Network Intrusion Detection - Under the background of the continuous improvement of Chinese social modernization and development level and the comprehensive popularization of information technology, data mining technology is becoming more and more widely used, but the corresponding network security problems occur frequently, which causes serious constraints to the improvement of data mining technology level.Therefore, this paper analyzes the simulation measures of cloud computing network security intrusion detection model based on data mining technology, to ensure that under the cloud computing environment, network intrusion effectively prevents concealment, degeneration, unpredictable, effectively realize the real-time monitoring network intrusion target, and improve the application value of relevant technologies.
Authored by Yuxiang Hou
Network Intrusion Detection - With the development of computing technology, data security and privacy protection have also become the focus of researchers; along with this comes the issue of network link security and reliability, and these issues have become the focus of discussion when studying network security. Intrusion detection is an effective means to assist in network malicious traffic detection and maintain network stability; to meet the ever-changing demand for network traffic identification, intrusion detection models have undergone a transformation from traditional intrusion detection models to machine learning intrusion detection models to deep intrusion detection models. The efficiency and superiority of deep learning have been proven in fields such as image processing, but there are still some problems in the field of network security intrusion detection: the models are not targeted when processing data, the models have poor generalization ability, etc. The combinatorial neural network proposed in this paper can effectively propose a solution to the problems of existing models, and the CL-IDS model proposed in this paper has a better performance on the KDDCUP99 dataset as demonstrated by relevant experiments.
Authored by Gaodi Xu, Jinghui Zhou, Yunlong He
Network Coding - Network Coding (NC) enabled cellular networks can be penetrated by faulty packets that deviates the target nodes from decoding packets received. Even a little amount of pollution can be very quickly spread to remaining packets because of the resource exploitation at intermediary nodes. Numerous methods for protecting against data pollution attacks have been developed in the last few years. Another popular alternative is the Homomorphic Message Authentication Code (HMAC). Hackers can target HMAC by tampering with the end-of-packet tags, known as tag pollution assaults, in order to evade detection. To prevent data pollution and tag pollution assaults, a HMAC-based method can be used using two separate MAC tags. In the 5G wireless communication, small cells and collaborative networks have been extensively investigated. The use of network coding in wireless networks can increase throughput while consuming less power. Strong integrity procedures are essential for a coding environment to combat threats like pollution assaults and take full advantage of network coding. Latency and computation overhead can be reduced while maintaining security by modifying and optimising the existing integrity algorithms. This research focuses on analysing security threats in NC enabled small cells.
Authored by Chanumolu Kumar, Nandhakumar Ramachandran, Ch Priyanka, Spandana Mande
Nearest Neighbor Search - Network security is one of the main challenges faced by network administrators and owners, especially with the increasing numbers and types of attacks. This rapid increase results in a need to develop different protection techniques and methods. Network Intrusion Detection Systems (NIDS) are a method to detect and analyze network traffic to identify attacks and notify network administrators. Recently, machine learning (ML) techniques have been extensively applied in developing detection systems. Due to the high complexity of data exchanged over the networks, applying ML techniques will negatively impact system performance as many features need to be analyzed. To select the most relevant features subset from the input data, a feature selection technique is used, which results in enhancing the overall performance of the NIDS. In this paper, we propose a wrapper approach as a feature selection based on a Chaotic Crow Search Algorithm (CCSA) for anomaly network intrusion detection systems. Experiments were conducted on the LITNET2020 dataset. To the best of our knowledge, our proposed method can be considered the first selection algorithm applied on this dataset based on swarm intelligence optimization to find a special subset of features for binary and multiclass classifications that optimizes the performance for all classes at the same time.The model was evaluated using several ML classifiers namely, Knearest neighbors (KNN), Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), Multi-layer perceptron (MLP), and Long Short-Term Memory (LSTM). The results proved that the proposed algorithm is more efficient in improving the performance of NIDS in terms of accuracy, detection rate, precision, F-score, specificity, and false alarm rate, outperforming state-of-the-art feature selection techniques recently proposed in the literature.
Authored by Hussein Al-Zoubi, Samah Altaamneh
Moving Target Defense - The use of traditional defense mechanisms or intrusion detection systems presents a disadvantage for defenders against attackers since these mechanisms are essentially reactive. Moving target defense (MTD) has emerged as a proactive defense mechanism to reduce this disadvantage by randomly and continuously changing the attack surface of a system to confuse attackers. Although significant progress has been made recently in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist, especially in maximizing security levels and estimating network reconfiguration speed for given attack power. In this paper, we propose a set of Petri Net models and use them to perform a comprehensive evaluation regarding key security metrics of Software-Defined Network (SDNs) based systems adopting a time-based MTD mechanism. We evaluate two use-case scenarios considering two different types of attacks to demonstrate the feasibility and applicability of our models. Our analyses showed that a time-based MTD mechanism could reduce the attackers’ speed by at least 78\% compared to a system without MTD. Also, in the best-case scenario, it can reduce the attack success probability by about ten times.
Authored by Julio Mendonca, Minjune Kim, Rafal Graczyk, Marcus Völp, Dan Kim
MANET Security - Recently, the mobile ad hoc network (MANET) has enjoyed a great reputation thanks to its advantages such as: high performance, no expensive infrastructure to install, use of unlicensed frequency spectrum, and fast distribution of information around the transmitter. But the topology of MANETs attracts the attention of several attacks. Although authentication and encryption techniques can provide some protection, especially by minimizing the number of intrusions, such cryptographic techniques do not work effectively in the case of unseen or unknown attacks. In this case, the machine learning approach is successful to detect unfamiliar intrusive behavior. Security methodologies in MANETs mainly focus on eliminating malicious attacks, misbehaving nodes, and providing secure routing.
Authored by Wafa Bouassaba, Abdellah Nabou, Mohammed Ouzzif
MANET Security - The current stady is confined in proposing a reputation based approach for detecting malicious activity where past activities of each node is recorded for future reference. It has been regarded that the Mobile ad-hoc network commonly called as (MANET) is stated as the critical wireless network on the mobile devices using self related assets. Security considered as the main challenge in MANET. Many existing work has done on the basis of detecting attacks by using various approaches like Intrusion Detection, Bait detection, Cooperative malicious detection and so on. In this paper some approaches for identifying malicious nodes has been discussed. But this Reputation based approach mainly focuses on sleuthing the critcal nodes on the trusted path than the shortest path. Each node will record the activity of its own like data received from and Transferred to information. As soon as a node update its activity it is verified and a trust factor is assigned. By comparing the assigned trust factor a list of suspicious or malicious node is created..
Authored by Prolay Ghosh, Dhanraj Verma
MANET Security - Mobile ad hoc networks can expand access networks service zones and offer wireless to previously unconnected or spotty areas. Ad hoc networking faces transmission failures limited wireless range, disguised terminal faults and packet losses, mobility-induced route alterations, and battery constraints. A network layer metric shows total network performance. Ad-hoc networking provides access networks, dynamic multi-hop architecture, and peer-to-peer communication. In MANET, each node acts as a router, determining the optimum route by travelling through other nodes. MANET includes dynamic topology, fast deployment, energy-restricted operation, and adjustable capacity and bandwidth. Dynamic MANET increases security vulnerabilities. Researchers have employed intrusion detection, routing, and other techniques to provide security solutions. Current technologies can t safeguard network nodes. In a hostile environment, network performance decreases as nodes increase. This paper presents a reliable and energy-efficient Firefly Energy Optimized Routing (IFEOR)-based routing method to maximise MANET data transmission energy. IFEOR measures MANET firefly light intensity to improve routing stability. The route path s energy consumption determines the firefly s brightness during MANET data packet transfer. Adopting IFEOR enhanced packet delivery rates and routing overheads. End-to-end delay isn t reduced since nodes in a route may be idle before sending a message. Unused nodes use energy.
Authored by Morukurthi Sreenivasu, Badarla Anil
MANET Attack Detection - Mobile Adhoc Networks also known as MANETS or Wireless Adhoc Networks is a network that usually has a routable networking environment on top of a Link Layer ad hoc network. They consist of a set of mobile nodes connected wirelessly in a self-configured, self-healing network without having a fixed infrastructure. MANETS, have been predominantly utilized in military or emergency situations however, the prospects of Manets’ usage outside these realms is now being considered for possible public adoption in light of the recent global events such as the pandemic and new emerging infectious diseases. These particular events birthed new challenges, one of which was the considerable strain that was placed on mainstream ISP’s. Whilst there has been a significant amount of research conducted in the sphere Manet Security via various means such as: development of intrusion detection systems, attack classification and prediction systems, etcetera. There still exists prevailing concerns of MANET security and risks. Additionally, recently researched trends within the field has evidenced key disparities in terms of studies related to MANET Risk profiles. This paper seeks to provide an overview of existing studies with respect to MANETS as well as briefly introduces a new method of determining the initial Risk Profile of MANETS via the usage of probabilistic machine learning techniques. It explores new regions of probability-based approaches to further supplement the existing impact-based methodologies for assessing risk within Manets.
Authored by Hosein Michael, Aqui Jedidiah
MANET Attack Detection - Recently, the mobile ad hoc network (MANET) has enjoyed a great reputation thanks to its advantages such as: high performance, no expensive infrastructure to install, use of unlicensed frequency spectrum, and fast distribution of information around the transmitter. But the topology of MANETs attracts the attention of several attacks. Although authentication and encryption techniques can provide some protection, especially by minimizing the number of intrusions, such cryptographic techniques do not work effectively in the case of unseen or unknown attacks. In this case, the machine learning approach is successful to detect unfamiliar intrusive behavior. Security methodologies in MANETs mainly focus on eliminating malicious attacks, misbehaving nodes, and providing secure routing. In this paper we present to most recent works that propose or apply the concept of Machine Learning (ML) to secure the MANET environment.
Authored by Wafa Bouassaba, Abdellah Nabou, Mohammed Ouzzif
MANET Attack Detection - The current stady is confined in proposing a reputation based approach for detecting malicious activity where past activities of each node is recorded for future reference. It has been regarded that the Mobile ad-hoc network commonly called as (MANET) is stated as the critical wireless network on the mobile devices using self related assets. Security considered as the main challenge in MANET. Many existing work has done on the basis of detecting attacks by using various approaches like Intrusion Detection, Bait detection, Cooperative malicious detection and so on. In this paper some approaches for identifying malicious nodes has been discussed. But this Reputation based approach mainly focuses on sleuthing the critcal nodes on the trusted path than the shortest path. Each node will record the activity of its own like data received from and Transferred to information. As soon as a node update its activity it is verified and a trust factor is assigned. By comparing the assigned trust factor a list of suspicious or malicious node is created.
Authored by Prolay Ghosh, Dhanraj Verma
MANET Attack Prevention - Wireless ad hoc networks are characterized by dynamic topology and high node mobility. Network attacks on wireless ad hoc networks can significantly reduce performance metrics, such as the packet delivery ratio from the source to the destination node, overhead, throughput, etc. The article presents an experimental study of an intrusion detection system prototype in mobile ad hoc networks based on machine learning. The experiment is carried out in a MANET segment of 50 nodes, the detection and prevention of DDoS and cooperative blackhole attacks are investigated. The dependencies of features on the type of network traffic and the dependence of performance metrics on the speed of mobile nodes in the network are investigated. The conducted experimental studies show the effectiveness of an intrusion detection system prototype on simulated data.
Authored by Leonid Legashev, Luybov Grishina
MANET Attack Prevention - Since the mid-1990s, the growth of laptops and Wi-Fi networks has led to a great increase in the use of MANET (Mobile ad hoc network) in wireless communication. MANET is a group of mobile devices for example mobile phones, computers, laptops, radios, sensors, etc., that communicate with each other wirelessly without any support from existing internet infrastructure or any other kind of fixed stations. As MANET is an infrastructure-less network it is prone to various attacks, which can lead to loss of information during communication, security breaches or other unauthentic malpractices. Various types of attacks to which MANET can be vulnerable are denial of service (DOS) and packet dropping attacks such as Gray hole, Blackhole, Wormhole, etc. In this research, we are particularly focusing on the detection and prevention of Gray hole attack. Gray hole node drops selective data packets, while participating in the routing process like other nodes, and advertises itself as a genuine node. The Intrusion Detection System (IDS) technique is used for identification and aversion of the Gray hole attack. Use of AODV routing protocol is made in the network. The network is incorporated and simulation parameters such as PDR (Packet Delivery Ratio), Energy Consumption, End-to-end delay, and Throughput are analyzed using simulation software.
Authored by Manish Chawhan, Kruttika Karmarkar, Gargi Almelkar, Disha Borkar, Kishor. Kulat, Bhumika Neole
Intrusion Intolerance - The cascaded multi-level inverter (CMI) is becoming increasingly popular for wide range of applications in power electronics dominated grid (PEDG). The increased number of semiconductors devices in these class of power converters leads to an increased need for fault detection, isolation, and selfhealing. In addition, the PEDG’s cyber and physical layers are exposed to malicious attacks. These malicious actions, if not detected and classified in a timely manner, can cause catastrophic events in power grid. The inverters’ internal failures make the anomaly detection and classification in PEDG a challenging task. The main objective of this paper is to address this challenge by implementing a recurrent neural network (RNN), specifically utilizing long short-term memory (LSTM) for detection and classification of internal failures in CMI and distinguish them from malicious activities in PEDG. The proposed anomaly classification framework is a module in the primary control layer of inverters which can provide information for intrusion detection systems in a secondary control layer of PEDG for further analysis.
Authored by Matthew Baker, Hassan Althuwaini, Mohammad Shadmand
Intrusion Intolerance - Network intrusion detection technology has developed for more than ten years, but due to the network intrusion is complex and variable, it is impossible to determine the function of network intrusion behaviour. Combined with the research on the intrusion detection technology of the cluster system, the network security intrusion detection and mass alarms are realized. Method: This article starts with an intrusion detection system, which introduces the classification and workflow. The structure and working principle of intrusion detection system based on protocol analysis technology are analysed in detail. Results: With the help of the existing network intrusion detection in the network laboratory, the Synflood attack has successfully detected, which verified the flexibility, accuracy, and high reliability of the protocol analysis technology. Conclusion: The high-performance cluster-computing platform designed in this paper is already available. The focus of future work will strengthen the functions of the cluster-computing platform, enhancing stability, and improving and optimizing the fault tolerance mechanism.
Authored by Feng Li, Fei Shu, Mingxuan Li, Bin Wang
Machine Learning - An IDS is a system that helps in detecting any kind of doubtful activity on a computer network. It is capable of identifying suspicious activities at both the levels i.e. locally at the system level and in transit at the network level. Since, the system does not have its own dataset as a result it is inefficient in identifying unknown attacks. In order to overcome this inefficiency, we make use of ML. ML assists in analysing and categorizing attacks on diverse datasets. In this study, the efficacy of eight machine learning algorithms based on KDD CUP99 is assessed. Based on our implementation and analysis, amongst the eight Algorithms considered here, Support Vector Machine (SVM), Random Forest (RF) and Decision Tree (DT) have the highest testing accuracy of which got SVM does have the highest accuracy
Authored by Utkarsh Dixit, Suman Bhatia, Pramod Bhatia
Intelligent Data and Security - The recent 5G networks aim to provide higher speed, lower latency, and greater capacity; therefore, compared to the previous mobile networks, more advanced and intelligent network security is essential for 5G networks. To detect unknown and evolving 5G network intrusions, this paper presents an artificial intelligence (AI)-based network threat detection system to perform data labeling, data filtering, data preprocessing, and data learning for 5G network flow and security event data. The performance evaluations are first conducted on two well-known datasets-NSL-KDD and CICIDS 2017; then, the practical testing of proposed system is performed in 5G industrial IoT environments. To demonstrate detection against network threats in real 5G environments, this study utilizes the 5G model factory, which is downscaled to a real smart factory that comprises a number of 5G industrial IoT-based devices.
Authored by Jonghoon Lee, Hyunjin Kim, Chulhee Park, Youngsoo Kim, Jong-Geun Park
Information Theoretic Security - From an information-theoretic standpoint, the intrusion detection process can be examined. Given the IDS output(alarm data), we should have less uncertainty regarding the input (event data). We propose the Capability of Intrusion Detection (CID) measure, which is simply the ratio of mutual information between IDS input and output, and the input of entropy. CID has the desirable properties of (1) naturally accounting for all important aspects of detection capability, such as true positive rate, false positive rate, positive predictive value, negative predictive value, and base rate, (2) objectively providing an intrinsic measure of intrusion detection capability, and (3) being sensitive to IDS operation parameters. When finetuning an IDS, we believe that CID is the best performance metric to use. In terms of the IDS’ inherent ability to classify input data, the so obtained operation point is the best that it can achieve.
Authored by Noor Hashim, Sattar Sadkhan
Industrial Control Systems - With the wide application of Internet technology in the industrial control field, industrial control networks are getting larger and larger, and the industrial data generated by industrial control systems are increasing dramatically, and the performance requirements of the acquisition and storage systems are getting higher and higher. The collection and analysis of industrial equipment work logs and industrial timing data can realize comprehensive management and continuous monitoring of industrial control system work status, as well as intrusion detection and energy efficiency analysis in terms of traffic and data. In the face of increasingly large realtime industrial data, existing log collection systems and timing data gateways, such as packet loss and other phenomena [1], can not be more complete preservation of industrial control network thermal data. The emergence of software-defined networking provides a new solution to realize massive thermal data collection in industrial control networks. This paper proposes a 10-gigabit industrial thermal data acquisition and storage scheme based on software-defined networking, which uses software-defined networking technology to solve the problem of insufficient performance of existing gateways.
Authored by Ge Zhang, Zheyu Zhang, Jun Sun, Zun Wang, Rui Wang, Shirui Wang, Chengyun Xie
An IDS is a system that helps in detecting any kind of doubtful activity on a computer network. It is capable of identifying suspicious activities at both the levels i.e. locally at the system level and in transit at the network level. Since, the system does not have its own dataset as a result it is inefficient in identifying unknown attacks. In order to overcome this inefficiency, we make use of ML. ML assists in analysing and categorizing attacks on diverse datasets. In this study, the efficacy of eight machine learning algorithms based on KDD CUP99 is assessed. Based on our implementation and analysis, amongst the eight Algorithms considered here, Support Vector Machine (SVM), Random Forest (RF) and Decision Tree (DT) have the highest testing accuracy of which got SVM does have the highest accuracy
Authored by Utkarsh Dixit, Suman Bhatia, Pramod Bhatia
With the rapid development of the Internet of Things (IoT), a large amount of data is exchanged between various communicating devices. Since the data should be communicated securely between the communicating devices, the network security is one of the dominant research areas for the 6LoWPAN IoT applications. Meanwhile, 6LoWPAN devices are vulnerable to attacks inherited from both the wireless sensor networks and the Internet protocols. Thus intrusion detection systems have become more and more critical and play a noteworthy role in improving the 6LoWPAN IoT networks. However, most intrusion detection systems focus on the attacked areas in the IoT networks instead of precisely on certain IoT nodes. This may lead more resources to further detect the compromised nodes or waste resources when detaching the whole attacked area. In this paper, we therefore proposed a new precisional detection strategy for 6LoWPAN Networks, named as PDS-6LoWPAN. In order to validate the strategy, we evaluate the performance and applicability of our solution with a thorough simulation by taking into account the detection accuracy and the detection response time.
Authored by Bacem Mbarek, Mouzhi Ge, Tomás Pitner
The most widely used protocol for routing across the 6LoWPAN stack is the Routing Protocol for Low Power and Lossy (RPL) Network. However, the RPL lacks adequate security solutions, resulting in numerous internal and external security vulnerabilities. There is still much research work left to uncover RPL's shortcomings. As a result, we first implement the worst parent selection (WPS) attack in this paper. Second, we offer an intrusion detection system (IDS) to identify the WPS attack. The WPS attack modifies the victim node's objective function, causing it to choose the worst node as its preferred parent. Consequently, the network does not achieve optimal convergence, and nodes form the loop; a lower rank node selects a higher rank node as a parent, effectively isolating many nodes from the network. In addition, we propose DWA-IDS as an IDS for detecting WPS attacks. We use the Contiki-cooja simulator for simulation purposes. According to the simulation results, the WPS attack reduces system performance by increasing packet transmission time. The DWA-IDS simulation results show that our IDS detects all malicious nodes that launch the WPS attack. The true positive rate of the proposed DWA-IDS is more than 95%, and the detection rate is 100%. We also deliberate the theoretical proof for the false-positive case as our DWA-IDS do not have any false-positive case. The overhead of DWA-IDS is modest enough to be set up with low-power and memory-constrained devices.
Authored by Usha Kiran
The Internet of Things (IoT) is a technology that has evolved to make day-to-day life faster and easier. But with the increase in the number of users, the IoT network is prone to various security and privacy issues. And most of these issues/attacks occur during the routing of the data in the IoT network. Therefore, for secure routing among resource-constrained nodes of IoT, the RPL protocol has been standardized by IETF. But the RPL protocol is also vulnerable to attacks based on resources, topology formation and traffic flow between nodes. The attacks like DoS, Blackhole, eavesdropping, flood attacks and so on cannot be efficiently defended using RPL protocol for routing data in IoT networks. So, defense mechanisms are used to protect networks from routing attacks. And are classified into Secure Routing Protocols (SRPs) and Intrusion Detection systems (IDs). This paper gives an overview of the RPL attacks and the defense mechanisms used to detect or mitigate the RPL routing attacks in IoT networks.
Authored by Akshaya Dhingra, Vikas Sindhu
Wireless ad hoc networks are characterized by dynamic topology and high node mobility. Network attacks on wireless ad hoc networks can significantly reduce performance metrics, such as the packet delivery ratio from the source to the destination node, overhead, throughput, etc. The article presents an experimental study of an intrusion detection system prototype in mobile ad hoc networks based on machine learning. The experiment is carried out in a MANET segment of 50 nodes, the detection and prevention of DDoS and cooperative blackhole attacks are investigated. The dependencies of features on the type of network traffic and the dependence of performance metrics on the speed of mobile nodes in the network are investigated. The conducted experimental studies show the effectiveness of an intrusion detection system prototype on simulated data.
Authored by Leonid Legashev, Luybov Grishina
Classifying and predicting the accuracy of intrusion detection on cybercrime by comparing machine learning methods such as Innovative Decision Tree (DT) with Support Vector Machine (SVM). By comparing the Decision Tree (N=20) and the Support Vector Machine algorithm (N=20) two classes of machine learning classifiers were used to determine the accuracy. The decision Tree (99.19%) has the highest accuracy than the SVM (98.5615%) and the independent T-test was carried out (=.507) and shows that it is statistically insignificant (p\textgreater0.05) with a confidence value of 95%. by comparing Innovative Decision Tree and Support Vector Machine. The Decision Tree is more productive than the Support Vector Machine for recognizing intruders with substantially checked, according to the significant analysis.
Authored by Marri Kumar, Prof. K.Malathi