Biblio

Distributed denial of service (DDoS) attacks is one of the most evolving threats in the current Internet situation and yet there is no effective mechanism to curb it. In the field of DDoS attacks, as in all other areas of cybersecurity, attackers are increasingly using sophisticated methods. The work in this paper focuses on using Artificial Neural Network to detect various types of DDOS attacks(UDP-Flood, Smurf, HTTP-Flood and SiDDoS). We would be mainly focusing on the network and transport layer DDoS attacks. Additionally, the time and space complexity is also calculated to further improve the efficiency of the model implemented and overcome the limitations found in the research gap. The results obtained from our analysis on the dataset show that our proposed methods can better detect the DDoS attack.

This paper discusses DDoS attacks, their current threat level and IDS systems, which are one of the main tools to protect against them. It focuses on the problems encountered by IDS systems in detecting DDoS attacks and the difficulties and challenges of integrating them with artificial intelligence systems today.

Distributed denial of service (DDoS) attack is a common way of network attack. It has the characteristics of wide distribution, low cost and difficult defense. The traditional algorithms of machine learning (ML) have such shortcomings as excessive systemic overhead and low accuracy in detection of DDoS. In this paper, a CGAN (conditional generative adversarial networks, conditional GAN) -based method is proposed to detect the attack of DDoS. On off-line training, five features are extracted in order to adapt the input of neural network. On the online recognition, CGAN model is adopted to recognize the packets of DDoS attack. The experimental results demonstrate that our proposed method obtains the better performance than the random forest-based method.

It has been a hot research topic to detect and mitigate Distributed Denial-of-Service (DDoS) attacks due to the significant increase of serious threat of such attacks. The rapid growth of Internet of Things (IoT) has intensified this trend, e.g. the Mirai botnet and variants. To address this issue, a light-weight DDoS mitigation mechanism was presented. In the proposed scheme, flooding attacks are detected by stochastic queue allocation which can be executed with widespread and inexpensive commercial products at a network edge. However, the detection process is delayed when the number of incoming flows is large because of the randomness of queue allocation. Thus, in this paper we propose an efficient queue allocation algorithm for rapid DDoS mitigation using limited resources. The idea behind the proposed scheme is to avoid duplicate allocation by decreasing the randomness of the existing scheme. The performance of the proposed scheme was confirmed via theoretical analysis and computer simulation. As a result, it was confirmed that malicious flows are efficiently detected and discarded with the proposed algorithm.

Anonymity is one of the biggest concerns in web security and traffic management. Though web users are concerned about privacy and security various methods are being adopted in making the web more vulnerable. Browsing the web anonymously not only threatens the integrity but also questions the motive of such activity. It is important to classify the network traffic and prevent source and destination from hiding with each other unless it is for benign activity. The paper proposes various methods to classify the dark web at different levels or hierarchies. Various preprocessing techniques are proposed for feature selection and dimensionality reduction. Anon17 dataset is used for training and testing the model. Three levels of classification are proposed in the paper based on the network, traffic type, and application.

Industrial Internet is widely used in the production field. As the openness of networks increases, industrial networks facing increasing security risks. Information and communication technologies are now available for most industrial manufacturing. This industry-oriented evolution has driven the emergence of cloud systems, the Internet of Things (IoT), Big Data, and Industry 4.0. However, new technologies are always accompanied by security vulnerabilities, which often expose unpredictable risks. Industrial safety has become one of the most essential and challenging requirements. In this article, we highlight the serious challenges facing Industry 4.0, introduce industrial security issues and present the current awareness of security within the industry. In this paper, we propose solutions for the anomaly detection and defense of the industrial Internet based on the demand characteristics of network security, the main types of intrusions and their vulnerability characteristics. The main work is as follows: This paper first analyzes the basic network security issues, including the network security needs, the security threats and the solutions. Secondly, the security requirements of the industrial Internet are analyzed with the characteristics of industrial sites. Then, the threats and attacks on the network are analyzed, i.e., system-related threats and process-related threats; finally, the current research status is introduced from the perspective of network protection, and the research angle of this paper, i.e., network anomaly detection and network defense, is proposed in conjunction with relevant standards. This paper proposes a software-defined network (SDN)-based industrial Internet security gateway for the security protection of the industrial Internet. Since there are some known types of attacks in the industrial network, in order to fully exploit the effective information, we combine the ExtratreesClassifier to enhance the detection rate of anomaly detection. In order to verify the effectiveness of the algorithm, this paper simulates an industrial network attack, using the acquired training data for testing. The test data are industrial network traffic datasets, and the experimental results show that the algorithm is suitable for anomaly detection in industrial networks.

Even if there is a rapid proliferation with the advantages of low cost, the emerging on-demand cloud services have led to an increase in cybercrime activities. Cyber criminals are utilizing cloud services through its distributed nature of infrastructure and create a lot of challenges to detect and investigate the incidents by the security personnel. The tracing of command flow forms a clue for the detection of malicious activity occurring in the system through System Calls Analysis (SCA). As machine learning based approaches are known to automate the work in detecting malwares, simple Support Vector Machine (SVM) based approaches are often reporting low value of accuracy. In this work, a malware classification system proposed with the supervised machine learning of unknown malware instances through Support Vector Machine - Stochastic Gradient Descent (SVM-SGD) algorithm. The performance of the system evaluated on CIC-IDS2017 dataset with labelled attacks. The system is compared with traditional signature based detection model and observed to report less number of false alerts with improved accuracy. The signature based detection gets an accuracy of 86.12%, while the SVM-SGD gets the best accuracy of 99.13%. The model is found to be lightweight but efficient in detecting malware with high degree of accuracy.

Internet of Things (IoT) is penetrating into every aspect of our personal lives including our body, our home and our living environment which poses numerous security challenges. The number of heterogeneous connected devices is increasing exponentially in IoT, which in turn increases the attack surface of IoT. This forces the need for uniform, distributed security mechanism which can efficiently detect the attack at faster rate in highly scalable IoT environment. The proposed work satisfies this requirement by providing a security framework which combines Fog computing and Software Defined Networking (SDN). The experimental results depicts the effectiveness in protecting the IoT applications at faster rate

Network security is of vital importance, and Information Technology admins must always be vigilant. But they often lack the expertise and skills required to harden the network properly, in with the emergence of security threats. The router plays a significant role in maintaining operational security for an organization. When it comes to information security, information security professionals mainly focus on protecting items such as firewalls, virtual private networks, etc. Routers are the foundation of any network's communication method, which means all the network information passes through the routers, making them a desirable target. The proposed automation of the router security hardening solution will immediately improve the security of routers and ensure that they are updated and hardened with minimal human intervention and configuration changes. This is specially focused on small and medium-sized organizations lacking workforce and expertise on network security and will help secure the routers with less time consumption, cost, and increased efficiency. The solution consists of four primary functions, initial configuration, vulnerability fixing, compliance auditing, and rollback. These focus on all aspects of router security in a network, from its configuration when it is initially connected to the network to checking its compliance errors, continuously monitoring the vulnerabilities that need to be fixed, and ensuring that the behavior of the devices is stable and shows no abnormalities when it comes to configuration changes.

Monitoring and managing electric power generation, distribution and transmission requires supervisory control and data acquisition (SCADA) systems. As technology has developed, these systems have become huge, complicated, and distributed, which makes them susceptible to new risks. In particular, the lack of security in SCADA systems make them a target for network attacks such as denial of service (DoS) and developing solutions for this issue is the main objective of this thesis. By reviewing various existing system solutions for securing SCADA systems, a new security approach is recommended that employs Artificial Intelligence(AI). AI is an innovative approach that imparts learning ability to software. Here deep learning algorithms and machine learning algorithms are used to develop an intrusion detection system (IDS) to combat cyber-attacks. Various methods and algorithms are evaluated to obtain the best results in intrusion detection. The results reveal the Bi-LSTM IDS technique provides the highest intrusion detection (ID) performance compared with previous techniques to secure SCADA systems

Natural language processing (NLP) is a division of artificial intelligence. The constructed model's quality is entirely reliant on the training dataset's quality. A data streaming pipeline is an adhesive application, completing a managed connection from data sources to machine learning methods. The recommended NLP pipeline composition has well-defined procedures. The implemented message broker design is a usual apparatus for delivering events. It makes it achievable to construct a robust training dataset for machine learning use-case and serve the model's input. The reconstructed dataset is a valid input for the machine learning processes. Based on the data pipeline's product, the model recreation and redeployment can be scheduled automatically.

The traditional KNN algorithm takes insufficient consideration of the spatial distribution of training samples, which leads to low accuracy in processing high-dimensional data sets. Moreover, the generation of k nearest neighbors requires all known samples to participate in the distance calculation, resulting in high time overhead. To solve these problems, a feature subspace based KNN algorithm (Feature Subspace KNN, FSS-KNN) is proposed in this paper. First, the FSS-KNN algorithm solves all the feature subspaces according to the distribution of the training samples in the feature space, so as to ensure that the samples in the same subspace have higher similarity. Second, the corresponding feature subspace is matched for the test set samples. On this basis, the search of k nearest neighbors is carried out in the corresponding subspace first, thus improving the accuracy and efficiency of the algorithm. Experimental results show that compared with the traditional KNN algorithm, FSS-KNN algorithm improves the accuracy and efficiency on Kaggle data set and UCI data set. Compared with the other four classical machine learning algorithms, FSS-KNN algorithm can significantly improve the accuracy.

K-nearest neighbor algorithm that searches the K closest samples in a high dimensional feature space is one of the most fundamental tasks in machine learning and image retrieval applications. Computational storage device that combines computing unit and storage module on a single board becomes popular to address the data bandwidth bottleneck of the conventional computing system. In this paper, we propose a nearest neighbor search acceleration platform based on computational storage device, which can process a large-scale image dataset efficiently in terms of speed, energy, and cost. We believe that the proposed acceleration platform is promising to be deployed in cloud datacenters for data-intensive applications.

With the rise of Internet of Things (IoT) devices, home network management and security are becoming complex. There is an urgent requirement to make smart home network management more efficient. This work proposes an SDN-based architecture to secure smart home networks through K-Nearest Neighbor (KNN) based device classifications and malicious traffic detection. The efficiency is enhanced by offloading the computation-intensive KNN model to a Field Programmable Gate Arrays (FPGA). Furthermore, we propose a custom KNN solution that exhibits the best performance on an FPGA compared with four alternative KNN instances (i.e., 78% faster than a parallel Bubble Sort-based implementation and 99% faster than three other sorting algorithms). Moreover, with 36,225 training samples, the proposed KNN solution classifies a test query with 95% accuracy in approximately 4 ms on an FPGA compared to 57 seconds on a CPU platform. This highlights the promise of FPGA-based platforms for edge computing applications in the smart home.

In recent years, with the continuous development of artificial intelligence algorithms, their applications in network intrusion detection have become more and more widespread. However, as the network speed continues to increase, network traffic increases dramatically, and the drawbacks of traditional machine learning methods such as high false alarm rate and long training time are gradually revealed. CNN(Convolutional Neural Networks) can only extract spatial features of data, which is obviously insufficient for network intrusion detection. In this paper, we propose an intrusion detection model that combines CNN and BiSRU (Bi-directional Simple Recurrent Unit) to achieve the goal of intrusion detection by processing network traffic logs. First, we extract the spatial features of the original data using CNN, after that we use them as input, further extract the temporal features using BiSRU, and finally output the classification results by softmax to achieve the purpose of intrusion detection.

This work seeks to advance the state of the art in HPC I/O performance analysis and interpretation. In particular, we demonstrate effective techniques to: (1) model output performance in the presence of I/O interference from production loads; (2) build features from write patterns and key parameters of the system architecture and configurations; (3) employ suitable machine learning algorithms to improve model accuracy. We train models with five popular regression algorithms and conduct experiments on two distinct production HPC platforms. We find that the lasso and random forest models predict output performance with high accuracy on both of the target systems. We also explore use of the models to guide adaptation in I/O middleware systems, and show potential for improvements of at least 15% from model-guided adaptation on 70% of samples, and improvements up to 10 x on some samples for both of the target systems.

Web Scraping is the technique of extracting desired data in an automated way by scanning the internal links and content of a website, this activity usually performed by systematically programmed bots. This paper explains our proposed solution to protect the blog content from theft and from being copied to other destinations by mitigating the scraping bots. To achieve our purpose we applied two steps in two levels, the first one, on the main blog page level, mitigated the work of crawler bots by adding extra empty articles anchors among real articles, and the next step, on the article page level, we add a random number of empty and hidden spans with randomly generated text among the article's body. To assess this solution we apply it to a local project developed using PHP language in Laravel framework, and put four criteria that measure the effectiveness. The results show that the changes in the file size before and after the application do not affect it, also, the processing time increased by few milliseconds which still in the acceptable range. And by using the HTML-similarity tool we get very good results that show the symmetric over style, with a few bit changes over the structure. Finally, to assess the effects on the bots, scraper bot reused and get the expected results from the programmed middleware. These results show that the solution is feasible to be adopted and use to protect blogs content.

Computer networks are exposed to cyber related attacks due to the common usage of internet, as the result of such, several intrusion detection systems (IDSs) were proposed by several researchers. Among key research issues in securing network is detecting intrusions. It helps to recognize unauthorized usage and attacks as a measure to ensure the secure the network's security. Various approaches have been proposed to determine the most effective features and hence enhance the efficiency of intrusion detection systems, the methods include, machine learning-based (ML), Bayesian based algorithm, nature inspired meta-heuristic techniques, swarm smart algorithm, and Markov neural network. Over years, the various works being carried out were evaluated on different datasets. This paper presents a thorough review on various research articles that employed single, hybrid and ensemble classification algorithms. The results metrics, shortcomings and datasets used by the studied articles in the development of IDS were compared. A future direction for potential researches is also given.

Machine learning is implemented extensively in various applications. The machine learning algorithms teach computers to do what comes naturally to humans. The objective of this study is to do comparison on the predictive models in cyberbullying detection between the basic machine learning system and the proposed system with the involvement of feature selection technique, resampling and hyperparameter optimization by using two classifiers; Support Vector Classification Linear and Decision Tree. Corpus from ASKfm used to extract word n-grams features before implemented into eight different experiments setup. Evaluation on performance metric shows that Decision Tree gives the best performance when tested using feature selection without resampling and hyperparameter optimization involvement. This shows that the proposed system is better than the basic setting in machine learning.

Protecting privacy of the user location in Internet of Things (IoT) applications is a complex problem. Peer-to-peer (P2P) approach is one of the most popular techniques used to protect privacy in IoT applications, especially that use the location service. The P2P approach requires trust among peers in addition to serious cooperation. These requirements are still an open problem for this approach and its methods. In this paper, we propose an effective solution to this issue by creating a manager for the peers' reputation called R-TTP. Each peer has a new query. He has to evaluate the cooperated peer. Depending on the received result of that evaluation, the main peer will send multiple copies of the same query to multiple peers and then compare results. Moreover, we proposed another scenario to the manager of reputation by depending on Fog computing to enhance both performance and privacy. Relying on this work, a user can determine the most suitable of many available cooperating peers, while avoiding the problems of putting up with an inappropriate cooperating or uncommitted peer. The proposed method would significantly contribute to developing most of the privacy techniques in the location-based services. We implemented the main functions of the proposed method to confirm its effectiveness, applicability, and ease of application.

A wireless technology Mobile Ad hoc Network (MANET) that connects a group of mobile devices such as phones, laptops, and tablets suffers from critical security problems, so the traditional defense mechanism Intrusion Detection System (IDS) techniques are not sufficient to safeguard and protect MANET from malicious actions performed by intruders. Due to the MANET dynamic decentralized structure, distributed architecture, and rapid growing of MANET over years, vulnerable MANET does not need to change its infrastructure rather than using intelligent and advance methods to secure them and prevent intrusions. This paper focuses essentially on machine learning methodologies and algorithms to solve the shortage of the first line defense IDS to overcome the security issues MANET experience. Threads such as black hole, routing loops, network partition, selfishness, sleep deprivation, and denial of service (DoS), may be easily classified and recognized using machine learning methodologies and algorithms. Also, machine learning methodologies and algorithms help find ways to reduce and solve mischievous and harmful attacks against intimidation and prying. The paper describes few machine learning algorithms in detail such as Neural Networks, Support vector machine (SVM) algorithm and K-nearest neighbors, and how these methodologies help MANET to resolve their security problems.

In these days, malware attacks target different kinds of devices as IoT, mobiles, servers even the cloud. It causes several hardware damages and financial losses especially for big companies. Malware attacks represent a serious issue to cybersecurity specialists. In this paper, we propose a new approach to detect unknown malware families based on machine learning classification and visualization technique. A malware binary is converted to grayscale image, then for each image a GIST descriptor is used as input to the machine learning model. For the malware classification part we use 3 machine learning algorithms. These classifiers are so efficient where the highest precision reach 98%. Once we train, test and evaluate models we move to simulate 2 new malware families. We do not expect a good prediction since the model did not know the family; however our goal is to analyze the behavior of our classifiers in the case of new family. Finally, we propose an approach using a filter to know either the classification is normal or it's a zero-day malware.

‘Malicious software’ or malware has been a serious threat to the security and privacy of all mobile phone users. Due to the popularity of smartphones, primarily Android, this makes them a very viable target for spreading malware. In the past, many solutions have proved ineffective and have resulted in many false positives. Having the ability to identify and classify malware will help prevent them from spreading and evolving. In this paper, we study the effectiveness of the proposed classification of the malware family using a pixel level as features. This study has implemented well-known machine learning and deep learning classifiers such as K-Nearest Neighbours (k-NN), Support Vector Machine (SVM), Naïve Bayes (NB), Decision Tree, and Random Forest. A binary file of 25 malware families is converted into a fixed grayscale image. The grayscale images were then extracted transforming the size 100x100 into a single format into 100000 columns. During this phase, none of the columns are removed as to remain the patterns in each malware family. The experimental results show that our approach achieved 92% accuracy in Random Forest, 88% in SVM, 81% in Decision Tree, 80% in k-NN and 56% in Naïve Bayes classifier. Overall, the pixel-based feature also reveals a promising technique for identifying the family of malware with great accuracy, especially using the Random Forest classifier.

Wireless sensor networks (WSN) are used to perceive many data such as temperature, vibration, pressure in the environment and to produce results; it is widely used, including in critical fields such as military, intelligence and health. However, because of WSNs have different infrastructure and architecture than traditional networks, different security measures must be taken. In this study, an intrusion detection system (IDS) is modeled to ensure WSN security. Since the signature, misuse and anomaly based detection methods for intrusion detection systems are insufficient to provide security alone, a hybrid model is proposed in which these methods are used together. In the hybrid model, anomaly rules were defined for attack detection, and machine learning algorithms BayesNet, J48 and Random Forest were used to classify normal and abnormal traffic. Unlike the studies in the literature, CSE-CIC-IDS2018, the most up-to-date data set, was used to create attack profiles. Considering both hardware constraints and battery capacities of WSNs; the data was pre-processed in accordance with data mining principles. The results showed that the developed model has high accuracy and low false alarm rate.

6G is the next generation for the communication systems. In recent years, machine learning algorithms have been applied widely in various fields such as health, transportation, and the autonomous car. The predictive algorithms will be used in 6G problems. With the rapid developments of deep learning techniques, it is critical to take the security concern into account when applying the algorithms. While machine learning offers significant advantages for 6G, AI models’ security is normally ignored. Due to the many applications in the real world, security is a vital part of the algorithms. This paper proposes a mitigation method for adversarial attacks against proposed 6G machine learning models for the millimeter-wave (mmWave) beam prediction using adversarial learning. The main idea behind adversarial attacks against machine learning models is to produce faulty results by manipulating trained deep learning models for 6G applications for mmWave beam prediction. We also present the adversarial learning mitigation method’s performance for 6G security in millimeter-wave beam prediction application with fast gradient sign method attack. The mean square errors of the defended model under attack are very close to the undefended model without attack.