Biblio

In this paper, stock selection strategy design based on machine learning and multi-factor analysis is a research hotspot in quantitative investment field. Four machine learning algorithms including support vector machine, gradient lifting regression, random forest and linear regression are used to predict the rise and fall of stocks by taking stock fundamentals as input variables. The portfolio strategy is constructed on this basis. Finally, the stock selection strategy is further optimized. The empirical results show that the multifactor quantitative stock selection strategy has a good stock selection effect, and yield performance under the support vector machine algorithm is the best. With the increase of the number of factors, there is an inverse relationship between the fitting degree and the yield under various algorithms.

The accelerated move toward adopting the Smart Grid paradigm has resulted in numerous drawbacks as far as security is concerned. Traditional power grids are becoming more vulnerable to cyberattacks as all the control decisions are generated based on the data the Smart Grid generates during its operation. This data can be tampered with or attacked in communication lines to mislead the control room in decision-making. The false data injection attack (FDIA) is one of the most severe cyberattacks on today’s cyber-physical power system, as it has the potential to cause significant physical and financial damage. However, detecting cyberattacks are incredibly challenging since they have no known patterns. In this paper, we launch a random FDIA on IEEE-39 bus system. Later, we propose a Bagging MLP-based autoencoder to detect the FDIAs in the power system and compare the result with a single ML model. The Bagging MLP-based autoencoder outperforms the Isolation forest while detecting FDIAs.

The botnet-based network assault are one of the most serious security threats overlay the Internet this day. Although significant progress has been made in this region of research in recent years, it is still an ongoing and challenging topic to virtually direction the threat of botnets due to their continuous evolution, increasing complexity and stealth, and the difficulties in detection and defense caused by the limitations of network and system architectures. In this paper, we propose a novel and efficient botnet detection method, and the results of the detection method are validated with the CTU-13 dataset.

This paper presents CaptchaGG, a model for recognizing linear graphical CAPTCHAs. As in the previous society, CAPTCHA is becoming more and more complex, but in some scenarios, complex CAPTCHA is not needed, and usually, linear graphical CAPTCHA can meet the corresponding functional scenarios, such as message boards of websites and registration of accounts with low security. The scheme is based on convolutional neural networks for feature extraction of CAPTCHAs, recurrent neural forests A neural network that is too complex will lead to problems such as difficulty in training and gradient disappearance, and too simple will lead to underfitting of the model. For the single problem of linear graphical CAPTCHA recognition, the model which has a simple architecture, extracting features by convolutional neural network, sequence modeling by recurrent neural network, and finally classification and recognition, can achieve an accuracy of 96% or more recognition at a lower complexity.

A method of detecting UHF RFID tags with SQL in-jection virus code written in its user memory bank is explored. A spectrum analyzer took signal strength readings in the frequency spectrum while an RFID reader was reading the tag. The strength of the signal transmitted by the RFID tag in the UHF range, more specifically within the 902–908 MHz sub-band, was used as data to train a Random Forest model for Malware detection. Feature reduction is accomplished by dividing the observed spectrum into 15 ranges with a bandwidth of 344 kHz each and detecting the number of maxima in each range. The malware-infested tag could be detected more than 80% of the time. The frequency ranges contributing most in this detection method were the low (903.451-903.795 MHz, 902.418-902.762 MHz) and high (907.238-907.582 MHz) bands in the observed spectrum.

Injection attack is one of the best 10 security dangers declared by OWASP. SQL infusion is one of the main types of attack. In light of their assorted and quick nature, SQL injection can detrimentally affect the line, prompting broken and public data on the site. Therefore, this article presents a profound woodland-based technique for recognizing complex SQL attacks. Research shows that the methodology we use resolves the issue of expanding and debasing the first condition of the woodland. We are currently presenting the AdaBoost profound timberland-based calculation, which utilizes a blunder level to refresh the heaviness of everything in the classification. At the end of the day, various loads are given during the studio as per the effect of the outcomes on various things. Our model can change the size of the tree quickly and take care of numerous issues to stay away from issues. The aftereffects of the review show that the proposed technique performs better compared to the old machine preparing strategy and progressed preparing technique.

Improving the accuracy of intruders in innovative Intrusion detection by comparing Machine Learning classifiers such as Random Forest (RF) with Support Vector Machine (SVM). Two groups of supervised Machine Learning algorithms acquire perfection by looking at the Random Forest calculation (N=20) with the Support Vector Machine calculation (N=20)G power value is 0.8. Random Forest (99.3198%) has the highest accuracy than the SVM (9S.56l5%) and the independent T-test was carried out (=0.507) and shows that it is statistically insignificant (p \textgreater0.05) with a confidence value of 95% by comparing RF and SVM. Conclusion: The comparative examination displays that the Random Forest is more productive than the Support Vector Machine for identifying the intruders are significantly tested.

Data mining technology is a very important technology in the current era of data explosion. With the informationization of society and the transparency and openness of information, network security issues have become the focus of concern of people all over the world. This paper wants to compare the accuracy of multiple machine learning methods and two deep learning frameworks when using lexical features to detect and classify malicious URLs. As a result, this paper shows that the Random Forest, which is an ensemble learning method for classification, is superior to 8 other machine learning methods in this paper. Furthermore, the Random Forest is even superior to some popular deep neural network models produced by famous frameworks such as TensorFlow and PyTorch when using lexical features to detect and classify malicious URLs.

With an increasing number of adversarial attacks against Industrial Control Systems (ICS) networks, enhancing the security of such systems is invaluable. Although attack prevention strategies are often in place, protecting against all attacks, especially zero-day attacks, is becoming impossible. Intrusion Detection Systems (IDS) are needed to detect such attacks promptly. Machine learning-based detection systems, especially deep learning algorithms, have shown promising results and outperformed other approaches. In this paper, we study the efficacy of a deep learning approach, namely, Multi Layer Perceptron (MLP), in detecting abnormal behaviors in ICS network traffic. We focus on very common reconnaissance attacks in ICS networks. In such attacks, the adversary focuses on gathering information about the targeted network. To evaluate our approach, we compare MLP with isolation Forest (i Forest), a statistical machine learning approach. Our proposed deep learning approach achieves an accuracy of more than 99% while i Forest achieves only 75%. This helps to reinforce the promise of using deep learning techniques for anomaly detection.

Static analysis tools are programs that run on source code prior to their compilation to binary executables and attempt to find flaws or defects in the code during the early stages of development. If left unresolved, these flaws could pose security risks. While numerous static analysis tools exist, there is no single tool that is optimal. Therefore, many static analysis tools are often used to analyze code. Further, some of the alerts generated by the static analysis tools are low-priority or false alarms. Machine learning algorithms have been developed to distinguish between true alerts and false alarms, however significant man hours need to be dedicated to labeling data sets for training. This study investigates the use of active learning to reduce the number of labeled alerts needed to adequately train a classifier. The numerical experiments demonstrate that a query by committee active learning algorithm can be utilized to significantly reduce the number of labeled alerts needed to achieve similar performance as a classifier trained on a data set of nearly 60,000 labeled alerts.

Structured Query Language (SQL) is extensively used for storing, manipulating and retrieving information in the relational database management system. Using SQL statements, attackers will try to gain unauthorized access to databases and launch attacks to modify/retrieve the stored data, such attacks are called as SQL injection attacks. Such SQL Injection (SQLi) attacks tops the list of web application security risks of all the times. Identifying and mitigating the potential SQL attack statements before their execution can prevent SQLi attacks. Various techniques are proposed in the literature to mitigate SQLi attacks. In this paper, a random decision forest approach is introduced to mitigate SQLi attacks. From the experimental results, we can infer that the proposed approach achieves a precision of 97% and an accuracy of 95%.

Threats, posed by ransomware, are rapidly increasing, and its cost on both national and global scales is becoming significantly high as evidenced by the recent events. Ransomware carries out an irreversible process, where it encrypts victims' digital assets to seek financial compensations. Adversaries utilize different means to gain initial access to the target machines, such as phishing emails, vulnerable public-facing software, Remote Desktop Protocol (RDP), brute-force attacks, and stolen accounts. To combat these threats of ransomware, this paper aims to help researchers gain a better understanding of ransomware application profiles through static analysis, where we identify a list of suspicious indicators and similarities among 727 active ran-somware samples. We start with generating portable executable (PE) metadata for all the studied samples. With our domain knowledge and exploratory data analysis tasks, we introduce some of the suspicious indicators of the structure of ransomware files. We reduce the dimensionality of the generated dataset by using the Principal Component Analysis (PCA) technique and discover clusters by applying the KMeans algorithm. This motivates us to utilize the one-class classification algorithms on the generated dataset. As a result, the algorithms learn the common data boundary in the structure of our studied ransomware samples, and thereby, we achieve the data-driven similarities. We use the findings to evaluate the trained classifiers with the test samples and observe that the Local Outlier Factor (LoF) performs better on all the selected feature spaces compared to the One-Class SVM and the Isolation Forest algorithms.

Bitcoin is a virtual encrypted digital currency based on a peer-to-peer network. In recent years, for higher anonymity, more and more Bitcoin users try to use Tor hidden services for identity and location hiding. However, previous studies have shown that Tor are vulnerable to traffic fingerprinting attack, which can identify different websites by identifying traffic patterns using statistical features of traffic. Our work shows that traffic fingerprinting attack is also effective for the Bitcoin hidden nodes detection. In this paper, we proposed a novel lightweight Bitcoin hidden service traffic fingerprinting, using a random decision forest classifier with features from TLS packet size and direction. We test our attack on a novel dataset, including a foreground set of Bitcoin hidden node traffic and a background set of different hidden service websites and various Tor applications traffic. We can detect Bitcoin hidden node from different Tor clients and website hidden services with a precision of 0.989 and a recall of 0.987, which is higher than the previous model.

The most widely used method to prevent adversaries from eavesdropping on sensitive sensor, robot, and war fighter communications is mathematically strong cryptographic algorithms. However, prevailing cryptographic protocol mandates are often made without consideration of resource constraints of devices in the internet of Battlefield Things (IoBT). In this article, we address the challenges of IoBT sensor data exchange in contested environments. Battlefield IoT (Internet of Things) devices need to exchange data and receive feedback from other devices such as tanks and command and control infrastructure for analysis, tracking, and real-time engagement. Since data in IoBT systems may be massive or sparse, we introduced a machine learning classifier to determine what type of data to transmit under what conditions. We compared Support Vector Machine, Bayes Point Match, Boosted Decision Trees, Decision Forests, and Decision Jungles on their abilities to recommend the optimal confidentiality preserving data and transmission path considering dynamic threats. We created a synthesized dataset that simulates platoon maneuvers and IED detection components. We found Decision Jungles to produce the most accurate results while requiring the least resources during training to produce those results. We also introduced the JointField blockchain network for joint and allied force data sharing. With our classifier, strategists, and system designers will be able to enable adaptive responses to threats while engaged in real-time field conflict.

In recent years, insider threat incidents and losses of companies or organizations are on the rise, and internal network security is facing great challenges. Traditional intrusion detection methods cannot identify malicious behaviors of insiders. As an effective method, insider threat detection technology has been widely concerned and studied. In this paper, we use the tree structure method to analyze user behavior, form feature sequences, and combine the Copula Based Outlier Detection (COPOD) method to detect the difference between feature sequences and identify abnormal users. We experimented on the insider threat dataset CERT-IT and compared it with common methods such as Isolation Forest.

The concealment and confusion nature of insider threat makes it a challenging task for security analysts to identify insider threat from log data. To detect insider threat, we propose a novel gated recurrent unit (GRU) and multi-autoencoder based insider threat detection method, which is an unsupervised anomaly detection method. It takes advantage of the extremely unbalanced characteristic of insider threat data and constructs a normal behavior autoencoder with low reconfiguration error through multi-level filter behavior learning, and identifies the behavior data with high reconfiguration error as abnormal behavior. In order to achieve the high efficiency of calculation and detection, GRU and multi-head attention are introduced into the autoencoder. Use dataset v6.2 of the CERT insider threat as validation data and threat detection recall as evaluation metric. The experimental results show that the effect of the proposed method is obviously better than that of Isolation Forest, LSTM autoencoder and multi-channel autoencoders based insider threat detection methods, and it's an effective insider threat detection technology.

Cloud computing is one of the greatest innovations and emerging technologies of the century. It incorporates networks, databases, operating systems, and virtualization technologies thereby bringing the security challenges associated with these technologies. Security Measures such as two-factor authentication, intrusion detection systems, and data backup are already in place to handle most of the security threats and vulnerabilities associated with these technologies but there are still other threats that may not be easily detected. Such a threat is a malicious user gaining access to the Virtual Machines (VMs) of other genuine users and using the Virtual Machine resources for their benefits without the knowledge of the user or the cloud service provider. This research proposes a model for proactive monitoring and detection of anomalies in VM resource usage. The proposed model can detect and pinpoint the time such anomaly occurred. Isolation Forest and One-Class Support Vector Machine (OCSVM) machine learning algorithms were used to train and test the model on sampled virtual machine workload trace using a combination of VM resource metrics together. OCSVM recorded an average F1-score of 0.97 and 0.89 for hourly and daily time series respectively while Isolation Forest has an average of 0.93 and 0.80 for hourly and daily time series. This result shows that both algorithms work for the model however OCSVM had a higher classification success rate than Isolation Forest.

With the rapid development of e-commerce and the increasing popularity of credit cards, online transactions have become increasingly smooth and convenient. However, many online transactions suffer from credit card fraud, resulting in huge losses every year. Many financial organizations and e-commerce companies are devoted to developing advanced fraud detection algorithms. This paper presents an approach to detect fraud transactions using the IEEE-CIS Fraud Detection dataset provided by Kaggle. Our stacked model is based on Gradient Boosting, LightGBM, CatBoost, and Random Forest. Besides, implementing StackNet improves the classification accuracy significantly and provides expandability to the network architecture. Our final model achieved an AUC of 0.9578 for the training set and 0.9325 for the validation set, demonstrating excellent performance in classifying different transaction types.

Wireless Sensor Networks (WSN) are gaining popularity as being the backbone of Cyber physical systems, IOT and various data acquisition from sensors deployed in remote, inaccessible terrains have remote deployment. However due to remote deployment, WSN is an adhoc network of large number of sensors either heli-dropped in inaccessible terrain like volcanoes, Forests, border areas are highly energy deficient and available in large numbers. This makes it the right soup to become vulnerable to various kinds of Security attacks. The lack of energy and resources makes it deprived of developing a robust security code for mitigation of various kinds of attacks. Many attempts have been made to suggest a robust security Protocol. But these consume so much energy, bandwidth, processing power, memory and other resources that the sole purpose of data gathering from inaccessible terrain from energy deprived sensors gets defeated. This paper makes an attempt to study the types of attacks on different layers of WSN and the examine the recent trends in development of various security protocols to mitigate the attacks. Further, we have proposed a simple, lightweight but powerful security protocol known as Simple Sensor Security Protocol (SSSP), which captures the uniqueness of WSN and its isolation from internet to develop an energy efficient security solution.

Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated classification methodology is introduced in this paper, based on the vulnerability textual descriptions from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.

Intrusion detection method cautions and through build recognition rate. Through determine worries forth execution support vector machine (SVM), multilayer perceptron and different procedures have endured utilized trig ongoing work. Such strategies show impediments & persist not effective considering use trig enormous informational indexes, considering example, outline & system information. Interruption recognition outline utilized trig examining colossal traffic information; consequently, a proficient grouping strategy important through beat issue. Aforementioned issue considered trig aforementioned paper. Notable AI methods, specifically, SVM, arbitrary backwoods, & extreme learning machine (ELM) persist applied. These procedures persist notable trig view epithetical their capacity trig characterization. NSL-information revelation & knowledge mining informational collection components. Outcomes demonstrate a certain ELM beats different methodologies.

Phishing URLs mainly target individuals and/or organizations through social engineering attacks by exploiting the humans' weaknesses in information security awareness. These URLs lure online users to access fake websites, and harvest their confidential information, such as debit/credit card numbers and other sensitive information. In this work, we introduce a phishing detection technique based on URL lexical analysis and machine learning classifiers. The experiments were carried out on a dataset that originally contained 1056937 labeled URLs (phishing and legitimate). This dataset was processed to generate 22 different features that were reduced further to a smaller set using different features reduction techniques. Random Forest, Gradient Boosting, Neural Network and Support Vector Machine (SVM) classifiers were all evaluated, and results show the superiority of SVMs, which achieved the highest accuracy in detecting the analyzed URLs with a rate of 99.89%. Our approach can be incorporated within add-on/middleware features in Internet browsers for alerting online users whenever they try to access a phishing website using only its URL.

In emergency situations like recent Australian bushfires, it is crucial for civilians and firefighters to receive critical information such as escape routes and safe sheltering points with guarantees on information quality attributes. Mobile Ad-hoc Networks (MANETs) can provide communications in bushfire when fixed infrastructure is destroyed and not available. Current MANET solutions, however, are mostly tested under static bushfire scenario. In this work, we investigate the impact of a realistic dynamic bushfire in a dry eucalypt forest with a shrubby understory, on the performance of data delivery solutions in a MANET. Simulation results show a significant degradation in the performance of state-of-the-art MANET quality of information solution. Other than frequent source handovers and reduced user usability, packet arrival latency increases by more than double in the 1st quartile with a median drop of 74.5 % in the overall packet delivery ratio. It is therefore crucial for MANET solutions to be thoroughly evaluated under realistic dynamic bushfire scenarios.

With the rapid growth of the Internet of Things (IoT) applications in smart regions/cities, for example, smart healthcare, smart homes/offices, there is an increase in security threats and risks. The IoT devices solve real-world problems by providing real-time connections, data and information. Besides this, the attackers can tamper with sensors, add or remove them physically or remotely. In this study, we address the IoT security sensor tampering issue in an office environment. We collect data from real-life settings and apply machine learning to detect sensor tampering using two methods. First, a real-time view of the traffic patterns is considered to train our isolation forest-based unsupervised machine learning method for anomaly detection. Second, based on traffic patterns, labels are created, and the decision tree supervised method is used, within our novel Anomaly Detection using Machine Learning (AD-ML) system. The accuracy of the two proposed models is presented. We found 84% with silhouette metric accuracy of isolation forest. Moreover, the result based on 10 cross-validations for decision trees on the supervised machine learning model returned the highest classification accuracy of 91.62% with the lowest false positive rate.

In the present scenario, security is the biggest concern in any domain of applications. The latest and widely used system for user authentication is a biometric system. This includes fingerprint recognition, retina recognition, and voice recognition. But these systems can be bypassed by masqueraders. To avoid this, a combination of these systems is used which becomes very costly. To overcome these two drawbacks keystroke dynamics were introduced in this field. Keystroke dynamics is a biometric authentication-based system on behavior, which is an automated method in which the identity of an individual is identified and confirmed based on the way and the rhythm of passwords typed on a keyboard by the individual. The work in this paper focuses on identifying the best algorithm for implementing an authentication system with the help of machine learning for user identification based on keystroke dynamics. Our proposed model which uses XGBoost gives a comparatively higher accuracy of 93.59% than the other algorithms for the dataset used.