Biblio

Bluetooth Low Energy mesh networks are emerging as new standard of short burst communications. While security of the messages is guaranteed thought standard encryption techniques, little has been done in terms of actively protecting the overall network in case of attacks aiming to undermine its integrity. Although many network analysis and risk mitigation techniques are currently available, they require considerable amounts of data coming from both legitimate and attack scenarios to sufficiently discriminate among them, which often turns into the requirement of a complete description of the traffic flowing through the network. Furthermore, there are no publicly available datasets to this extent for BLE mesh networks, due most to the novelty of the standard and to the absence of specific implementation tools. To create a reliable mechanism of network analysis suited for BLE in this paper we propose a machine learning Intrusion Detection System (IDS) based on pattern classification and recognition of the most classical denial of service attacks affecting this kind of networks, working on a single internal node, thus requiring a small amount of information to operate. Moreover, in order to overcome the gap created by the absence of data, we present our data collection system based on ESP32 that allowed the collection of the packets from the Network and the Model layers of the BLE Mesh stack, together with a set of experiments conducted to get the necessary data to train the IDS. In the last part, we describe some preliminary results obtained by the experimental setups, focusing on its strengths, as well as on the aspects where further analysis is required, hence proposing some improvements of the classification model as future work. Index Terms-Bluetooth, BLE Mesh, Intrusion Detection System, IoT, network security.

Intrusion Detection System (IDS) is used to identify malicious traffic on the network. Apart from rule-based IDS, machine learning and deep learning based on IDS are also being developed to improve the accuracy of IDS detection. In this study, the public dataset CIC IDS 2017 was used in developing deep learning-based IDS because this dataset contains the new types of attacks. In addition, this dataset also meets the criteria as an intrusion detection dataset. The dataset was split into train data, validation data and test data. We proposed Bidirectional Long-Short Term Memory (LSTM) for building neural network. We created 24 scenarios with various changes in training parameters which were trained for 100 epochs. The training parameters used as research variables are optimizer, activation function, and learning rate. As addition, Dropout layer and L2-regularizer were implemented on every scenario. The result shows that the model used Adam optimizer, Tanh activation function and a learning rate of 0.0001 produced the highest accuracy compared to other scenarios. The accuracy and F1 score reached 97.7264% and 97.7516%. The best model was trained again until 1000 iterations and the performance increased to 98.3448% in accuracy and 98.3793% in F1 score. The result exceeded several previous works on the same dataset.

Cyber-Physical Systems (CPS) suffer from extendable vulnerabilities due to the convergence of the physical world with the cyber world, which makes it victim to a number of sophisticated cyber-attacks. The motives behind such attacks range from criminal enterprises to military, economic, espionage, political, and terrorism-related activities. Many governments are more concerned than ever with securing their critical infrastructure. One of the effective means of detecting threats and securing their infrastructure is the use of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). A number of studies have been conducted and proposed to assess the efficacy and effectiveness of IDS through the use of self-learning techniques, especially in the Industrial Control Systems (ICS) era. This paper investigates and analyzes the utilization of IDS systems and their proposed solutions used to enhance the effectiveness of such systems for CPS. The targeted data extraction was from 2011 to 2021 from five selected sources: IEEE, ACM, Springer, Wiley, and ScienceDirect. After applying the inclusion and exclusion criteria, 20 primary studies were selected from a total of 51 studies in the field of threat detection in CPS, ICS, SCADA systems, and the IoT. The outcome revealed the trends in recent research in this area and identified essential techniques to improve detection performance, accuracy, reliability, and robustness. In addition, this study also identified the most vulnerable target layer for cyber-attacks in CPS. Various challenges, opportunities, and solutions were identified. The findings can help scholars in the field learn about how machine learning (ML) methods are used in intrusion detection systems. As a future direction, more research should explore the benefits of ML to safeguard cyber-physical systems.

At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.

A wireless technology Mobile Ad hoc Network (MANET) that connects a group of mobile devices such as phones, laptops, and tablets suffers from critical security problems, so the traditional defense mechanism Intrusion Detection System (IDS) techniques are not sufficient to safeguard and protect MANET from malicious actions performed by intruders. Due to the MANET dynamic decentralized structure, distributed architecture, and rapid growing of MANET over years, vulnerable MANET does not need to change its infrastructure rather than using intelligent and advance methods to secure them and prevent intrusions. This paper focuses essentially on machine learning methodologies and algorithms to solve the shortage of the first line defense IDS to overcome the security issues MANET experience. Threads such as black hole, routing loops, network partition, selfishness, sleep deprivation, and denial of service (DoS), may be easily classified and recognized using machine learning methodologies and algorithms. Also, machine learning methodologies and algorithms help find ways to reduce and solve mischievous and harmful attacks against intimidation and prying. The paper describes few machine learning algorithms in detail such as Neural Networks, Support vector machine (SVM) algorithm and K-nearest neighbors, and how these methodologies help MANET to resolve their security problems.

As Internet technology gradually matures, the network structure becomes more complex. Therefore, the attack methods of malicious attackers are more diverse and change faster. Fortunately, due to the substantial increase in computer computing power, machine learning is valued and widely used in various fields. It has also been applied to intrusion detection systems. This study found that due to the imperfect data ratio of the unbalanced flow dataset, the model will be overfitting and the misjudgment rate will increase. In response to this problem, this research proposes to use the Cuckoo system to induce malicious samples to generate malicious traffic, to solve the data proportion defect of the unbalanced traffic dataset.

Computer network and virtual machine security is very essential in today's era. Various architectures have been proposed for network security or prevent malicious access of internal or external users. Various existing systems have already developed to detect malicious activity on victim machines; sometimes any external user creates some malicious behavior and gets unauthorized access of victim machines to such a behavior system considered as malicious activities or Intruder. Numerous machine learning and soft computing techniques design to detect the activities in real-time network log audit data. KKDDCUP99 and NLSKDD most utilized data set to detect the Intruder on benchmark data set. In this paper, we proposed the identification of intruders using machine learning algorithms. Two different techniques have been proposed like a signature with detection and anomaly-based detection. In the experimental analysis, demonstrates SVM, Naïve Bayes and ANN algorithm with various data sets and demonstrate system performance on the real-time network environment.

In recent years, with the continuous development of artificial intelligence algorithms, their applications in network intrusion detection have become more and more widespread. However, as the network speed continues to increase, network traffic increases dramatically, and the drawbacks of traditional machine learning methods such as high false alarm rate and long training time are gradually revealed. CNN(Convolutional Neural Networks) can only extract spatial features of data, which is obviously insufficient for network intrusion detection. In this paper, we propose an intrusion detection model that combines CNN and BiSRU (Bi-directional Simple Recurrent Unit) to achieve the goal of intrusion detection by processing network traffic logs. First, we extract the spatial features of the original data using CNN, after that we use them as input, further extract the temporal features using BiSRU, and finally output the classification results by softmax to achieve the purpose of intrusion detection.

With an increasing number of adversarial attacks against Industrial Control Systems (ICS) networks, enhancing the security of such systems is invaluable. Although attack prevention strategies are often in place, protecting against all attacks, especially zero-day attacks, is becoming impossible. Intrusion Detection Systems (IDS) are needed to detect such attacks promptly. Machine learning-based detection systems, especially deep learning algorithms, have shown promising results and outperformed other approaches. In this paper, we study the efficacy of a deep learning approach, namely, Multi Layer Perceptron (MLP), in detecting abnormal behaviors in ICS network traffic. We focus on very common reconnaissance attacks in ICS networks. In such attacks, the adversary focuses on gathering information about the targeted network. To evaluate our approach, we compare MLP with isolation Forest (i Forest), a statistical machine learning approach. Our proposed deep learning approach achieves an accuracy of more than 99% while i Forest achieves only 75%. This helps to reinforce the promise of using deep learning techniques for anomaly detection.

With the development of openness, sharing and interconnection of computer network, the architecture of enterprise network becomes more and more complex, and various network security problems appear. Threat Intelligence(TI) Analysis and situation awareness(SA) are the prediction and analysis technology of enterprise security risk, while intrusion detection technology belongs to active defense technology. In order to ensure the safe operation of computer network system, we must establish a multi-level and comprehensive security system. This paper analyzes many security risks faced by enterprise computer network, and integrates threat intelligence analysis, security situation assessment, intrusion detection and other technologies to build a comprehensive enterprise security system to ensure the security of large enterprise network.

A new round of scientific and technological revolution and industrial reform promote the intelligent development of automobile and promote the deep integration of automobile with Internet, big data, communication and other industries. At the same time, it also brings network and data security problems to automobile, which is very easy to cause national security and social security risks. Intelligent vehicle Ethernet intrusion detection can effectively alleviate the security risk of vehicle network, but the complex attack means and vehicle compatibility have not been effectively solved. This research takes the vehicle Ethernet as the research object, constructs the machine learning samples for neural network, applies the self coding network technology combined with the original characteristics to the network intrusion detection algorithm, and studies a self-learning vehicle Ethernet intrusion detection algorithm. Through the application and test of vehicle terminal, the algorithm generated in this study can be used for vehicle terminal with Ethernet communication function, and can effectively resist 34 kinds of network attacks in four categories. This method effectively improves the network security defense capability of vehicle Ethernet, provides technical support for the network security of intelligent vehicles, and can be widely used in mass-produced intelligent vehicles with Ethernet.

Computer networks are exposed to cyber related attacks due to the common usage of internet, as the result of such, several intrusion detection systems (IDSs) were proposed by several researchers. Among key research issues in securing network is detecting intrusions. It helps to recognize unauthorized usage and attacks as a measure to ensure the secure the network's security. Various approaches have been proposed to determine the most effective features and hence enhance the efficiency of intrusion detection systems, the methods include, machine learning-based (ML), Bayesian based algorithm, nature inspired meta-heuristic techniques, swarm smart algorithm, and Markov neural network. Over years, the various works being carried out were evaluated on different datasets. This paper presents a thorough review on various research articles that employed single, hybrid and ensemble classification algorithms. The results metrics, shortcomings and datasets used by the studied articles in the development of IDS were compared. A future direction for potential researches is also given.

The pervasive and resource-constrained nature of Internet of Things (IoT) devices makes them attractive to be targeted by different means of cyber threats. There are a vast amount of botnets being deployed every day that aim to increase their presence on the Internet for realizing malicious activities with the help of the compromised interconnected devices. Therefore, monitoring IoT networks using intrusion detection systems is one of the major countermeasures against such threats. In this work, we present a machine learning based Wi-Fi intrusion detection system developed specifically for IoT devices. We show that a single multi-class classifier, which operates on the encrypted data collected from the wireless data link layer, is able to detect the benign traffic and six types of IoT attacks with an overall accuracy of 96.85%. Our model is a scalable one since there is no need to train different classifiers for different IoT devices. We also present an alternative attack classifier that outperforms the attack classification model which has been developed in an existing study using the same dataset.

Throughout the years, honeypots have been very useful in tracking down attackers and preventing different types of cyber attacks on a very large scale. It's been almost 3 decades since the discover of honeypots and still more than 80% of the companies rely on this system because of intrusion detection features and low false positive rate. But with time, the attackers tend to start discovering loopholes in the system. Hence it is very important to be up to date with the technology when it comes to protecting a computing device from the emerging cyber attacks. Timely advancements in the security model provided by the honeypots helps in a more efficient use of the resource and also leads to better innovations in that field. The following paper reviews different methods of honeypot network and also gives an insight about the problems that those techniques can face along with their solution. Further it also gives the detail about the most preferred solution among all of the listed techniques in the paper.

The CAN (Controller Area Network) bus, which transmits and receives ECU control information in vehicle, has a critical risk of external intrusion because there is no standardized security system. Recently, the need for IDS (Intrusion Detection System) to detect external intrusion of CAN bus is increasing, and high accuracy and real-time processing for intrusion detection are required. In this paper, we propose Hybrid MR (Machine learning and Ruleset) -IDS based on machine learning and ruleset to improve IDS performance. For high accuracy and detection rate, feature engineering was conducted based on the characteristics of the CAN bus, and the generated features were used in detection step. The proposed Hybrid MR-IDS can cope to various attack patterns that have not been learned in previous, as well as the learned attack patterns by using both advantages of rule set and machine learning. In addition, by collecting CAN data from an actual vehicle in driving and stop state, five attack scenarios including physical effects during all driving cycle are generated. Finally, the Hybrid MR-IDS proposed in this paper shows an average of 99% performance based on F1-score.

The integration of IDS and Internet of Things (IoT) with deep learning plays a significant role in safety. Security has a strong role to play. Application of the IoT network decreases the time complexity and resources. In the traditional intrusion detection systems (IDS), this research work implements the cutting-edge methodologies in the IoT environment. This research is based on analysis, conception, testing and execution. Detection of intrusions can be performed by using the advanced deep learning system and multiagent. The NSL-KDD dataset is used to test the IoT system. The IoT system is used to test the IoT system. In order to detect attacks from intruders of transport layer, efficiency result rely on advanced deep learning idea. In order to increase the system performance, multi -agent algorithms could be employed to train communications agencies and to optimize the feedback training process. Advanced deep learning techniques such as CNN will be researched to boost system performance. The testing part an IoT includes data simulator which will be used to generate in continuous of research work finding with deep learning algorithms of suitable IDS in IoT network environment of current scenario without time complexity.

Vehicular Ad-Hoc Network (VANET) is a subcategory of Intelligent Transportation Systems (ITS) that allows vehicles to communicate with other vehicles and static roadside infrastructure. However, the integration of cyber and physical systems introduce many possible points of attack that make VANET vulnerable to cyber attacks. In this paper, we implemented a machine learning-based intrusion detection system that identifies False Data Injection (FDI) attacks on a vehicular network. A co-simulation framework between MATLAB and NS-3 is used to simulate the system. The intrusion detection system is installed in every vehicle and processes the information obtained from the packets sent by other vehicles. The packet is classified into either trusted or malicious using Support Vector Machines (SVM). The comparison of the performance of the system is evaluated in different scenarios using the following metrics: classification rate, attack detection rate, false positive rate, and detection speed. Simulation results show that the SVM-based IDS is able to provide high accuracy detection, low false positive rate, consequently improving the traffic congestion in the simulated highway.

The growth in the use of virtualization in the last ten years has contributed to the improvement of this technology. The practice of implementing and managing this type of isolated environment raises doubts about the security of such systems. Considering the host's proximity to a container, approaches that use anomaly detection systems attempt to monitor and detect unexpected behavior. Our work aims to use system calls to identify threats within a container environment, using machine learning based strategies to distinguish between expected and unexpected behaviors (possible threats).

Modern Intrusion Detection Systems are able to identify and check all traffic crossing the network segments that they are only set to monitor. Traditional network infrastructures use static detection mechanisms that check and monitor specific types of malicious traffic. To mitigate this potential waste of resources and improve scalability across an entire network, we propose a methodology which deploys distributed IDS in a Software Defined Network allowing them to be used for specific types of traffic as and when it appears on a network. The core of our work is the creation of an SDN application that takes input from a Snort IDS instances, thus working as a classifier for incoming network traffic with a static ruleset for those classifications. Our application has been tested on a virtualised platform where it performed as planned holding its position for limited use on static and controlled test environments.

Data provenance (keeping track of who did what, where, when and how) boasts of various attractive use cases for distributed systems, such as intrusion detection, forensic analysis and secure information dependability. This potential, however, can only be realized if provenance is accessible by its primary stakeholders: the end-users. Existing provenance systems are designed in a `all-or-nothing' fashion, making provenance inaccessible, difficult to extract and crucially, not controlled by its key stakeholders. To mitigate this, we propose that provenance be separated into system, data-specific and file-metadata provenance. Furthermore, we expand data-specific provenance as changes at a fine-grain level, or provenance-per-change, that is recorded alongside its source. We show that with the use of delta-encoding, provenance-per-change is viable, asserting our proposed architecture to be effectively realizable.

Modern cars are becoming more accessible targets for cyberattacks due to the proliferation of wireless communication channels. The intra-vehicle Controller Area Network (CAN) bus lacks authentication, which exposes critical components to interference from less secure, wirelessly compromised modules. To address this issue, we propose vProfile, a sender authentication system based on voltage fingerprints of Electronic Control Units (ECUs). vProfile exploits the physical properties of ECU output voltages on the CAN bus to determine the authenticity of bus messages, which enables the detection of both hijacked ECUs and external devices connected to the bus. We show the potential of vProfile using experiments on two production vehicles with precision and recall scores of over 99.99%. The improved identification rates and more straightforward design of vProfile make it an attractive improvement over existing methods.

Algorithms for unsupervised anomaly detection have proven their effectiveness and flexibility, however, first it is necessary to calculate with what ratio a certain class begins to be considered anomalous by the autoencoder. For this reason, we propose to conduct a study of the efficiency of autoencoders depending on the ratio of anomalous and non-anomalous classes. The emergence of high-speed networks in electric power systems creates a tight interaction of cyberinfrastructure with the physical infrastructure and makes the power system susceptible to cyber penetration and attacks. To address this problem, this paper proposes an innovative approach to develop a specification-based intrusion detection framework that leverages available information provided by components in a contemporary power system. An autoencoder is used to encode the causal relations among the available information to create patterns with temporal state transitions, which are used as features in the proposed intrusion detection. This allows the proposed method to detect anomalies and cyber attacks.

Intrusion Detection System (IDS) is one of the most important security tool for many security issues that are prevailing in today's cyber world. Intrusion Detection System is designed to scan the system applications and network traffic to detect suspicious activities and issue an alert if it is discovered. So many techniques are available in machine learning for intrusion detection. The main objective of this project is to apply machine learning algorithms to the data set and to compare and evaluate their performances. The proposed application has used the SVM (Support Vector Machine) and ANN (Artificial Neural Networks) Algorithms to detect the intrusion rates. Each algorithm is used to detect whether the requested data is authorized or contains any anomalies. While IDS scans the requested data if it finds any malicious information it drops that request. These algorithms have used Correlation-Based and Chi-Squared Based feature selection algorithms to reduce the dataset by eliminating the useless data. The preprocessed dataset is trained and tested with the models to obtain the prominent results, which leads to increasing the prediction accuracy. The NSL KDD dataset has been used for the experimentation. Finally, an accuracy of about 48% has been achieved by the SVM algorithm and 97% has been achieved by ANN algorithm. Henceforth, ANN model is working better than the SVM on this dataset.

Network information security pipeline based on the grey relational cluster and neural networks is designed and implemented in this paper. This method is based on the principle that the optimal selected feature set must contain the feature with the highest information entropy gain to the data set category. First, the feature with the largest information gain is selected from all features as the search starting point, and then the sample data set classification mark is fully considered. For the better performance, the neural networks are considered. The network learning ability is directly determined by its complexity. The learning of general complex problems and large sample data will bring about a core dramatic increase in network scale. The proposed model is validated through the simulation.

This paper proposes a novel network intrusion detection algorithm based on the combination of Subspace Clustering (SSC) and BP neural network. Firstly, we perform a subspace clustering algorithm on the network data set to obtain different subspaces. Secondly, BP neural network intrusion detection is carried out on the data in different subspaces, and calculate the prediction error value. By comparing with the pre-set accuracy, the threshold is constantly updated to improve the ability to identify network attacks. By comparing with K-means, DBSCAN, SSC-EA and k-KNN intrusion detection model, the SSC-BP neural network model can detect the most attacked networks with the lowest false detection rate.