Unsupervised anomaly detection for unlabelled wireless sensor networks data

With the advances in sensor technology, sensor nodes, the tiny yet powerful device are used to collect data from the various domain. As the sensor nodes communicate continuously from the target areas to base station, hundreds of thousands of data are collected to be used for the decision making. Unfortunately, the big amount of unlabeled data collected and stored at the base station. In most cases, data are not reliable due to several reasons. Therefore, this paper will use the unsupervised one-class SVM (OCSVM) to build the anomaly detection schemes for better decision making. Unsupervised OCSVM is preferable to be used in WSNs domain due to the one class of data training is used to build normal reference model. Furthermore, the dimension reduction is used to minimize the resources usage due to resource constraint incurred in WSNs domain. Therefore one of the OCSVM variants namely Centered Hyper-ellipsoidal Support Vector Machine (CESVM) is used as classifier while Candid-Covariance Free Incremental Principal Component Analysis (CCIPCA) algorithm is served as dimension reduction for proposed anomaly detection scheme. Environmental dataset collected from available WSNs data is used to evaluate the performance measures of the proposed scheme. As the results, the proposed scheme shows comparable results for all datasets in term of detection rate, detection accuracy and false alarm rate as compared with other related methods

Distributed CESVM-DR anomaly detection for wireless sensor network

Nowadays, the advancement of the sensor technology, has introduced the smart living community where the sensor is communicating with each other or to other entities. This has introduced the new term called internet-of-things (IoT). The data collected from sensor nodes will be analyzed at the endpoint called based station or sink for decision making. Unfortunately, accurate data is not usually accurate and reliable which will affect the decision making at the base station. There are many reasons constituted to the inaccurate and unreliable data like the malicious attack, harsh environment as well as the sensor node failure itself. In a worse case scenario, the node failure will also lead to the dysfunctional of the entire network. Therefore, in this paper, an unsupervised one-class SVM (OCSVM) is used to build the anomaly detection schemes in recourse constraint Wireless Sensor Networks (WSNs). Distributed network topology will be used to minimize the data communication in the network which can prolong the network lifetime. Meanwhile, the dimension reduction has been providing the lightweight of the anomaly detection schemes. In this paper Distributed Centered Hyperellipsoidal Support Vector Machine (DCESVM-DR) anomaly detection schemes is proposed to provide the efficiency and effectiveness of the anomaly detection schemes

Ransomware detection using the dynamic analysis and machine learning: A survey and research directions

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research

Deep Kalman neuro fuzzy-based adaptive broadcasting scheme for Vehicular Ad Hoc Network: A context-aware approach

Vehicular Ad Hoc Networks (VANETs) are among the main enablers for future Intelligent Transportation Systems (ITSs) as they facilitate information sharing, which improves road safety, traffic efficiency, and provides passengers' comfort. Due to the dynamic nature of VANETs, vehicles need to exchange the Cooperative Awareness Messages (CAMs) more frequently to maintain network agility and preserve applications' performance. However, in many situations, broadcasting at a high rate leads to congest the communication channel, rendering VANET unreliable. Existing broadcasting schemes designed for VANET use partial context variables to control the broadcasting rate. Additionally, CAMs uncertainty, which is context-dependent has been neglected and a predefined fixed certainty threshold has been used instead, which is not suitable for the highly dynamic context. Consequently, vehicles disseminate a high rate of unnecessary CAMs which degrades VANET performance. A good broadcasting scheme should accurately determine which and when CAMs are broadcasted. To this end, this study proposes a Context-Aware Adaptive Cooperative Awareness Messages Broadcasting Scheme (CA-ABS) using combinations of Adaptive Kalman Filter, Autoregression, and Sequential Deep Learning and Fuzzy inference system. Four context variables have been used to represent the vehicular context, namely, individual driving behaviors, CAMs uncertainty, vehicle density, and traffic flow. Kalman Filter and Autoregression are used to estimate and predict the CAMs messages respectively. The deep learning model has been constructed to estimate the CAMs' uncertainties which is an important context variable that has been neglected in the previous research. Fuzzy Inference System takes context variables as input and determines an accurate broadcasting threshold and broadcasting interval. Extensive simulations have been conducted to evaluate the proposed scheme. Results show that the proposed scheme improves the CAMs delivery ratio and decreases the CAMs prediction errors

A survey of intrusion detection schemes in wireless sensor networks

Wireless Sensor Networks (WSNs) are currently used in many application areas including military applications, health related applications, control and tracking applications and environment and habitat monitoring applications. The harsh and unattended deployment of these networks along with their resource restrictions makes their security issue very important. Prevention-based security approaches like cryptography, authentication and key management have been used to protect WSNs from different kinds of attacks but these approaches are not enough to protect the network from insider attacks that may extract sensitive information even in the presence of the prevention-based solution. Detection-based approaches are then proposed to protect WSNs from insider attacks and act as a second line defense after the failure of the prevention-based approaches. Many intrusion detection schemes have been introduced for WSN in the literature. In this article, we present a survey of intrusion detection schemes in WSNs. First, we present the similar works and show their differences from this work. After that, we outline the fundamentals of intrusion detection in WSNs, describing the types of attacks and state the motivation for intrusion detection in WSNs. Then, we demonstrate the challenges of developing an ideal intrusion detection scheme for WSNs followed by the main requirements of a good candidate intrusion detection scheme. The state-of-the-art intrusion detection schemes are then presented based on the techniques used in each scheme and categorizing them into four main categories: rule-based, data mining and computational intelligence based, game theoretical based and statistical based. The analysis of each scheme in these categories is presented showing their advantages and drawbacks. By the end of each category, we state the general advantages and shortcomings of each category. The survey ends by recommending some important research opportunities in this field for future research

A Trust Management Model for IoT Devices and Services Based on the Multi-Criteria Decision-Making Approach and Deep Long Short-Term Memory Technique

Recently, Internet of Things (IoT) technology has emerged in many aspects of life, such as transportation, healthcare, and even education. IoT technology incorporates several tasks to achieve the goals for which it was developed through smart services. These services are intelligent activities that allow devices to interact with the physical world to provide suitable services to users anytime and anywhere. However, the remarkable advancement of this technology has increased the number and the mechanisms of attacks. Attackers often take advantage of the IoTs’ heterogeneity to cause trust problems and manipulate the behavior to delude devices’ reliability and the service provided through it. Consequently, trust is one of the security challenges that threatens IoT smart services. Trust management techniques have been widely used to identify untrusted behavior and isolate untrusted objects over the past few years. However, these techniques still have many limitations like ineffectiveness when dealing with a large amount of data and continuously changing behaviors. Therefore, this paper proposes a model for trust management in IoT devices and services based on the simple multi-attribute rating technique (SMART) and long short-term memory (LSTM) algorithm. The SMART is used for calculating the trust value, while LSTM is used for identifying changes in the behavior based on the trust threshold. The effectiveness of the proposed model is evaluated using accuracy, loss rate, precision, recall, and F-measure on different data samples with different sizes. Comparisons with existing deep learning and machine learning models show superior performance with a different number of iterations. With 100 iterations, the proposed model achieved 99.87% and 99.76% of accuracy and F-measure, respectively

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

Concerns about cybersecurity and attack methods have risen in the information age. Many techniques are used to detect or deter attacks, such as intrusion detection systems (IDSs), that help achieve security goals, such as detecting malicious attacks before they enter the system and classifying them as malicious activities. However, the IDS approaches have shortcomings in misclassifying novel attacks or adapting to emerging environments, affecting their accuracy and increasing false alarms. To solve this problem, researchers have recommended using machine learning approaches as engines for IDSs to increase their efficacy. Machine-learning techniques are supposed to automatically detect the main distinctions between normal and malicious data, even novel attacks, with high accuracy. However, carefully designed adversarial input perturbations during the training or testing phases can significantly affect their predictions and classifications. Adversarial machine learning (AML) poses many cybersecurity threats in numerous sectors that use machine-learning-based classification systems, such as deceiving IDS to misclassify network packets. Thus, this paper presents a survey of adversarial machine-learning strategies and defenses. It starts by highlighting various types of adversarial attacks that can affect the IDS and then presents the defense strategies to decrease or eliminate the influence of these attacks. Finally, the gaps in the existing literature and future research directions are presented

A Dynamic Trust-Related Attack Detection Model for IoT Devices and Services Based on the Deep Long Short-Term Memory Technique

The integration of the cloud and Internet of Things (IoT) technology has resulted in a significant rise in futuristic technology that ensures the long-term development of IoT applications, such as intelligent transportation, smart cities, smart healthcare, and other applications. The explosive growth of these technologies has contributed to a significant rise in threats with catastrophic and severe consequences. These consequences affect IoT adoption for both users and industry owners. Trust-based attacks are the primary selected weapon for malicious purposes in the IoT context, either through leveraging established vulnerabilities to act as trusted devices or by utilizing specific features of emerging technologies (i.e., heterogeneity, dynamic nature, and a large number of linked objects). Consequently, developing more efficient trust management techniques for IoT services has become urgent in this community. Trust management is regarded as a viable solution for IoT trust problems. Such a solution has been used in the last few years to improve security, aid decision-making processes, detect suspicious behavior, isolate suspicious objects, and redirect functionality to trusted zones. However, these solutions remain ineffective when dealing with large amounts of data and constantly changing behaviors. As a result, this paper proposes a dynamic trust-related attack detection model for IoT devices and services based on the deep long short-term memory (LSTM) technique. The proposed model aims to identify the untrusted entities in IoT services and isolate untrusted devices. The effectiveness of the proposed model is evaluated using different data samples with different sizes. The experimental results showed that the proposed model obtained a 99.87% and 99.76% accuracy and F-measure, respectively, in the normal situation, without considering trust-related attacks. Furthermore, the model effectively detected trust-related attacks, achieving a 99.28% and 99.28% accuracy and F-measure, respectively

Enhancing the Sustainability of Deep-Learning-Based Network Intrusion Detection Classifiers against Adversarial Attacks

An intrusion detection system (IDS) is an effective tool for securing networks and a dependable technique for improving a user’s internet security. It informs the administration whenever strange conduct occurs. An IDS fundamentally depends on the classification of network packets as benign or attack. Moreover, IDSs can achieve better results when built with machine learning (ML)/deep learning (DL) techniques, such as convolutional neural networks (CNNs). However, there is a limitation when building a reliable IDS using ML/DL techniques, which is their vulnerability to adversarial attacks. Such attacks are crafted by attackers to compromise the ML/DL models, which affects their accuracy. Thus, this paper describes the construction of a sustainable IDS based on the CNN technique, and it presents a method for defense against adversarial attacks that enhances the IDS’s accuracy and ensures it is more reliable in performing classification. To achieve this goal, first, two IDS models with a convolutional neural network (CNN) were built to enhance the IDS accuracy. Second, seven adversarial attack scenarios were designed against the aforementioned CNN-based IDS models to test their reliability and efficiency. The experimental results show that the CNN-based IDS models achieved significant increases in the intrusion detection system accuracy of 97.51% and 95.43% compared with the scores before the adversarial scenarios were applied. Furthermore, it was revealed that the adversarial attacks caused the models’ accuracy to significantly decrease from one attack scenario to another. The Auto-PGD and BIM attacks had the strongest effect against the CNN-based IDS models, with accuracy drops of 2.92% and 3.46%, respectively. Third, this research applied the adversarial perturbation elimination with generative adversarial nets (APE_GAN++) defense method to enhance the accuracy of the CNN-based IDS models after they were affected by adversarial attacks, which was shown to increase after the adversarial attacks in an intelligible way, with accuracy scores ranging between 78.12% and 89.40%

Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense

Concerns about cybersecurity and attack methods have risen in the information age. Many techniques are used to detect or deter attacks, such as intrusion detection systems (IDSs), that help achieve security goals, such as detecting malicious attacks before they enter the system and classifying them as malicious activities. However, the IDS approaches have shortcomings in misclassifying novel attacks or adapting to emerging environments, affecting their accuracy and increasing false alarms. To solve this problem, researchers have recommended using machine learning approaches as engines for IDSs to increase their efficacy. Machine-learning techniques are supposed to automatically detect the main distinctions between normal and malicious data, even novel attacks, with high accuracy. However, carefully designed adversarial input perturbations during the training or testing phases can significantly affect their predictions and classifications. Adversarial machine learning (AML) poses many cybersecurity threats in numerous sectors that use machine-learning-based classification systems, such as deceiving IDS to misclassify network packets. Thus, this paper presents a survey of adversarial machine-learning strategies and defenses. It starts by highlighting various types of adversarial attacks that can affect the IDS and then presents the defense strategies to decrease or eliminate the influence of these attacks. Finally, the gaps in the existing literature and future research directions are presented