Biblio

With the rise of Internet of Things (IoT) devices, home network management and security are becoming complex. There is an urgent requirement to make smart home network management more efficient. This work proposes an SDN-based architecture to secure smart home networks through K-Nearest Neighbor (KNN) based device classifications and malicious traffic detection. The efficiency is enhanced by offloading the computation-intensive KNN model to a Field Programmable Gate Arrays (FPGA). Furthermore, we propose a custom KNN solution that exhibits the best performance on an FPGA compared with four alternative KNN instances (i.e., 78% faster than a parallel Bubble Sort-based implementation and 99% faster than three other sorting algorithms). Moreover, with 36,225 training samples, the proposed KNN solution classifies a test query with 95% accuracy in approximately 4 ms on an FPGA compared to 57 seconds on a CPU platform. This highlights the promise of FPGA-based platforms for edge computing applications in the smart home.

Support Vector Machine (SVM) is a relatively novel classification technology, which has shown higher performance than traditional learning methods in many applications. Therefore, some security researchers have proposed an intrusion detection method based on SVM. However, the SVM algorithm is very sensitive to the choice of kernel function and parameter adjustment. Once the parameter selection is unscientific, it will lead to poor classification accuracy. To solve this problem, this paper presents a Grey Wolf Optimizer Algorithm based on Particle Swarm Optimization (PSOGWO) algorithm to improve the Intrusion Detection System (IDS) based on SVM. This method uses PSOGWO algorithm to optimize the parameters of SVM to improve the overall performance of intrusion detection based on SVM. The "optimal detection model" of SVM classifier is determined by the fusion of PSOGWO algorithm and SVM. The comparison experiments based on NSL-KDD dataset show that the intrusion detection method based on PSOGWO-SVM achieves the optimization of the parameters of SVM, and has improved significantly in terms of detection rate, convergence speed and model balance. This shows that the method has better performance for network intrusion detection.

Computer networks are exposed to cyber related attacks due to the common usage of internet, as the result of such, several intrusion detection systems (IDSs) were proposed by several researchers. Among key research issues in securing network is detecting intrusions. It helps to recognize unauthorized usage and attacks as a measure to ensure the secure the network's security. Various approaches have been proposed to determine the most effective features and hence enhance the efficiency of intrusion detection systems, the methods include, machine learning-based (ML), Bayesian based algorithm, nature inspired meta-heuristic techniques, swarm smart algorithm, and Markov neural network. Over years, the various works being carried out were evaluated on different datasets. This paper presents a thorough review on various research articles that employed single, hybrid and ensemble classification algorithms. The results metrics, shortcomings and datasets used by the studied articles in the development of IDS were compared. A future direction for potential researches is also given.

A wireless technology Mobile Ad hoc Network (MANET) that connects a group of mobile devices such as phones, laptops, and tablets suffers from critical security problems, so the traditional defense mechanism Intrusion Detection System (IDS) techniques are not sufficient to safeguard and protect MANET from malicious actions performed by intruders. Due to the MANET dynamic decentralized structure, distributed architecture, and rapid growing of MANET over years, vulnerable MANET does not need to change its infrastructure rather than using intelligent and advance methods to secure them and prevent intrusions. This paper focuses essentially on machine learning methodologies and algorithms to solve the shortage of the first line defense IDS to overcome the security issues MANET experience. Threads such as black hole, routing loops, network partition, selfishness, sleep deprivation, and denial of service (DoS), may be easily classified and recognized using machine learning methodologies and algorithms. Also, machine learning methodologies and algorithms help find ways to reduce and solve mischievous and harmful attacks against intimidation and prying. The paper describes few machine learning algorithms in detail such as Neural Networks, Support vector machine (SVM) algorithm and K-nearest neighbors, and how these methodologies help MANET to resolve their security problems.

Network intrusion detection systems (NIDS) are widely used solutions targeting the security of any network device connected to the Internet and are taking the lead in the battle against intruders. This paper addresses the network security issues by implementing a hardware-based NIDS solution with a Naïve Bayes machine learning (ML) algorithm for classification using NSL Knowledge Discovery in Databases (KDD) dataset. The proposed FPGA implementation of the Naive Bayes classifier focuses on low latency and provides intrusion detection in just 240ns, with accuracy/precision of 70/97%, occupying 1 % of the Virtex7 VC709 FPGA chip area.

With the further development in the fields of computer vision, network security, natural language processing and so on so forth, deep learning technology gradually exposed certain security risks. The existing deep learning algorithms cannot effectively describe the essential characteristics of data, making the algorithm unable to give the correct result in the face of malicious input. Based on current security threats faced by deep learning, this paper introduces the problem of adversarial examples in deep learning, sorts out the existing attack and defense methods of black box and white box, and classifies them. It briefly describes the application of some adversarial examples in different scenarios in recent years, compares several defense technologies of adversarial examples, and finally summarizes the problems in this research field and prospects its future development. This paper introduces the common white box attack methods in detail, and further compares the similarities and differences between the attack of black and white boxes. Correspondingly, the author also introduces the defense methods, and analyzes the performance of these methods against the black and white box attack.

To reduce the risk of botnet malware, methods of detecting botnet malware using machine learning have received enormous attention in recent years. Most of the traditional methods are based on supervised learning that relies on static features with defined labels. However, recent studies show that supervised machine learning-based IoT malware botnet models are more vulnerable to intentional attacks, known as an adversarial attack. In this paper, we study the adversarial attack on PSI-graph based researches. To perform the efficient attack, we proposed a reinforcement learning based method with a trained target classifier to modify the structures of PSI-graphs. We show that PSI-graphs are vulnerable to such attack. We also discuss about defense method which uses adversarial training to train a defensive model. Experiment result achieves 94.1% accuracy on the adversarial dataset; thus, shows that our defensive model is much more robust than the previous target classifier.

Securing data, management of the authorised access of the user and maintaining the privacy of the data are some of the problems relating with the stored data in the database. The security of the data stored is considered as the major concern which is to be managed in a very serious manner as the users are sensitive about their shared data. The user's data can be protected by the process of cryptography which is considered as the conventional method. Advanced Encryption Standard (AES), Data Encryption Standard(DES), Two Fish, Rivest Shamir Adleman Algorithm (RSA), Attribute Based Encryption (ABE), Blowfish algorithms are considered as some of the cryptographic algorithms. These algorithms are classified into symmetric and asymmetric algorithms. Same key is used for the encryption and decoding technique in symmetric key cryptographic algorithm whereas two keys are used for the asymmetric ones. In this paper, the implementation of one of the asymmetric algorithm RSA with the educational dataset is done. To secure the distributed database, the extended version of the RSA algorithm is implemented as the proposed work.

For the task of natural language processing (NLP), Word embedding technology has a certain impact on the accuracy of deep neural network algorithms. Considering that the current word embedding method cannot realize the coexistence of words and phrases in the same vector space. Therefore, we propose an enhanced word embedding (EWE) method. Before completing the word embedding, this method introduces a unique sentence reorganization technology to rewrite all the sentences in the original training corpus. Then, all the original corpus and the reorganized corpus are merged together as the training corpus of the distributed word embedding model, so as to realize the coexistence problem of words and phrases in the same vector space. We carried out experiment to demonstrate the effectiveness of the EWE algorithm on three classic benchmark datasets. The results show that the EWE method can significantly improve the classification performance of the CNN model.

At present, most Trojan detection methods are based on the features of host and code. Such methods have certain limitations and lag. This paper analyzes the network behavior features and network traffic of several typical Trojans such as Zeus and Weasel, and proposes a Trojan traffic detection algorithm based on machine learning. First, model different machine learning algorithms and use Random Forest algorithm to extract features for Trojan behavior and communication features. Then identify and detect Trojans' traffic. The accuracy is as high as 95.1%. Comparing the detection of different machine learning algorithms, experiments show that our algorithm has higher accuracy, which is helpful and useful for identifying Trojan.

Due to the extraordinary volume of business information, classy cyber-attacks pointing the networks of all enterprise have become more casual, with intruders trying to pierce vast into and grasp broader from the compromised network machines. The vital security essential is that field experts and the network administrators have a common terminology to share the attempt of intruders to invoke the system and to rapidly assist each other retort to all kind of threats. Given the enormous huge system traffic, traditional Machine Learning (ML) algorithms will provide ineffective predictions of the network anomaly. Thereby, a hybridized multi-model system can improve the accuracy of detecting the intrusion in the networks. In this manner, this article presents a novel approach Clustered Generalization oriented Ensemble Learning Model (CGELM) for predicting the network anomaly. The performance metrics of the anticipated approach are Detection Rate (DR) and False Predictive Rate (FPR) for the two heterogeneous data sets namely NSL-KDD and UGR'16. The proposed method provides 98.93% accuracy for DR and 0.14% of FPR against Decision Stump AdaBoost and Stacking Ensemble methods.

Internet of Things (IoT) development and the addition of billions of computationally limited devices prohibit the use of classical security measures such as Intrusion Detection Systems (IDS). In this paper, we study the influence of the implementation of different feed-forward type of Neural Networks (NNs) on the detection Rate of the Negative Selection Neural Network (NSNN) algorithm. Feed-forward and cascade forward NN structures with different number of neurons and different number of hidden layers are tested. For training and testing the NSNN algorithm the labeled KDD NSL dataset is applied. The detection rates provided by the algorithm with several NN structures to determine the optimal solution are calculated and compared. The results show how these different feed-forward based NN architectures impact the performance of the NSNN algorithm.

The most common goal of malware analysis is to determine if a given binary is malware or benign. Another objective is similarity analysis of malware binaries to understand how new samples differ from known ones. Similarity analysis helps to analyze the malware with respect to those already analyzed and guides the discovery of novel aspects that should be analyzed more in depth. In this work, we are concerned with similarities and differences detection of malware binaries. Thousands of malware are created every day and machine learning is an indispensable tool for its analysis. Previous work has studied clustering and classification as competing paradigms. However, in this work, a malware similarity analysis technique (AltCC) is proposed that alternates the use of clustering and classification. In addition it assumes the malware are not available all at once but processed in batches. Initially, clustering is applied to the first batch to group similar binaries into novel malware classes. Then, the discovered classes are used to train a classifier. For the following batches, the classifier is used to decide if a new binary classifies to a known class or otherwise unclassified. The unclassified binaries are clustered and the process repeats. Malware clustering (i.e. labeling) may entail further human expert analysis but dramatically reduces the effort. The effectiveness of AltCC is studied using a dataset of 29,661 malware binaries that represent malware received in six consecutive days/batches. When KMeans is used to label the dataset all at once and its labeling is compared to AltCC's, the adjusted-rand-index scores 0.71.

In recent years, smart grid has gradually become the common development trend of the world's power industry, and its security issues are increasingly valued by researchers. Smart grids have applied technologies such as physical control, data encryption, and authentication to improve their security, but there is still a lack of timely and effective detection methods to prevent the grid from being threatened by malicious intrusions. Aiming at this problem, a model based on machine learning to detect smart grid DoS attacks has been proposed. The model first collects network data, secondly selects features and uses PCA for data dimensionality reduction, and finally uses SVM algorithm for abnormality detection. By testing the SVM, Decision Tree and Naive Bayesian Network classification algorithms on the KDD99 dataset, it is found that the SVM model works best.

To harness the value of data generated from IoT, there is a crucial requirement of new mechanisms. Machine learning (ML) is among the most suitable paradigms of computation which embeds strong intelligence within IoT devices. Various ML techniques are being widely utilised for improving network security in IoT. These techniques include reinforcement learning, semi-supervised learning, supervised learning, and unsupervised learning. This report aims to critically analyse the role played by supervised and unsupervised ML for the enhancement of IoT security.

The controller is an indispensable entity in software-defined networking (SDN), as it maintains a global view of the underlying network. However, if the controller fails to respond to the network due to a distributed denial of service (DDoS) attacks. Then, the attacker takes charge of the whole network via launching a spoof controller and can also modify the flow tables. Hence, faster, and accurate detection of DDoS attacks against the controller will make the SDN reliable and secure. Moreover, the Internet traffic is drastically increasing due to unprecedented growth of connected devices. Consequently, the processing of large number of requests cause a performance bottleneck regarding SDN controller. In this paper, we propose a hierarchical control plane SDN architecture for multi-domain communication that uses a statistical method called principal component analysis (PCA) to reduce the dimensionality of the big data traffic and the support vector machine (SVM) classifier is employed to detect a DDoS attack. SVM has high accuracy and less false positive rate while the PCA filters attribute drastically. Consequently, the performance of classification and accuracy is improved while the false positive rate is reduced.

There have been researches on Distributed Denial of Service (DDoS) attack detection based on deep learning, but most of them use the feature data processed by data mining for feature learning and classification. Based on the original data flow, this paper combines the method of Gray Level Co-occurrence Matrix (GLCM), which not only retains the original data but also can further extract the potential relationship between the original data. The original data matrix and the reconstructed matrix were taken as the input of the model, and the Convolutional Neural Network(CNN) was used for feature learning. Finally, the classifier model was trained for detection. The experimental part is divided into two parts: comparing the detection effect of different data processing methods and different deep learning algorithms; the effectiveness and objectivity of the proposed method are verified by comparing the detection effect of the deep learning algorithm with that of the statistical analysis feature algorithm.

One of a high relentless attack is the crucial distributed DoS attacks. The types and tools for this attacks increases day-to-day as per the technology increases. So the methodology for detection of DDoS should be advanced. For this purpose we created an automated DDoS detector using ML which can run on any commodity hardware. The results are 98.5 % accurate. We use three classification algorithms KNN, RF and NB to classify DDoS packets from normal packets using two features, delta time and packet size. This detector mostly can detect all types of DDoS such as ICMP flood, TCP flood, UDP flood etc. In the older systems they detect only some types of DDoS attacks and some systems may require a large number of features to detect DDoS. Some systems may work only with certain protocols only. But our proposed model overcome these drawbacks by detecting the DDoS of any type without a need of specific protocol that uses less amount of features.

With the development of the Internet, the amount of information on the Internet is increasing rapidly, which makes it difficult for people to select the information they really want. A recommendation system is an effective way to solve this problem. Fake users can be injected by criminals to attack the recommendation system; therefore, accurate identification of fake users is a necessary feature of the recommendation system. Existing fake user detection algorithms focus on designing recognition methods for different types of attacks and have limited detection capabilities against unknown or hybrid attacks. The use of deep learning models can automate the extraction of false user scoring features, but neural network models are not applicable to discrete user scoring data. In this paper, random walking is used to rearrange the otherwise discrete user rating data into a rating feature matrix with spatial continuity. The rating data and the text data have some similarity in the distribution mode. By effective analogy, the TextCNN model originally used in NLP domain can be improved and applied to the classification task of rating feature matrix. Combining the ideas of random walking and word vector processing, this paper proposes a TextCNN detection model for user rating data. To verify the validity of the proposed model, the model is tested on MoiveLens dataset against 7 different attack detection algorithms, and exhibits better performance when compared with 4 attack detection algorithms. Especially for the Aop attack, the proposed model has nearly 100% detection performance with F1 - value as the evaluation index.

As the core infrastructure of cloud data operation, exchange and storage, data centerneeds to ensure its security and reliability, which are the important prerequisites for the development of cloud computing. Due to various illegal accesses, attacks, viruses and other security threats, it is necessary to protect the boundary of cloud data center through security gateway. Since the traffic growing up to gigabyte level, the secure gateway must ensure high transmission efficiency and different network services to support the cloud services. In addition, data center is gradually evolving from IPv4 to IPv6 due to excessive consumption of IP addresses. Packet classification algorithm, which can divide packets into different specific streams, is very important for QoS, real-time data stream application and firewall. Therefore, it is necessary to design a high performance IPv6 packet classification algorithm suitable for security gateway.AsIPv6 has a128-bitIP address and a different packet structure compared with IPv4, the traditional IPv4 packet classification algorithm is not suitable properly for IPv6 situations. This paper proposes a fast packet classification algorithm for IPv6 - PCHA (packet classification based on hash andAdelson-Velsky-Landis Tree). It adopts the three flow classification fields of source IPaddress(SA), destination IPaddress(DA) and flow label(FL) in the IPv6 packet defined by RFC3697 to implement fast three-tuple matching of IPv6 packet. It is through hash matching of variable length IPv6 address and tree matching of shorter flow label. Analysis and testing show that the algorithm has a time complexity close to O(1) in the acceptable range of space complexity, which meets the requirements of fast classification of IPv6 packetsand can adapt well to the changes in the size of rule sets, supporting fast preprocessing of rule sets. Our algorithm supports the storage of 500,000 3-tuple rules on the gateway device and can maintain 75% of the performance of throughput for small packets of 78 bytes.

Smart grid communication system deeply rely on information technologies which makes it vulnerable to variable cyber-attacks. Among possible attacks, False Data Injection (FDI) Attack has created a severe threat to smart grid control system. Attackers can manipulate smart grid measurements such as collected data of phasor measurement units (PMU) by implementing FDI attacks. Detection of FDI attacks with a simple and effective approach, makes the system more reliable and prevents network outages. In this paper we propose a Decomposed Nearest Neighbor algorithm to detect FDI attacks. This algorithm improves traditional k-Nearest Neighbor by using metric learning. Also it learns the local-optima free distance metric by solving a convex optimization problem which makes it more accurate in decision making. We test the proposed method on PMU dataset and compare the results with other beneficial machine learning algorithms for FDI attack detection. Results demonstrate the effectiveness of the proposed approach.

As a typical cyber-physical system, smart grid has attracted growing attention due to the safe and efficient operation. The false data injection attack against energy management system is a new type of cyber-physical attack, which can bypass the bad data detector of the smart grid to influence the results of state estimation directly, causing the energy management system making wrong estimation and thus affects the stable operation of power grid. We transform the false data injection attack detection problem into binary classification problem in this paper, which use the long-term and short-term memory network (LSTM) to construct the detection model. After that, we use the BP algorithm to update neural network parameters and utilize the dropout method to alleviate the overfitting problem and to improve the detection accuracy. Simulation results prove that the LSTM-based detection method can achieve higher detection accuracy comparing with the BPNN-based approach.

The state estimation technology is utilized to estimate the grid state based on the data of the meter and grid topology structure. The false data injection attack (FDIA) is an information attack method to disturb the security of the power system based on the meter measurement. Current FDIA detection researches pay attention on detecting its presence. The location information of FDIA is also important for power system security. In this paper, locating the FDIA of the meter is regarded as a multi-label classification problem. Each label represents the state of the corresponding meter. The ensemble model, the multi-label decision tree algorithm, is utilized as the classifier to detect the exact location of the FDIA. This method does not need the information of the power topology and statistical knowledge assumption. The numerical experiments based on the IEEE-14 bus system validates the performance of the proposed method.

Attribute reduction algorithms in rough set theory can be classified into two groups, i.e. heuristics algorithms and computational intelligence algorithms. The former has good search efficiency but it can not find the global optimal reduction. Conversely, the latter is possible to find global optimal reduction but usually suffers from premature convergence. To address this problem, this paper proposes a two-stage algorithm for finding high quality reduction. In first stage, a classical differential evolution algorithm is employed to rapidly approach the optimal solution. When the premature convergence is detected, a local search algorithm which is intuitively a forward-backward heuristics is launched to improve the quality of the reduction. Experiments were performed on six UCI data sets and the results show that the proposed algorithm can outperform the existing computational intelligence algorithms.

In order to improve the buffering performance of the data encrypted by CP-ABE (ciphertext policy attribute based encryption), this paper proposed a Markov prefetching model based on attribute classification. The prefetching model combines the access strategy of CP-ABE encrypted file, establishes the user relationship network according to the attribute value of the user, classifies the user by the modularity-based community partitioning algorithm, and establishes a Markov prefetching model based on attribute classification. In comparison with the traditional Markov prefetching model and the classification-based Markov prefetching model, the attribute-based Markov prefetching model is proposed in this paper has higher prefetch accuracy and coverage.