Biblio

The domain of securing in-vehicle networks has attracted both academic and industrial researchers due to high danger of attacks on drivers and passengers. While securing wired and wireless interfaces is important to defend against these threats, detecting attacks is still the critical phase to construct a robust secure system. There are only a few results on securing communication inside vehicles using anomaly-detection techniques despite their efficiencies in systems that need real-time detection. Therefore, we propose an intrusion detection system (IDS) based on Multi-Layer Perceptron (MLP) neural network for Controller Area Networks (CAN) bus. This IDS divides data according to the ID field of CAN packets using K-means clustering algorithm, then it extracts suitable features and uses them to train and construct the neural network. The proposed IDS works for each ID separately and finally it combines their individual decisions to construct the final score and generates alert in the presence of attack. The strength of our intrusion detection method is that it works simultaneously for two types of attacks which will eliminate the use of several separate IDS and thus reduce the complexity and cost of implementation.

Recent years have seen an increase in the data usage in cars, particularly as they become more autonomous and connected. With the rise in data use have come concerns about automotive cyber-security. An in-vehicle network shown to be particularly vulnerable is the Controller Area Network (CAN), which is the communication bus used by the car's safety critical and performance critical components. Cyber attacks on the CAN have been demonstrated, leading to research to develop attack detection and attack prevention systems. Such research requires representative attack demonstrations and data for testing. Obtaining this data is problematical due to the expense, danger and impracticality of using real cars on roads or tracks for example attacks. Whilst CAN simulators are available, these tend to be configured for testing conformance and functionality, rather than analysing security and cyber vulnerability. We therefore adapt a leading, industry-standard, CAN simulator to incorporate a core set of cyber attacks that are representative of those proposed by other researchers. Our adaptation allows the user to configure the attacks, and can be added easily to the free version of the simulator. Here we describe the simulator and, after reviewing the attacks that have been demonstrated and discussing their commonalities, we outline the attacks that we have incorporated into the simulator.

The presence of security vulnerabilities in automotive networks has already been shown by various publications in recent years. Due to the specification of the Controller Area Network (CAN) as a broadcast medium without security mechanisms, attackers are able to read transmitted messages without being noticed and to inject malicious messages. In order to detect potential attackers within a network or software system as early as possible, Intrusion Detection Systems (IDSs) are prevalent. Many approaches for vehicles are based on techniques which are able to detect deviations from specified CAN network behaviour regarding protocol or payload properties. However, it is challenging to detect attackers who secretly connect to CAN networks and do not actively participate in bus traffic. In this paper, we present an approach that is capable of successfully detecting unknown CAN devices and determining the distance (cable length) between the attacker device and our sensing unit based on Time Domain Reflectometry (TDR) technique. We evaluated our approach on a real vehicle network.

Controller Area Network is the most widely adopted communication standard in automobiles. The CAN protocol is robust and is designed to minimize overhead. The light-weight nature of this protocol implies that it can't efficiently process secure communication. With the exponential increase in automobile communications, there is an urgent need for efficient and effective security countermeasures. We propose a support vector machine based intrusion detection system that is able to detect anomalous behavior with high accuracy. We outline a process for parameter selection and feature vector selection. We identify strengths and weaknesses of our system and propose to extend our work for time-series based data.

Cyber-Physical Systems (CPS) are playing important roles in the critical infrastructure now. A prominent family of CPSs are networked control systems in which the control and feedback signals are carried over computer networks like the Internet. Communication over insecure networks make system vulnerable to cyber attacks. In this article, we design an intrusion detection and compensation framework based on system/plant identification to fight covert attacks. We collect error statistics of the output estimation during the learning phase of system operation and after that, monitor the system behavior to see if it significantly deviates from the expected outputs. A compensating controller is further designed to intervene and replace the classic controller once the attack is detected. The proposed model is tested on a DC motor as the plant and is put against a deception signal amplification attack over the forward link. Simulation results show that the detection algorithm well detects the intrusion and the compensator is also successful in alleviating the attack effects.

Modern operating systems are typical multitasking systems: Running multiple tasks at the same time. Therefore, a large number of system calls belonging to different processes are invoked at the same time. By associating these invocations, one can construct the system dependency graph. In rapidly evolving system dependency graphs, how to quickly find outliers is an urgent issue for intrusion detection. Clustering analysis based on graph similarity will help solve this problem. In this paper, an extended Weisfeiler-Lehman(WL) kernel is proposed. Firstly, an embedded vector with indefinite dimensions is constructed based on the original dependency graph. Then, the vector is compressed with Simhash to generate a fingerprint. Finally, anomaly detection based on clustering is carried out according to these fingerprints. Our scheme can achieve prominent detection with high efficiency. For validation, we choose StreamSpot, a relevant prior work, to act as benchmark, and use the same data set as it to carry out evaluations. Experiments show that our scheme can achieve the highest detection precision of 98% while maintaining a perfect recall performance. Moreover, both quantitative and visual comparisons demonstrate the outperforming clustering effect of our scheme than StreamSpot.

Distributed Denial of Service (DDoS) attacks have been the prominent attacks over the last decade. A Network Intrusion Detection System (NIDS) should seamlessly configure to fight against these attackers' new approaches and patterns of DDoS attack. In this paper, we propose a NIDS which can detect existing as well as new types of DDoS attacks. The key feature of our NIDS is that it combines different classifiers using ensemble models, with the idea that each classifier can target specific aspects/types of intrusions, and in doing so provides a more robust defense mechanism against new intrusions. Further, we perform a detailed analysis of DDoS attacks, and based on this domain-knowledge verify the reduced feature set [27, 28] to significantly improve accuracy. We experiment with and analyze NSL-KDD dataset with reduced feature set and our proposed NIDS can detect 99.1% of DDoS attacks successfully. We compare our results with other existing approaches. Our NIDS approach has the learning capability to keep up with new and emerging DDoS attack patterns.

Today, network security is a world hot topic in computer security and defense. Intrusions and attacks in network infrastructures lead mostly in huge financial losses, massive sensitive data leaks, thus decreasing efficiency, competitiveness and the quality of productivity of an organization. Network Intrusion Detection System (NIDS) is valuable tool for the defense-in-depth of computer networks. It is widely deployed in network architectures in order to monitor, to detect and eventually respond to any anomalous behavior and misuse which can threat confidentiality, integrity and availability of network resources and services. Thus, the presence of NIDS in an organization plays a vital part in attack mitigation, and it has become an integral part of a secure organization. In this paper, we propose to optimize a very popular soft computing tool widely used for intrusion detection namely Back Propagation Neural Network (BPNN) using a novel hybrid Framework (GASAA) based on improved Genetic Algorithm (GA) and Simulated Annealing Algorithm (SAA). GA is improved through an optimization strategy, namely Fitness Value Hashing (FVH), which reduce execution time, convergence time and save processing power. Experimental results on KDD CUP' 99 dataset show that our optimized ANIDS (Anomaly NIDS) based BPNN, called “ANIDS BPNN-GASAA” outperforms several state-of-art approaches in terms of detection rate and false positive rate. In addition, improvement of GA through FVH has saved processing power and execution time. Thereby, our proposed IDS is very much suitable for network anomaly detection.

Routing Protocol for Low power and Lossy Network (RPL) is a light weight routing protocol designed for LLN (Low Power Lossy Networks). It is a source routing protocol. Due to constrained nature of resources in LLN, RPL is exposed to various attacks such as blackhole attack, wormhole attack, rank attack, version attack, etc. IDS (Intrusion Detection System) is one of the countermeasures for detection and prevention of attacks for RPL based loT. Traditional IDS techniques are not suitable for LLN due to certain characteristics like different protocol stack, standards and constrained resources. In this paper, we have presented various IDS research contribution for RPL based routing attacks. We have also classified the proposed IDS in the literature, according to the detection techniques. Therefore, this comparison will be an eye-opening stuff for future research in mitigating routing attacks for RPL based IoT.

The Internet of things networks is vulnerable to many DOS attacks. Among them, Blackhole attack is one of the severe attacks as it hampers communication among network devices. In general, the solutions presented in the literature for Blackhole detection are not efficient. In addition, the existing approaches do not factor-in, the consumption in resources viz. energy, bandwidth and network lifetime. Further, these approaches are also insensitive to the mechanism used for selecting a parent in on Blackhole formation. Needless to say, a blackhole node if selected as parent would lead to orchestration of this attack trivially and hence it is an important factor in selection of a parent. In this paper, we propose SIEWE (Strainer based Intrusion Detection of Blackhole in 6LoWPAN for the Internet of Things) - an Intrusion detection mechanism to identify Blackhole attack on Routing protocol RPL in IoT. In contrast to the Watchdog based approaches where every node in network runs in promiscuous mode, SIEWE filters out suspicious nodes first and then verifies the behavior of those nodes only. The results that we obtain, show that SIEWE improves the Packet Delivery Ratio (PDR) of the system by blacklisting malicious Blackhole nodes.

Tele-radiology is a technology that helps in bringing the communication between the radiologist, patients and healthcare units situated at distant places. This involves exchange of medical centric data. The medical data may be stored as Electronic Health Records (EHR). These EHRs contain X-Rays, CT scans, MRI reports. Hundreds of scans across multiple radiology centers lead to medical big data (MBD). Healthcare Cloud can be used to handle MBD. Since lack of security to EHRs can cause havoc in medical IT, healthcare cloud must be secure. It should ensure secure sharing and storage of EHRs. This paper proposes the application of decoy technique to provide security to EHRs. The EHRs have the risk of internal attacks and external intrusion. This work addresses and handles internal attacks. It also involves study on honey-pots and intrusion detection techniques. Further it identifies the possibility of an intrusion and alerts the administrator. Also the details of intrusions are logged.

Internet of Things (IoT) has an immense potential for a plethora of applications ranging from healthcare automation to defence networks and the power grid. The security of an IoT network is essentially paramount to the security of the underlying computing and communication infrastructure. However, due to constrained resources and limited computational capabilities, IoT networks are prone to various attacks. Thus, safeguarding the IoT network from adversarial attacks is of vital importance and can be realised through planning and deployment of effective security controls; one such control being an intrusion detection system. In this paper, we present a novel intrusion detection scheme for IoT networks that classifies traffic flow through the application of deep learning concepts. We adopt a newly published IoT dataset and generate generic features from the field information in packet level. We develop a feed-forward neural networks model for binary and multi-class classification including denial of service, distributed denial of service, reconnaissance and information theft attacks against IoT devices. Results obtained through the evaluation of the proposed scheme via the processed dataset illustrate a high classification accuracy.

An information system based on real-time file integrations has an important role in today's organizations' work process management. By connecting to the network, file flow and integration between corporate systems have gained a great significance. In addition, network and security issues have emerged depending on the file structure and transfer processes. Thus, there has become a need for an effective and self-learning anomaly detection module for file transfer processes in order to provide the persistence of integration channels, accountability of transfer logs and data integrity. This paper proposes a novel anomaly detection approach that focuses on file size and integration duration of file transfers between enterprise systems. For this purpose, size and time anomalies on transferring files will be detected by a machine learning-based structure. Later, an alarm system is going to be developed in order to inform the authenticated individuals about the anomalies.

Deep learning techniques have been widely used in intrusion detection, but their application on convolutional neural networks (CNN) is still immature. The main challenge is how to represent the network traffic to improve performance of the CNN model. In this paper, we propose a network intrusion detection algorithm based on representation learning using Fast Fourier Transformation (FFT), which is first exploration that converts traffic to image by FFT to the best of our knowledge. Each traffic is converted to an image and then the intrusion detection problem is turned to image classification. The experiment results on NSL-KDD dataset show that the classification performence of the algorithm in the CNN model has obvious advantages compared with other algorithms.

One of the latest emerging technologies is artificial intelligence, which makes the machine mimic human behavior. The most important component used to detect cyber attacks or malicious activities is the Intrusion Detection System (IDS). Artificial intelligence plays a vital role in detecting intrusions and widely considered as the better way in adapting and building IDS. In trendy days, artificial intelligence algorithms are rising as a brand new computing technique which will be applied to actual time issues. In modern days, neural network algorithms are emerging as a new artificial intelligence technique that can be applied to real-time problems. The proposed system is to detect a classification of botnet attack which poses a serious threat to financial sectors and banking services. The proposed system is created by applying artificial intelligence on a realistic cyber defense dataset (CSE-CIC-IDS2018), the very latest Intrusion Detection Dataset created in 2018 by Canadian Institute for Cybersecurity (CIC) on AWS (Amazon Web Services). The proposed system of Artificial Neural Networks provides an outstanding performance of Accuracy score is 99.97% and an average area under ROC (Receiver Operator Characteristic) curve is 0.999 and an average False Positive rate is a mere value of 0.001. The proposed system using artificial intelligence of botnet attack detection is powerful, more accurate and precise. The novel proposed system can be implemented in n machines to conventional network traffic analysis, cyber-physical system traffic data and also to the real-time network traffic analysis.

With the continuous development of computer network technology, security problems in the network are emerging one after another, and it is becoming more and more difficult to ignore. For the current network administrators, how to successfully prevent malicious network hackers from invading, so that network systems and computers are at Safe and normal operation is an urgent task. This paper proposes a network intrusion detection method based on deep learning. This method uses deep confidence neural network to extract features of network monitoring data, and uses BP neural network as top level classifier to classify intrusion types. The method was validated using the KDD CUP'99 dataset from the Lincoln Laboratory of the Massachusetts Institute of Technology. The results show that the proposed method has a significant improvement over the traditional machine learning accuracy.

Network intrusion detection is an important component of network security. Currently, the popular detection technology used the traditional machine learning algorithms to train the intrusion samples, so as to obtain the intrusion detection model. However, these algorithms have the disadvantage of low detection rate. Deep learning is more advanced technology that automatically extracts features from samples. In view of the fact that the accuracy of intrusion detection is not high in traditional machine learning technology, this paper proposes a network intrusion detection model based on convolutional neural network algorithm. The model can automatically extract the effective features of intrusion samples, so that the intrusion samples can be accurately classified. Experimental results on KDD99 datasets show that the proposed model can greatly improve the accuracy of intrusion detection.

The objective of this paper is to propose a distributed intrusion detection model based on a multi agent system. Mutli Agent Systems (MAS) are very suitable for intrusion detection systems as they meet the characteristics required by the networks and Big Data issues. The MAS agents cooperate and communicate with each other to ensure the effective detection of network intrusions without the intervention of an expert as used to be in the classical intrusion detection systems relying on signature matching to detect known attacks. The proposed model helped to detect known and unknown attacks within big computer infrastructure by responding to the network requirements in terms of distribution, autonomy, responsiveness and communication. The proposed model is capable of achieving a good and a real time intrusion detection using multi-agents paradigm and Hadoop Distributed File System (HDFS).

This paper work is focused on Performance comparison of intrusion detection system between DBN Algorithm and SPELM Algorithm. Researchers have used this new algorithm SPELM to perform experiments in the area of face recognition, pedestrian detection, and for network intrusion detection in the area of cyber security. The scholar used the proposed State Preserving Extreme Learning Machine(SPELM) algorithm as machine learning classifier and compared it's performance with Deep Belief Network (DBN) algorithm using NSL KDD dataset. The NSL- KDD dataset has four lakhs of data record; out of which 40% of data were used for training purposes and 60% data used in testing purpose while calculating the performance of both the algorithms. The experiment as performed by the scholar compared the Accuracy, Precision, recall and Computational Time of existing DBN algorithm with proposed SPELM Algorithm. The findings have show better performance of SPELM; when compared its accuracy of 93.20% as against 52.8% of DBN algorithm;69.492 Precision of SPELM as against 66.836 DBN and 90.8 seconds of Computational time taken by SPELM as against 102 seconds DBN Algorithm.

The recognition of intrusions has increased impressive enthusiasm for information mining with the acknowledgment that anomalies can be the key disclosure to be produced using extensive network databases. Intrusions emerge because of different reasons, for example, mechanical deficiencies, changes in framework conduct, fake conduct, human blunder and instrument mistake. Surely, for some applications the revelation of Intrusions prompts more intriguing and helpful outcomes than the disclosure of inliers. Discovery of anomalies can prompt recognizable proof of framework blames with the goal that executives can take preventive measures previously they heighten. A network database framework comprises of a sorted out posting of pages alongside programming to control the network information. This database framework has been intended to empower network operations, oversee accumulations of information, show scientific outcomes and to get to these information utilizing networks. It likewise empowers network clients to gather limitless measure of information on unbounded territories of utilization, break down it and return it into helpful data. Network databases are ordinarily used to help information control utilizing dynamic capacities on sites or for putting away area subordinate data. This database holds a surrogate for each network route. The formation of these surrogates is called ordering and each network database does this errand in an unexpected way. In this paper, a structure for compelling access control and Intrusion Detection using outliers has been proposed and used to give viable Security to network databases. The design of this framework comprises of two noteworthy subsystems to be specific, Access Control Subsystem and Intrusion Detection Subsystem. In this paper preprocessing module is considered which clarifies the preparing of preprocessing the accessible information. And rain forest method is discussed which is used for intrusion detection.

This paper presents the effects of problem based learning project on a high-school student in Technology school “Electronic systems” associated with Technical University Sofia. The problem is creating an intrusion detection system for Apache HTTP Server with duration 6 months. The intrusion detection system is based on a recurrent neural network classifier namely long-short term memory units.

Now a day, Wireless Sensor Networks are widely used in military applications by its applications, it is extended to healthcare, industrial environments and many more. As we know that, there are some unique features of WSNs such as limited power supply, minimum bandwidth and limited energy. So, to secure traditional network, multiple techniques are available, but we can't use same techniques to secure WSNs. So to increase the overall security of WSNs, we required new ideas as well as new approaches. In general, intrusion prevention is the primary issue in WSNs and intrusion detection already reached to saturation. Thus, we need an efficient solution for proactive intrusion prevention towards WSNs. Thus, formal validation of protocols in WSN is an essential area of research. This research paper aims to formally verify as well as model some protocol used for intrusion detection using AVISPA tool and HLPSL language. In this research paper, the results of authentication and DoS attacks were detected is presented, but there is a need to prevent such type of attacks. In this research paper, a system is proposed in order to avoid intrusion using machine learning for the wireless sensor network. So, the proposed system will be used for intrusion prevention in a wireless sensor network.

In this paper, we introduce a sequential autoencoder framework using long short term memory (LSTM) neural network for computer network intrusion detection. We exploit the dimensionality reduction and feature extraction property of the autoencoder framework to efficiently carry out the reconstruction process. Furthermore, we use the LSTM networks to handle the sequential nature of the computer network data. We assign a threshold value based on cross-validation in order to classify whether the incoming network data sequence is anomalous or not. Moreover, the proposed framework can work on both fixed and variable length data sequence and works efficiently for unforeseen and unpredictable network attacks. We then also use the unsupervised version of the LSTM, GRU, Bi-LSTM and Neural Networks. Through a comprehensive set of experiments, we demonstrate that our proposed sequential intrusion detection framework performs well and is dynamic, robust and scalable.

Due to the massive amount of the network traffic, attackers have a great chance to cause a huge damage to the network system or its users. Intrusion detection plays an important role in ensuring security for the system by detecting the attacks and the malicious activities. In this paper, we utilize CIDDS dataset and apply a deep learning approach, Long-Short-Term Memory (LSTM), to implement intrusion detection system. This research achieves a reasonable accuracy of 0.85.

Software defined networking is a concept proposed to replace traditional networks by separating control plane and data plane. It makes the network more programmable and manageable. As there is a single point of control of the network, it is more vulnerable to intrusion. The idea is to train the network controller by machine learning algorithms to let it make the intelligent decisions automatically. In this paper, we have discussed our approach to make software defined networking more secure from various malicious attacks by making it capable of detecting and preventing such attacks.