Wyniki wyszukiwania - BazTech

1

Artificial Immune Systems in Local and Network Cybersecurity: An Overview of Intrusion Detection Strategies

Widuliński Patryk

Applied Cybersecurity & Internet Governance

|

2023

|

Vol. 2, No. 1

1--24

EN

In this paper, an overview of artificial immune systems (AIS) used in intrusion detection systems (IDS) is provided, along with a review of recent efforts in this field of cybersecurity. In particular, the focus is on the negative selection algorithm (NSA), a popular, prominent algorithm of the AIS domain based on the human immune system. IDS offer intrusion detection capabilities, both locally and in a network environment. The paper offers a review of recent solutions employing AIS in IDS, capable of detecting anomalous network traffic/breaches and operating system file infections caused by malware. A discussion regarding the reviewed research is presented with an analysis and suggestions for further research, and then the work is concluded.

2

Enhancing Intrusion Detection in Industrial Internet of Things through Automated Preprocessing

Sezgin Anıl, Boyacı Aytuğ

Advances in Science and Technology. Research Journal

|

2023

|

Vol. 17, no 2

120--135

EN

Industrial Internet of Things (IIoT) is a rapidly growing field, where interconnected devices and systems are used to improve operational efficiency and productivity. However, the extensive connectivity and data exchange in the IIoT environment make it vulnerable to cyberattacks. Intrusion detection systems (IDS) are used to monitor IIoT networks and identify potential security breaches. Feature selection is an essential step in the IDS process, as it can reduce computational complexity and improve the accuracy of the system. In this research paper, we propose a hybrid feature selection approach for intrusion detection in the IIoT environment using Shapley values and a genetic algorithm-based automated preprocessing technique which has three automated steps including imputation, scaling and feature selection. Shapley values are used to evaluate the importance of features, while the genetic algorithm-based automated preprocessing technique optimizes feature selection. We evaluate the proposed approach on a publicly available dataset and compare its performance with existing state-of-the-art methods. The experimental results demonstrate that the proposed approach outperforms existing methods, achieving high accuracy, precision, recall, and F1-score. The proposed approach has the potential to enhance the performance of IDS in the IIoT environment and improve the overall security of critical industrial systems.

3

An autoencoder-enhanced stacking neural network model for increasing the performance of intrusion detection

Brunner Csaba, Kő Andrea, Fodor Szabina

Journal of Artificial Intelligence and Soft Computing Research

|

2022

|

Vol. 12, No. 2

149--163

EN

Security threats, among other intrusions affecting the availability, confidentiality and integrity of IT resources and services, are spreading fast and can cause serious harm to organizations. Intrusion detection has a key role in capturing intrusions. In particular, the application of machine learning methods in this area can enrich the intrusion detection efficiency. Various methods, such as pattern recognition from event logs, can be applied in intrusion detection. The main goal of our research is to present a possible intrusion detection approach using recent machine learning techniques. In this paper, we suggest and evaluate the usage of stacked ensembles consisting of neural network (SNN) and autoencoder (AE) models augmented with a tree-structured Parzen estimator hyperparameter optimization approach for intrusion detection. The main contribution of our work is the application of advanced hyperparameter optimization and stacked ensembles together. We conducted several experiments to check the effectiveness of our approach. We used the NSL-KDD dataset, a common benchmark dataset in intrusion detection, to train our models. The comparative results demonstrate that our proposed models can compete with and, in some cases, outperform existing models.

4

Gramian angular field transformation-based intrusion detection

Terzi Duygu Sinanc

Computer Science

|

2022

|

T. 23 (4)

571--585

EN

Cyber threats are increasing progressively in their frequency, scale, sophistication, and cost. The advancement of such threats has raised the need to enhance intelligent intrusion-detection systems. In this study, a different perspective has been developed for intrusion detection. Gramian angular fields were adapted to encode network traffic data as images. Hereby, a way to reveal bilateral feature relationships and benefit from the visual interpretation capability of deep-learning methods has been opened. Then, image-encoded intrusions were classified as binary and multi-class using convolutional neural networks. The obtained results were compared to both conventional machine-learning methods and related studies. According to the results, the proposed approach surpassed the success of traditional methods and produced success rates that were close to the related studies. Despite the use of complex mechanisms such as feature extraction, feature selection, class balancing, virtual data generation, or ensemble classifiers in related studies, the proposed approach is fairly plain – involving only data-image conversion and classification. This shows the power of simply changing the problem space.

5

Web intrusion detection using character level machine learning approaches with upsampled data

Sivri Talya Tümer, Akman Nergis Pervan, Berkol Ali, Peker Can

Annals of Computer Science and Information Systems

|

2022

|

Vol. 32

269--274

EN

Today, people fulfill their needs in many areas such as shopping, health, and finance online. Besides many well-meaning people who use websites for their own needs, there are also people who send attack requests to get these people's personal data, get website owners' information, and damage the application. The attack types such as SQL injection and XSS can seriously harm web applications and users. Detecting these cyber-attacks manually is very time-consuming and difficult to adapt to new attack types. Our proposed study performs attack detection using different machine learning and deep learning approaches with a larger dataset obtained by combining CSIC 2012 and ECML/PKDD datasets. In this study, we evaluated our classification results which experimented with different algorithms based on computation time and accuracy. In addition to applying different algorithms, experiments on various learning models were applied with our data upsample method for balancing the dataset labels. As a result of the binary classification, LSTM achieves the best result in terms of accuracy, and a positive effect of the upsampled data on accuracy has been observed. LightGBM was the algorithm with the highest performance in terms of computation time.

6

Markov Decision Process based Model for Performance Analysis an Intrusion Detection System in IoT Networks

Kalnoor Gauri, Gowrishankar

Journal of Telecommunications and Information Technology

|

2021

|

nr 3

42--49

EN

In this paper, a new reinforcement learning intrusion detection system is developed for IoT networks incorporated with WSNs. A research is carried out and the proposed model RL-IDS plot is shown, where the detection rate is improved. The outcome shows a decrease in false alarm rates and is compared with the current methodologies. Computational analysis is performed, and then the results are compared with the current methodologies, i.e. distributed denial of service (DDoS) attack. The performance of the network is estimated based on security and other metrics.

7

Battery Drain Denial-of-Service Attacks and Defenses in the Internet of Things

Ioulianou Philokypros P., Vassilakis Vassilios G., Logothetis Michael D.

Journal of Telecommunications and Information Technology

|

2019

|

nr 2

37--45

EN

IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is a popular routing protocol used in wireless sensor networks and in the Internet of Things (IoT). RPL was standardized by the IETF in 2012 and has been designed for devices with limited resources and capabilities. Open-source RPL implementations are supported by popular IoT operating systems (OS), such as ContikiOS and TinyOS. In this work, we investigate the possibility of battery drain Denial-of-Service (DoS) attacks in the RPL implementation of ContikiOS. In particular, we use the popular Cooja simulator and implement two types of DoS attacks, particularly version number modiﬁcation and “Hello” ﬂooding. We demonstrate the impact of these attacks on the power consumption of IoT devices. Finally, we discuss potential defenses relying on distributed intrusion detection modules.

8

Standardized container virtualization approach for collecting host intrusion detection data

Röhling Martin Max, Grimmer Martin, Kreußel Dennis, Hoffmann Jörn, Franczyk Bogdan

Annals of Computer Science and Information Systems

|

2019

|

Vol. 18

459--463

EN

Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.

9

On Efficiency of Selected Machine Learning Algorithms for Intrusion Detection in Software Defined Networks

Jankowski D., Amanowicz M.

International Journal of Electronics and Telecommunications

|

2016

|

Vol. 62, No. 3

247--252

EN

We propose a concept of using Software Defined Network (SDN) technology and machine learning algorithms for monitoring and detection of malicious activities in the SDN data plane. The statistics and features of network traffic are generated by the native mechanisms of SDN technology.In order to conduct tests and a verification of the concept, it was necessary to obtain a set of network workload test data.We present virtual environment which enables generation of the SDN network traffic.The article examines the efficiency of selected machine learning methods: Self Organizing Maps and Learning Vector Quantization and their enhanced versions.The results are compared with other SDN-based IDS.

10

An octopus-inspired intrusion deterrence model in distributed computing system

Olajubu E. A., Akinwale A., Ogundoyin K. I.

Computer Science

|

2016

|

Vol. 17 (4)

483--501

EN

The study formulated and evaluated a model for effective management of ma- licious nodes in mobile Ad-hoc network based on Ad-Hoc on- demand distance vector routing protocol. A collaborative injection model called Collaborative Injection Deterrence Model (CIDM) was formulated using stochastic theory. The definition of the model was presented using graph theory. CIDM was simulated using three different scenarios. The three scenarios were then compared using packets delivery ratio (PDR), routing load, throughput and delay as performance metrics. The simulation result showed that CIDM reduce considerably the rate of packets dropped caused by malicious nodes in MANET network. CIDM did not introduce additional load to the network and, yet produce higher throughput. Lastly, the access delay in CIDM is minimal compared with convectional OADV. The study developed a model to mete out a punitive measure to rogue nodes as a form of intrusion deterrence without degrading the overall performance of the network. The well known CRAWDAD dataset was used in the simulation.

11

New architecture of system intrusion detection and prevention

Nycz M., Hajder M., Gerka A.

Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica

|

2016

|

Vol. 16, no. 2

20--24

EN

In this article there has been presented new intrusion detection and prevention algorithm implemented on Raspberry Pi platform. The paper begins with the presentation of research methodology in the field of Intrusion Detection Systems. Adequate supervision and control over network traffic is crucial for the security of information and communication technology. As a result of the limited budget allocated for the IT infrastructure of small businesses and the high price of dedicated solutions, many companies do not use mentioned systems. Therefore, in this order, there has been proposed monitoring solution based on the generally available Raspberry Pi platform. The paper is addressed to network administrators.

12

Methods for increasing security of web servers

Nycz M., Hajder M., Nienajadlo S

Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica

|

2016

|

Vol. 16, no. 2

39--42

EN

This article is addressed in most part to people dealing with security of web servers. This paper begins with presenting the statistical dimension of the issue of data security in the modern Internet. This paper begins with presenting statistics dealing with issues of data security on the modern World Wide Web. The authors main focus in this work is presenting the challenges of dealing with security and protection of web communication. The work analyses the security of implementing SSL/TLS (Secure Socket Layer/Transport Layer Security) protocol and proposes a new method of increasing security of web servers. This article is addressed to people dealing with analysis and security of web servers.

13

Intrusion Detection in Heterogeneous Networks of Resource-Limited Things

Kozakiewicz A., Lasota K., Marks M.

Journal of Telecommunications and Information Technology

|

2015

|

nr 4

10--14

EN

The paper discusses the threats to networks of resource-limited things such as wireless sensors and the different mechanisms used to deal with them. A novel approach to threat detection is proposed. MOTHON is a movement-assisted threat detection system using mobility to enhance a global threat assessment and provide a separate physical secure channel to deliver collected information.

14

Application of the Complex Event Processing system for anomaly detection and network monitoring

Frankowski G., Jerzak M., Miłostan M., Nowak T., Pawłowski M.

Computer Science

|

2015

|

Vol. 16 (4)

351--371

EN

Protection of infrastructures for e-science, including grid environments and NREN facilities, requires the use of novel techniques for anomaly detection and network monitoring. The aim is to raise situational awareness and provide early warning capabilities. The main operational problem that most network operators face is integrating and processing data from multiple sensors and systems placed at critical points of the infrastructure. From a scientific point of view, there is a need for the efficient analysis of large data volumes and automatic reasoning while minimizing detection errors. In this article, we describe two approaches to Complex Event Processing used for network monitoring and anomaly detection and introduce the ongoing SECOR project (Sensor Data Correlation Engine for Attack Detection and Support of Decision Process), supported by examples and test results. The aim is to develop methodology that allows for the construction of next-generation IDS systems with artificial intelligence, capable of performing signature-less intrusion detection.

15

A New Intrusion Detection Model Based on Data Mining and Neural Network

Dong Y., Qi B., Zhu W., Gao W.

Przegląd Elektrotechniczny

|

2013

|

R. 89, nr 1b

88--90

EN

Today, we often apply the intrusion detection to aid the firewall to maintain the network security. But now network intrusion detection have problem of higher false alarm rate, we apply the data warehouse and the data mining in intrusion detection and the technology of network traffic monitoring and analysis. After network data is processed by data mining, we will get the certain data and the uncertain data. Then we process the data by the BP neural network, which based on the genetic algorithm, again. Finally, we propose a new model of intrusion detection based on the data warehouse, the data mining and the BP neural network. The experimental result indicates this model can find effectively many kinds behavior of network intrusion and have higher intelligence and environment accommodation.

PL

Obecnie, w celu utrzymania bezpieczeństwa sieci, stosuje się wykrywanie ataków przy pomocy zapory ogniowej, co często powoduje za wysoki poziom fałszywych ataków. W proponowanym rozwiązaniu proponuje się wykorzystanie magazynowania i pozyskiwania danych oraz analizę monitoringu ruchu sieci. Przetwarzanie danych polegało dotychczas na ustaleniu danych pewnych i niepewnych; obecnie proponujemy wykorzystanie genetycznego algorytmu sieci neuronowych BP. Ostatecznie, wprowadzono nowy model detekcji ataków bazujący na magazynowaniu i pozyskiwaniu danych oraz neuronowych sieciach BP. Badania eksperymentalne wykazują, że zaprezentowany model pozwala na znalezienie wielu rodzajów zachowań ataków sieci, jest bardziej inteligentny, zapewnia wyższy standard obsługi środowiska.

16

Anomaly Detection Framework Based on Matching Pursuit for Network Security Enhancement

Renk R., Hołubowicz W.

Journal of Telecommunications and Information Technology

|

2011

|

nr 1

32-36

EN

In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0-day attacks and reduce false positives. Moreover, we propose to combine statistical and signal-based features. The major contribution of this paper are: novel framework for network security based on the correlation approach as well as new signal based algorithm for intrusion detection using matching pursuit.

17

On the Use of Naive Bayesian Classifiers for Detecting Elementary and Coordinated Attacks

Kenaza T., Tabia K., Benferhat S.

Fundamenta Informaticae

|

2011

|

Vol. 105, nr 4

435-466

EN

Bayesian networks are very powerful tools for knowledge representation and reasoning under uncertainty. This paper shows the applicability of naive Bayesian classifiers to two major problems in intrusion detection: the detection of elementary attacks and the detection of coordinated ones. We propose two models starting with stating the problems and defining the variables necessary for model building using naive Bayesian networks. In addition to the fact that the construction of such models is simple and efficient, the performance of naive Bayesian networks on a representative data is competing with the most efficient state of the art classification tools. We show how the decision rules used in naive Bayesian classifiers can be improved to detect new attacks and new anomalous activities. We experimentally show the effectiveness of these improvements on a recent Web-based traffic. Finally, we propose a naive Bayesian network-based approach especially designed to detect coordinated attacks and provide experimental results showing the effectiveness of this approach.

18

Intrusion Detection Systems : Model and implementation of module reacting on intrusion to computer system

Barczak A., Bereza G.

Studia Informatica : systems and information technology

|

2010

|

Vol. 1-2(14)

5--11

EN

The problems of intrusion detection capabilities are considered in this paper. The general idea of structure, model of IDS (Intrusion Detection System) and overall construction is presented with emphasize many problems which appear while creating procedures of such a tool.

19

Comprehensive approach to anomaly detection system evaluation

Renk R., Saganowski Ł., Choraś M., Hołubowicz W.

Image Processing & Communications

|

2010

|

Vol. 15, no 1

69-77

EN

Anomaly detection approach is a new, emerging trend for network security especially for high-security networks (such as military or critical infrastructure monitoring networks). In our previous work we proposed a new methodology for such intrusion detection systems. We proposed new signal based algorithm for intrusion detection on the basis of the Matching Pursuit algorithm. Hereby, we report further, more extensive, evaluation of the proposed methodology. We show results for 15 metrics characterizing network traffic (previously we tested our system using packets-per-second only). Moreover, we used various types of traffic traces to evaluate our methodology: authentic traffic with authentic attacks from campus and WAN networks, authentic traffic with artificial (injected) attacks from campus and corporate networks and ar-tificial traffic with artificial attacks. Finally, we provided the comparison of our method with state-of-the-art DWT-based anomaly detection system and proved that our solution gives better results in terms of detection rate and false positives.

20

Distributed Intrusion Detection Systems – MetalDS case study

Jerzak M., Wojtysiak M.

Computational Methods in Science and Technology

|

2010

|

Vol. spec. iss. (1)

135-145

EN

The “Defence in depth” strategy for securing computer systems claims that technologies used to protect a network should fulfill the “Protect, Detect and React” paradigm. “This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools” [1]. This paper presents MetaIDS – the Intrusion Detection System developed in Poznań Supercomputing and Networking Center. It detects both attack attempts and successful attacks to the system. The paper highlights typical problems with intrusions detection, principle of the MetaIDS work and real attack example seen from the perspective of MetaIDS.