values used by D-S is still an open research problem. In this
paper, we propose a novel unsupervised methodology to dynamically generate the BPA values, based on
both the Gaussian and exponential probability density functions, the categorical probability mass function,
and the local reachability density. Then, D-S is used to fuse the BPA values to classify whether the Wi-Fi
frame is normal (i.e., non-malicious) or malicious. The proposed methodology provides 100% true positive
rate (TPR) and 4.23% false positive rate (FPR) for the MitM attack and 100% TPR and 2.44% FPR for the
deauthentication attack, which confirm the efficiency of the dynamic BPA generation methodology.Gulf Science, Innovation and Knowledge Economy Programme of the U.K. Government under UK-Gulf Institutional Link Grant IL 279339985 and in part by the Engineering and Physical Sciences Research Council (EPSRC), U.K., under Grant EP/R006385/1
Hidden Markov models and alert correlations for the prediction of advanced persistent threats
YesCyber security has become a matter of a global interest, and several attacks target industrial companies and governmental organizations. The advanced persistent threats (APTs) have emerged as a new and complex version of multi-stage attacks (MSAs), targeting selected companies and organizations. Current APT detection systems focus on raising the detection alerts rather than predicting APTs. Forecasting the APT stages not only reveals the APT life cycle in its early stages but also helps to understand the attacker's strategies and aims. This paper proposes a novel intrusion detection system for APT detection and prediction. This system undergoes two main phases; the first one achieves the attack scenario reconstruction. This phase has a correlation framework to link the elementary alerts that belong to the same APT campaign. The correlation is based on matching the attributes of the elementary alerts that are generated over a configurable time window. The second phase of the proposed system is the attack decoding. This phase utilizes the hidden Markov model (HMM) to determine the most likely sequence of APT stages for a given sequence of correlated alerts. Moreover, a prediction algorithm is developed to predict the next step of the APT campaign after computing the probability of each APT stage to be the next step of the attacker. The proposed approach estimates the sequence of APT stages with a prediction accuracy of at least 91.80%. In addition, it predicts the next step of the APT campaign with an accuracy of 66.50%, 92.70%, and 100% based on two, three, and four correlated alerts, respectively.The Gulf Science, Innovation and Knowledge Economy Programme of the U.K. Government under UK-Gulf Institutional Link Grant IL 279339985 and in part by the Engineering and Physical Sciences Research Council (EPSRC), U.K., under Grant EP/R006385/1
Multi-stage attack detection using contextual information
The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits
contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network
behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA
is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs
in real-time by 58%
Machine learning for malware detection in network traffic
Developing advanced and efficient malware detection systems is becoming significant in light of the growing threat landscape in cybersecurity. This work aims to tackle the enduring problem of identifying malware and protecting digital assets from cyber-attacks.
Conventional methods frequently prove ineffective in adjusting to the ever-evolving field of harmful activity. As such, novel approaches that improve precision while simultaneously taking into account the ever-changing landscape of modern cybersecurity problems are needed. To address this problem this research focuses on the detection of malware in network traffic. This work proposes
a machine-learning-based approach for malware detection, with particular attention to the Random Forest (RF), Support Vector Machine (SVM), and Adaboost algorithms. In this paper, the model’s
performance was evaluated using an assessment matrix. Included the Accuracy (AC) for overall performance, Precision (PC) for positive predicted values, Recall Score (RS) for genuine positives, and the F1 Score (SC) for a balanced viewpoint. A performance comparison has been performed and the results reveal that the built model utilizing Adaboost has the best performance. The TPR for the three classifiers performs over 97% and the FPR performs < 4% for each of the classifiers. The created model in this paper has the potential to help organizations or experts anticipate and handle malware. The proposed model can be used to make forecasts and provide management solutions in the network’s everyday operational activities
A basic probability assignment methodology for unsupervised wireless intrusion detection
The broadcast nature of Wireless Local Area Networks (WLANs) has made them prone to several types of wireless injection attacks, such as Man-in-the-Middle (MitM) at the physical layer, deauthentication and rogue access point attacks. The implementation of novel Intrusion Detection Systems (IDSs) is fundamental to provide stronger protection against these wireless injection attacks. Because most attacks manifest themselves through different metrics, current IDSs should leverage a cross-layer approach
to help towards improving the detection accuracy. The data fusion technique based on Dempster-Shafer (D-S) theory has been proven to be an efficient data fusion technique to implement the cross-layer metric approach. However, the dynamic generation of the Basic Probability Assignment (BPA) values used by
D-S is still an open research problem. In this paper, we propose a novel unsupervised methodology to dynamically generate the BPA values, based on both the Gaussian and exponential probability density functions (pdf), the categorical probability mass function (pmf), and the local reachability density (lrd). Then, D-S is used to fuse the BPA values to classify whether the Wi-Fi frame is normal (i.e. non-malicious) or malicious. The proposed methodology provides 100% True Positive Rate (TPR) and 4.23% False Positive Rate (FPR) for the MitM attack, and 100% TPR and 2.44% FPR for the deauthentication attack, which confirm the efficiency of the dynamic BPA generation methodology
Recommended from our members
Latent Semantic Analysis and Graph Theory for Alert Correlation: A Proposed Approach for IoT Botnet Detection
YesIn recent times, the proliferation of Internet of Things (IoT) technology has brought a significant shift in the digital transformation of various industries. The enabling technologies have accelerated this adoption. The possibilities unlocked by IoT have been unprecedented, leading to the emergence of smart applications that have been integrated into national infrastructure. However, the popularity of IoT technology has also attracted the attention of adversaries, who have leveraged the inherent limitations of IoT devices to launch sophisticated attacks, including Multi-Stage attacks (MSAs) such as IoT botnet attacks. These attacks have caused significant losses in revenue across industries, amounting to billions of dollars. To address this challenge, this paper proposes a system for IoT botnet detection that comprises two phases. The first phase aims to identify IoT botnet traffic, the input to this phase is the IoT traffic, which is subjected to feature selection and classification model training to distinguish malicious traffic from normal traffic. The second phase analyses the malicious traffic from stage one to identify different botnet attack campaigns. The second stage employs an alert correlation approach that combines the Latent Semantic Analysis (LSA) unsupervised learning and graph theory based techniques. The proposed system was evaluated using a publicly available real IoT traffic dataset and yielded promising results, with a True Positive Rate (TPR) of over 99% and a False Positive Rate (FPR) of 0%.Researchers Supporting Project, King Saud University, Riyadh, Saudi Arabia, under Grant RSPD2024R95