Biblio

All of us are familiar with the importance of social media in facilitating communication. e-mail is one of the safest social media platforms for online communications and information transfer over the internet. As of now, many people rely on email or communications provided by strangers. Because everyone may send emails or a message, spammers have a great opportunity to compose spam messages about our many hobbies and passions, interests, and concerns. Our internet speeds are severely slowed down by spam, which also collects personal information like our phone numbers from our contact list. There is a lot of work involved in identifying these fraudsters and also identifying spam content. Email spam refers to the practice of sending large numbers of messages via email. The recipient bears the bulk of the cost of spam, therefore it's practically free advertising. Spam email is a form of commercial advertising for hackers that is financially viable due of the low cost of sending email. Anti-spam filters have become increasingly important as the volume of unwanted bulk e-mail (also spamming) grows. We can define a message, if it is a spam or not using this proposed model. Machine learning algorithms can be discussed in detail, and our data sets will be used to test them all, with the goal of identifying the one that is most accurate and precise in its identification of email spam. Society of machine learning techniques for detecting unsolicited mass email and spam.

Being a part of today’s technical world, we are connected through a vast network. More we are addicted to these modernization techniques we need security. There must be reliability in a network security system so that it is capable of doing perfect monitoring of the whole network of an organization so that any unauthorized users or intruders wouldn’t be able to halt our security breaches. Firewalls are there for securing our internal network from unauthorized outsiders but still some time possibility of attacks is there as according to a survey 60% of attacks were internal to the network. So, the internal system needs the same higher level of security just like external. So, understanding the value of security measures with accuracy, efficiency, and speed we got to focus on implementing and comparing an improved intrusion detection system. A comprehensive literature review has been done and found that some feature selection techniques with standard scaling combined with Machine Learning Techniques can give better results over normal existing ML Techniques. In this survey paper with the help of the Uni-variate Feature selection method, the selection of 14 essential features out of 41 is performed which are used in comparative analysis. We implemented and compared both binary class classification and multi-class classification-based Intrusion Detection Systems (IDS) for two Supervised Machine Learning Techniques Support Vector Machine and Classification and Regression Techniques.

Cyber security is an important concern in critical infrastructures such as banking and financial organizations, where a number of malicious insiders are involved. These insiders may be existing employees / users present within the organization and causing harm by performing any malicious activity and are commonly known as insider threats. Existing insider threat detection (ITD) methods are based on statistical analysis, machine and deep learning approaches. They monitor and detect malicious user activity based on pre-built rules which fails to detect unforeseen threats. Also, some of these methods require explicit feature engineering which results in high false positives. Apart from this, some methods choose relatively insufficient features and are computationally expensive which affects the classifier's accuracy. Hence, in this paper, a user behaviour based ITD method is presented to overcome the above limitations. It is a conceptually simple and flexible approach based on augmented decision making and anomaly detection. It consists of bi-directional long short term memory (bi-LSTM) for efficient feature extraction. For the purpose of classifying users as "normal" or "malicious", a binary class support vector machine (SVM) is used. CMU-CERT v4.2 dataset is used for testing the proposed method. The performance is evaluated using the following parameters: Accuracy, Precision, Recall, F- Score and AUC-ROC. Test results show that the proposed method outperforms the existing methods.

IP Identification (IP ID) is an IP header field that identifies a data packet in the network to distinguish its fragments from others during the reassembly process. Random generated IP ID field could be used as a covert channel by embedding hidden bits within it. This paper uses the support vector machine (SVM) while enabling a features reduction procedure for investigating to what extend could the entropy feature of the IP ID covert channel affect the detection. Then, an entropy-based SVM is employed to evaluate the roles of the IP ID covert channel hidden bits on detection. Results show that, entropy is a distinct discrimination feature in classifying and detecting the IP ID covert channel with high accuracy. Additionally, it is found that each of the type, the number and the position of the hidden bits within the IP ID field has a specified influence on the IP ID covert channel detection accuracy.

Software-defined network (SDN) is a network architecture that used to build, design the hardware components virtually. We can dynamically change the settings of network connections. In the traditional network, it's not possible to change dynamically, because it's a fixed connection. SDN is a good approach but still is vulnerable to DDoS attacks. The DDoS attack is menacing to the internet. To prevent the DDoS attack, the machine learning algorithm can be used. The DDoS attack is the multiple collaborated systems that are used to target the particular server at the same time. In SDN control layer is in the center that link with the application and infrastructure layer, where the devices in the infrastructure layer controlled by the software. In this paper, we propose a machine learning technique namely Decision Tree and Support Vector Machine (SVM) to detect malicious traffic. Our test outcome shows that the Decision Tree and Support Vector Machine (SVM) algorithm provides better accuracy and detection rate.

Large enterprises offer thousands of micro-services applications to support their daily business activities by using Application Programming Interfaces (APIs). These applications generate huge amounts of traffic via millions of API calls every day, which is difficult to analyze for detecting any potential abnormal behaviour and application outage. This phenomenon makes Machine Learning (ML) a natural choice to leverage and analyze the API traffic and obtain intelligent predictions. This paper proposes an ML-based technique to detect and classify API traffic based on specific features like bandwidth and number of requests per token. We employ a Support Vector Machine (SVM) as a binary classifier to classify the abnormal API traffic using its linear kernel. Due to the scarcity of the API dataset, we created a synthetic dataset inspired by the real-world API dataset. Then we used the Gaussian distribution outlier detection technique to create a training labeled dataset simulating real-world API logs data which we used to train the SVM classifier. Furthermore, to find a trade-off between accuracy and false positives, we aim at finding the optimal value of the error term (C) of the classifier. The proposed anomaly detection method can be used in a plug and play manner, and fits into the existing micro-service architecture with little adjustments in order to provide accurate results in a fast and reliable way. Our results demonstrate that the proposed method achieves an F1-score of 0.964 in detecting anomalies in API traffic with a 7.3% of false positives rate.

Information security is a process of securing data from security breaches, hackers. The program of intrusion detection is a software framework that keeps tracking and analyzing the data in the network to identify the attacks by using traditional techniques. These traditional intrusion techniques work very efficient when it uses on small data. but when the same techniques used for big data, process of analyzing the data properties take long time and become not efficient and need to use the big data technologies like Apache Spark, Hadoop, Flink etc. to design modern Intrusion Detection System (IDS). In this paper, the design of Apache Spark and classification algorithm-based IDS is presented and employed Chi-square as a feature selection method for selecting the features from network security events data. The performance of Logistic Regression, Decision Tree and SVM is evaluated with SGD in the design of Apache Spark based IDS with AUROC and AUPR used as metrics. Also tabulated the training and testing time of each algorithm and employed NSL-KDD dataset for designing all our experiments.

This paper proposes an approach that combines a deep learning-based method and a traditional machine learning-based method to efficiently detect malicious requests Web servers received. The first few layers of Convolutional Neural Network for Text Classification (TextCNN) are used to automatically extract powerful semantic features and in the meantime transferable statistical features are defined to boost the detection ability, specifically Web request parameter tampering. The semantic features from TextCNN and transferable statistical features from artificially-designing are grouped together to be fed into Support Vector Machine (SVM), replacing the last layer of TextCNN for classification. To facilitate the understanding of abstract features in form of numerical data in vectors extracted by TextCNN, this paper designs trace-back functions that map max-pooling outputs back to words in Web requests. After investigating the current available datasets for Web attack detection, HTTP Dataset CSIC 2010 is selected to test and verify the proposed approach. Compared with other deep learning models, the experimental results demonstrate that the approach proposed in this paper is competitive with the state-of-the-art.

Network covert channels are used in various cyberattacks, including disclosure of sensitive information and enabling stealth tunnels for botnet commands. With time and technology, covert channels are becoming more prevalent, complex, and difficult to detect. The current methods for detection are protocol and pattern specific. This requires the investment of significant time and resources into application of various techniques to catch the different types of covert channels. This paper reviews several patterns of network storage covert channels, describes generation of network traffic dataset with covert channels, and proposes a generic, protocol-independent approach for the detection of network storage covert channels using a supervised machine learning technique. The implementation of the proposed generic detection model can lead to a reduction of necessary techniques to prevent covert channel communication in network traffic. The datasets we have generated for experimentation represent storage covert channels in the IP, TCP, and DNS protocols and are available upon request for future research in this area.

With the application of integrated circuits (ICs) appears in all aspects of life, whether an IC is security and reliable has caused increasing worry which is of significant necessity. An attacker can achieve the malicious purpose by adding or removing some modules, so called hardware Trojans (HTs). In this paper, we use side-channel analysis (SCA) and support vector machine (SVM) classifier to determine whether there is a Trojan in the circuit. We use SAKURA-G circuit board with Xilinx SPARTAN-6 to complete our experiment. Results show that the Trojan detection rate is up to 93% and the classification accuracy is up to 91.8475%.

Phasor measurement units (PMUs) provide high-fidelity situational awareness of electric power grid operations. PMU data are used in real-time to inform wide area state estimation, monitor area control error, and event detection. As PMU data becomes more reliable, these devices are finding roles within control systems such as demand response programs and early fault detection systems. As with other cyber physical systems, maintaining data integrity and security are significant challenges for power system operators. In this paper, we present a comprehensive study of multiple machine learning techniques for detecting malicious data injection within PMU data streams. The two datasets used in this study are from the Bonneville Power Administration's PMU network and an inter-university PMU network among three universities, located in the U.S. Pacific Northwest. These datasets contain data from both the transmission level and the distribution level. Our results show that both SVM and ANN are generally effective in detecting spoofed data, and TensorFlow, the newly released tool, demonstrates potential for distributing the training workload and achieving higher performance. We expect these results to shed light on future work of adopting machine learning and data analytics techniques in the electric power industry.

In cognitive radio networks with mobile terminals, it is not enough for spectrum sensing only to determine whether primary user (PU) occupy the spectrum band. Sometimes we also want to know more priori information, such as, the number of PUs, which can help to estimate its carrier frequency, direction of arrival, and location. In this paper, a machine learning based method is proposed to estimate a large number of primary users. In the proposed method, support vector machine (SVM) is used to achieve the number of primary users while genetic algorithm (GA) is to optimize the parameters of SVM kernel. The first class feature of SVM is the ratio of the element sum and the trace of sample covariance matrix, and the second class feature is the mean of Gerschgorin radii. The simulation results show that our proposed SVM-GA algorithm has higher accuracy than SVM.