Um die anderen Arten von Veröffentlichungen zu diesem Thema anzuzeigen, folgen Sie diesem Link: Network traffic detection.
Zeitschriftenartikel zum Thema „Network traffic detection“
Geben Sie eine Quelle nach APA, MLA, Chicago, Harvard und anderen Zitierweisen an
Machen Sie sich mit Top-50 Zeitschriftenartikel für die Forschung zum Thema "Network traffic detection" bekannt.
Neben jedem Werk im Literaturverzeichnis ist die Option "Zur Bibliographie hinzufügen" verfügbar. Nutzen Sie sie, wird Ihre bibliographische Angabe des gewählten Werkes nach der nötigen Zitierweise (APA, MLA, Harvard, Chicago, Vancouver usw.) automatisch gestaltet.
Sie können auch den vollen Text der wissenschaftlichen Publikation im PDF-Format herunterladen und eine Online-Annotation der Arbeit lesen, wenn die relevanten Parameter in den Metadaten verfügbar sind.
Sehen Sie die Zeitschriftenartikel für verschiedene Spezialgebieten durch und erstellen Sie Ihre Bibliographie auf korrekte Weise.
1
Praveena, Nutakki, Dr Ujwal A. Lanjewar, and Chilakalapudi Meher Babu. "VIABLE NETWORK INTRUSION DETECTION ON WIRELESS ADHOC NETWORKS." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 5, no. 1 (2013): 29–34. http://dx.doi.org/10.24297/ijct.v5i1.4383.
Der volle Inhalt der QuelleAnnotation:
Control architecture for resource allocation in satellite networks is proposed, along with the specification of performance indexes and control strategies. The latter, besides being based on information on traffic statistics and network status, rely upon some knowledge of the fading conditions over the satellite network channels. The resource allocation problem consists of the assignment, by a master station, of a total available bandwidth among traffic earth stations in the presence of different traffic types. Traffic stations are assumed to measure continuously their signal fade level, but this information may either be used only locally or also communicated to the master station. According to the information made available on-line to the master station on the level of the fading attenuation of the traffic stations, the assignment can be made static, based on the a priori knowledge of long-term fading statistics, or dynamic, based on the updated measurements. In any case, the decisions can be adapted to slowly time-varying traffic characteristics. At each earth station, two basic traffic types are assumed to be present, namely guaranteed bandwidth, real-time, synchronous data (stream traffic), and best effort traffic (datagram traffic). Numerical results are provided for a specific architecture in the dynamic case, in a real environment, based on the Italian satellite national coverage payload characteristics.
2
Pratomo, Baskoro A., Pete Burnap, and George Theodorakopoulos. "BLATTA: Early Exploit Detection on Network Traffic with Recurrent Neural Networks." Security and Communication Networks 2020 (August 4, 2020): 1–15. http://dx.doi.org/10.1155/2020/8826038.
Der volle Inhalt der QuelleAnnotation:
Detecting exploits is crucial since the effect of undetected ones can be devastating. Identifying their presence on the network allows us to respond and block their malicious payload before they cause damage to the system. Inspecting the payload of network traffic may offer better performance in detecting exploits as they tend to hide their presence and behave similarly to legitimate traffic. Previous works on deep packet inspection for detecting malicious traffic regularly read the full length of application layer messages. As the length varies, longer messages will take more time to analyse, during which time the attack creates a disruptive impact on the system. Hence, we propose a novel early exploit detection mechanism that scans network traffic, reading only 35.21% of application layer messages to predict malicious traffic while retaining a 97.57% detection rate and a 1.93% false positive rate. Our recurrent neural network- (RNN-) based model is the first work to our knowledge that provides early prediction of malicious application layer messages, thus detecting a potential attack earlier than other state-of-the-art approaches and enabling a form of early warning system.
3
Jiang, Ding De, Cheng Yao, Zheng Zheng Xu, Peng Zhang, Zhen Yuan, and Wen Da Qin. "An Continuous Wavelet Transform-Based Detection Approach to Traffic Anomalies." Applied Mechanics and Materials 130-134 (October 2011): 2098–102. http://dx.doi.org/10.4028/www.scientific.net/amm.130-134.2098.
Der volle Inhalt der QuelleAnnotation:
Anomalous traffic often has a significant impact on network activities and lead to the severe damage to our networks because they usually are involved with network faults and network attacks. How to detect effectively network traffic anomalies is a challenge for network operators and researchers. This paper proposes a novel method for detecting traffic anomalies in a network, based on continuous wavelet transform. Firstly, continuous wavelet transforms are performed for network traffic in several scales. We then use multi-scale analysis theory to extract traffic characteristics. And these characteristics in different scales are further analyzed and an appropriate detection threshold can be obtained. Consequently, we can make the exact anomaly detection. Simulation results show that our approach is effective and feasible.
4
Anwer, M., S. M. Khan, M. U. Farooq, and W. Waseemullah. "Attack Detection in IoT using Machine Learning." Engineering, Technology & Applied Science Research 11, no. 3 (2021): 7273–78. http://dx.doi.org/10.48084/etasr.4202.
Der volle Inhalt der QuelleAnnotation:
Many researchers have examined the risks imposed by the Internet of Things (IoT) devices on big companies and smart towns. Due to the high adoption of IoT, their character, inherent mobility, and standardization limitations, smart mechanisms, capable of automatically detecting suspicious movement on IoT devices connected to the local networks are needed. With the increase of IoT devices connected through internet, the capacity of web traffic increased. Due to this change, attack detection through common methods and old data processing techniques is now obsolete. Detection of attacks in IoT and detecting malicious traffic in the early stages is a very challenging problem due to the increase in the size of network traffic. In this paper, a framework is recommended for the detection of malicious network traffic. The framework uses three popular classification-based malicious network traffic detection methods, namely Support Vector Machine (SVM), Gradient Boosted Decision Trees (GBDT), and Random Forest (RF), with RF supervised machine learning algorithm achieving far better accuracy (85.34%). The dataset NSL KDD was used in the recommended framework and the performances in terms of training, predicting time, specificity, and accuracy were compared.
5
Fotiadou, Konstantina, Terpsichori-Helen Velivassaki, Artemis Voulkidis, Dimitrios Skias, Sofia Tsekeridou, and Theodore Zahariadis. "Network Traffic Anomaly Detection via Deep Learning." Information 12, no. 5 (2021): 215. http://dx.doi.org/10.3390/info12050215.
Der volle Inhalt der QuelleAnnotation:
Network intrusion detection is a key pillar towards the sustainability and normal operation of information systems. Complex threat patterns and malicious actors are able to cause severe damages to cyber-systems. In this work, we propose novel Deep Learning formulations for detecting threats and alerts on network logs that were acquired by pfSense, an open-source software that acts as firewall on FreeBSD operating system. pfSense integrates several powerful security services such as firewall, URL filtering, and virtual private networking among others. The main goal of this study is to analyse the logs that were acquired by a local installation of pfSense software, in order to provide a powerful and efficient solution that controls traffic flow based on patterns that are automatically learnt via the proposed, challenging DL architectures. For this purpose, we exploit the Convolutional Neural Networks (CNNs), and the Long Short Term Memory Networks (LSTMs) in order to construct robust multi-class classifiers, able to assign each new network log instance that reaches our system into its corresponding category. The performance of our scheme is evaluated by conducting several quantitative experiments, and by comparing to state-of-the-art formulations.
6
Lu, Jiazhong, Fengmao Lv, Zhongliu Zhuo, et al. "Integrating Traffics with Network Device Logs for Anomaly Detection." Security and Communication Networks 2019 (June 13, 2019): 1–10. http://dx.doi.org/10.1155/2019/5695021.
Der volle Inhalt der QuelleAnnotation:
Advanced cyberattacks are often featured by multiple types, layers, and stages, with the goal of cheating the monitors. Existing anomaly detection systems usually search logs or traffics alone for evidence of attacks but ignore further analysis about attack processes. For instance, the traffic detection methods can only detect the attack flows roughly but fail to reconstruct the attack event process and reveal the current network node status. As a result, they cannot fully model the complex multistage attack. To address these problems, we present Traffic-Log Combined Detection (TLCD), which is a multistage intrusion analysis system. Inspired by multiplatform intrusion detection techniques, we integrate traffics with network device logs through association rules. TLCD correlates log data with traffic characteristics to reflect the attack process and construct a federated detection platform. Specifically, TLCD can discover the process steps of a cyberattack attack, reflect the current network status, and reveal the behaviors of normal users. Our experimental results over different cyberattacks demonstrate that TLCD works well with high accuracy and low false positive rate.
7
Ali, Wasim Ahmed, Manasa K. N, Mohammed Aljunid, Malika Bendechache, and P. Sandhya. "Review of Current Machine Learning Approaches for Anomaly Detection in Network Traffic." Journal of Telecommunications and the Digital Economy 8, no. 4 (2020): 64–95. http://dx.doi.org/10.18080/jtde.v8n4.307.
Der volle Inhalt der QuelleAnnotation:
Due to the advance in network technologies, the number of network users is growing rapidly, which leads to the generation of large network traffic data. This large network traffic data is prone to attacks and intrusions. Therefore, the network needs to be secured and protected by detecting anomalies as well as to prevent intrusions into networks. Network security has gained attention from researchers and network laboratories. In this paper, a comprehensive survey was completed to give a broad perspective of what recently has been done in the area of anomaly detection. Newly published studies in the last five years have been investigated to explore modern techniques with future opportunities. In this regard, the related literature on anomaly detection systems in network traffic has been discussed, with a variety of typical applications such as WSNs, IoT, high-performance computing, industrial control systems (ICS), and software-defined network (SDN) environments. Finally, we underlined diverse open issues to improve the detection of anomaly systems.
8
Barrionuevo, Mercedes, Mariela Lopresti, Natalia Miranda, and Fabiana Piccoli. "Secure Computer Network: Strategies and Challengers in Big Data Era." Journal of Computer Science and Technology 18, no. 03 (2018): e28. http://dx.doi.org/10.24215/16666038.18.e28.
Der volle Inhalt der QuelleAnnotation:
As computer networks have transformed in essential tools, their security has become a crucial problem for computer systems. Detecting unusual values fromlarge volumes of information produced by network traffic has acquired huge interest in the network security area. Anomaly detection is a starting point toprevent attacks, therefore it is important for all computer systems in a network have a system of detecting anomalous events in a time near their occurrence. Detecting these events can lead network administrators to identify system failures, take preventive actions and avoid a massive damage.This work presents, first, how identify network traffic anomalies through applying parallel computing techniques and Graphical Processing Units in two algorithms, one of them a supervised classification algorithm and the other based in traffic image processing.Finally, it is proposed as a challenge to resolve the anomalies detection using an unsupervised algorithm as Deep Learning.
9
Lalitha, K. V., and V. R. Josna. "Traffic Verification for Network Anomaly Detection in Sensor Networks." Procedia Technology 24 (2016): 1400–1405. http://dx.doi.org/10.1016/j.protcy.2016.05.161.
Der volle Inhalt der Quelle
10
Meimei Ding and Hui Tian. "PCA-based network Traffic anomaly detection." Tsinghua Science and Technology 21, no. 5 (2016): 500–509. http://dx.doi.org/10.1109/tst.2016.7590319.
Der volle Inhalt der Quelle
11
Tian, Hui, Jingtian Liu, and Meimei Ding. "Promising techniques for anomaly detection on network traffic." Computer Science and Information Systems 14, no. 3 (2017): 597–609. http://dx.doi.org/10.2298/csis170201018h.
Der volle Inhalt der QuelleAnnotation:
In various networks, anomaly may happen due to network breakdown, intrusion detection, and end-to-end traffic changes. To detect these anomalies is important in diagnosis, fault report, capacity plan and so on. However, it?s challenging to detect these anomalies with high accuracy rate and time efficiency. Existing works are mainly classified into two streams, anomaly detection on link traffic and on global traffic. In this paper we discuss various anomaly detection methods on both types of traffic and compare their performance.
12
Nguyen, Hoanh. "Fast Traffic Sign Detection Approach Based on Lightweight Network and Multilayer Proposal Network." Journal of Sensors 2020 (June 19, 2020): 1–13. http://dx.doi.org/10.1155/2020/8844348.
Der volle Inhalt der QuelleAnnotation:
Vision-based traffic sign detection plays a crucial role in intelligent transportation systems. Recently, many approaches based on deep learning for traffic sign detection have been proposed and showed better performance compared with traditional approaches. However, due to difficult conditions in driving environment and the size of traffic signs in traffic scene images, the performance of deep learning-based methods on small traffic sign detection is still limited. In addition, the inference speed of current state-of-the-art approaches on traffic sign detection is still slow. This paper proposes a deep learning-based approach to improve the performance of small traffic sign detection in driving environments. First, a lightweight and efficient architecture is adopted as the base network to address the issue of the inference speed. To enhance the performance on small traffic sign detection, a deconvolution module is adopted to generate an enhanced feature map by aggregating a lower-level feature map with a higher-level feature map. Then, two improved region proposal networks are used to generate proposals from the highest-level feature map and the enhanced feature map. The proposed improved region proposal network is designed for fast and accuracy proposal generation. In the experiments, the German Traffic Sign Detection Benchmark dataset is used to evaluate the effectiveness of each enhanced module, and the Tsinghua-Tencent 100K dataset is used to compare the effectiveness of the proposed approach with other state-of-the-art approaches on traffic sign detection. Experimental results on Tsinghua-Tencent 100K dataset show that the proposed approach achieves competitive performance compared with current state-of-the-art approaches on traffic sign detection while being faster and simpler.
13
Tao, Xiaoling, Yang Peng, Feng Zhao, Peichao Zhao, and Yong Wang. "A parallel algorithm for network traffic anomaly detection based on Isolation Forest." International Journal of Distributed Sensor Networks 14, no. 11 (2018): 155014771881447. http://dx.doi.org/10.1177/1550147718814471.
Der volle Inhalt der QuelleAnnotation:
With the rapid development of large-scale complex networks and proliferation of various social network applications, the amount of network traffic data generated is increasing tremendously, and efficient anomaly detection on those massive network traffic data is crucial to many network applications, such as malware detection, load balancing, network intrusion detection. Although there are many methods around for network traffic anomaly detection, they are all designed for single machine, failing to deal with the case that the network traffic data are so large that it is prohibitive for a single computer to store and process the data. To solve these problems, we propose a parallel algorithm based on Isolation Forest and Spark for network traffic anomaly detection. We combine the advantages of Isolation Forest algorithm in network traffic anomaly detection and big data processing capability of Spark technology. Meanwhile, we apply the idea of parallelization to the process of modeling and evaluation. In the calculation process, by assigning tasks to multiple compute nodes, Isolation Forest and Spark can efficiently perform anomaly detection and evaluation process. By this way, we can also solve the problem of computation bottleneck on single machine. Extensive experiments on real world datasets show that our Isolation Forest and Spark is efficient and scales well for anomaly detection on large network traffic data.
14
Gao, Minghui, Li Ma, Heng Liu, Zhijun Zhang, Zhiyan Ning, and Jian Xu. "Malicious Network Traffic Detection Based on Deep Neural Networks and Association Analysis." Sensors 20, no. 5 (2020): 1452. http://dx.doi.org/10.3390/s20051452.
Der volle Inhalt der QuelleAnnotation:
Anomaly detection systems can accurately identify malicious network traffic, providing network security. With the development of internet technology, network attacks are becoming more and more sourced and complicated, making it difficult for traditional anomaly detection systems to effectively analyze and identify abnormal traffic. At present, deep neural network (DNN) technology achieved great results in terms of anomaly detection, and it can achieve automatic detection. However, there still exists misclassified traffic in the prediction results of deep neural networks, resulting in redundant alarm information. This paper designs a two-level anomaly detection system based on deep neural network and association analysis. We made a comprehensive evaluation of experiments using DNNs and other neural networks based on publicly available datasets. Through the experiments, we chose DNN-4 as an important part of our system, which has high precision and accuracy in identifying malicious traffic. The Apriori algorithm can mine rules between various discretized features and normal labels, which can be used to filter the classified traffic and reduce the false positive rate. Finally, we designed an intrusion detection system based on DNN-4 and association rules. We conducted experiments on the public training set NSL-KDD, which is considered as a modified dataset for the KDDCup 1999. The results show that our detection system has great precision in malicious traffic detection, and it achieves the effect of reducing the number of false alarms.
15
Abuadlla, Yousef, Goran Kvascev, Slavko Gajin, and Zoran Jovanovic. "Flow-based anomaly intrusion detection system using two neural network stages." Computer Science and Information Systems 11, no. 2 (2014): 601–22. http://dx.doi.org/10.2298/csis130415035a.
Der volle Inhalt der QuelleAnnotation:
Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability of false alarms.
16
ZHONG, SHI, TAGHI M. KHOSHGOFTAAR, and NAEEM SELIYA. "CLUSTERING-BASED NETWORK INTRUSION DETECTION." International Journal of Reliability, Quality and Safety Engineering 14, no. 02 (2007): 169–87. http://dx.doi.org/10.1142/s0218539307002568.
Der volle Inhalt der QuelleAnnotation:
Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.
17
Yeh, Tien-Wen, Huei-Yung Lin, and Chin-Chen Chang. "Traffic Light and Arrow Signal Recognition Based on a Unified Network." Applied Sciences 11, no. 17 (2021): 8066. http://dx.doi.org/10.3390/app11178066.
Der volle Inhalt der QuelleAnnotation:
We present a traffic light detection and recognition approach for traffic lights that utilizes convolutional neural networks. We also introduce a technique for identifying arrow signal lights in multiple urban traffic environments. For detection, we use map data and two different focal length cameras for traffic light detection at various distances. For recognition, we propose a new algorithm that combines object detection and classification to recognize the light state classes of traffic lights. Furthermore, we use a unified network by sharing features to decrease computation time. The results reveal that the proposed approach enables high-performance traffic light detection and recognition.
18
Hu, Qinwen, Muhammad Rizwan Asghar, and Nevil Brownlee. "Effectiveness of Intrusion Detection Systems in High-speed Networks." International Journal of Information, Communication Technology and Applications 4, no. 1 (2018): 1–10. http://dx.doi.org/10.17972/ijicta20184138.
Der volle Inhalt der QuelleAnnotation:
Network Intrusion Detection Systems (NIDSs) play a crucial role in detecting malicious activities within networks. Basically, a NIDS monitors network flows and compares them with a set of pre-defined suspicious patterns. To be effective, different intrusion detection algorithms and packet capturing methods have been implemented. With rapidly increasing network speeds, NIDSs face a challenging problem of monitoring large and diverse traffic volumes; in particular, high packet drop rates can have a significant impact on detection accuracy. In this work, we investigate three popular open-source NIDSs: Snort, Suricata, and Bro along with their comparative performance benchmarks. We investigate key factors (including system resource usage, packet processing speed and packet drop rate) that limit the applicability of NIDSs to large-scale networks. Moreover, we also analyse and compare the performance of NIDSs when configurations and traffic volumes are changed.
19
Miller, Shane, Kevin Curran, and Tom Lunney. "Detection of Virtual Private Network Traffic Using Machine Learning." International Journal of Wireless Networks and Broadband Technologies 9, no. 2 (2020): 60–80. http://dx.doi.org/10.4018/ijwnbt.2020070104.
Der volle Inhalt der QuelleAnnotation:
The detection of unauthorized users can be problematic for techniques that are available at present if the nefarious actors are using identity hiding tools such as anonymising proxies or virtual private networks (VPNs). This work presents computational models to address the limitations currently experienced in detecting VPN traffic. A model to detect usage of VPNs was developed using a multi-layered perceptron neural network that was trained using flow statistics data found in the transmission control protocol (TCP) header of captured network packets. Validation testing showed that the presented models are capable of classifying network traffic in a binary manner as direct (originating directly from a user's own device) or indirect (makes use of identity and location hiding features of VPNs) with high degrees of accuracy. The experiments conducted to classify OpenVPN usage found that the neural network was able to correctly identify the VPN traffic with an overall accuracy of 93.71%. The further work done to classify Stunnel OpenVPN usage found that the Neural Network was able to correctly identify VPN traffic with an overall accuracy of 97.82% accuracy when using 10-fold cross validation. This final experiment also provided an observation of 3 different validation techniques and the different accuracy results obtained. These results demonstrate a significant advancement in the detection of unauthorised user access with evidence showing that there could be further advances for research in this field particularly in the application of business security where the detection of VPN usage is important to an organization.
20
Li, Ming, Dezhi Han, Xinming Yin, Han Liu, and Dun Li. "Design and Implementation of an Anomaly Network Traffic Detection Model Integrating Temporal and Spatial Features." Security and Communication Networks 2021 (August 21, 2021): 1–15. http://dx.doi.org/10.1155/2021/7045823.
Der volle Inhalt der QuelleAnnotation:
With the rapid development and widespread application of cloud computing, cloud computing open networks and service sharing scenarios have become more complex and changeable, causing security challenges to become more severe. As an effective means of network protection, anomaly network traffic detection can detect various known attacks. However, there are also some shortcomings. Deep learning brings a new opportunity for the further development of anomaly network traffic detection. So far, the existing deep learning models cannot fully learn the temporal and spatial features of network traffic and their classification accuracy needs to be improved. To fill this gap, this paper proposes an anomaly network traffic detection model integrating temporal and spatial features (ITSN) using a three-layer parallel network structure. ITSN learns the temporal and spatial features of the traffic and fully fuses these two features through feature fusion technology to improve the accuracy of network traffic classification. On this basis, an improved method of raw traffic feature extraction is proposed, which can reduce redundant features, speed up the convergence of the network, and ease the imbalance of the datasets. The experimental results on the ISCX-IDS 2012 and CICIDS 2017 datasets show that the ITSN can improve the accuracy of anomaly network traffic detection while enhancing the robustness of the detection system and has a higher recognition rate for positive samples.
21
Do, ChoXuan, Nguyen Quang Dam, and Nguyen Tung Lam. "Optimization of network traffic anomaly detection using machine learning." International Journal of Electrical and Computer Engineering (IJECE) 11, no. 3 (2021): 2360. http://dx.doi.org/10.11591/ijece.v11i3.pp2360-2370.
Der volle Inhalt der QuelleAnnotation:
In this paper, to optimize the process of detecting cyber-attacks, we choose to propose 2 main optimization solutions: Optimizing the detection method and optimizing features. Both of these two optimization solutions are to ensure the aim is to increase accuracy and reduce the time for analysis and detection. Accordingly, for the detection method, we recommend using the Random Forest supervised classification algorithm. The experimental results in section 4.1 have proven that our proposal that use the Random Forest algorithm for abnormal behavior detection is completely correct because the results of this algorithm are much better than some other detection algorithms on all measures. For the feature optimization solution, we propose to use some data dimensional reduction techniques such as information gain, principal component analysis, and correlation coefficient method. The results of the research proposed in our paper have proven that to optimize the cyber-attack detection process, it is not necessary to use advanced algorithms with complex and cumbersome computational requirements, it must depend on the monitoring data for selecting the reasonable feature extraction and optimization algorithm as well as the appropriate attack classification and detection algorithms.
22
Safar, Noor Zuraidin Mohd, Noryusliza Abdullah, Hazalila Kamaludin, Suhaimi Abd Ishak, and Mohd Rizal Mohd Isa. "Characterising and detection of botnet in P2P network for UDP protocol." Indonesian Journal of Electrical Engineering and Computer Science 18, no. 3 (2020): 1584. http://dx.doi.org/10.11591/ijeecs.v18.i3.pp1584-1595.
Der volle Inhalt der QuelleAnnotation:
<span>Developments in computer networking have raised concerns of the associated Botnets threat to the Internet security. Botnet is an inter-connected computers or nodes that infected with malicious software and being controlled as a group without any permission of the computer’s owner. <br /> This paper explores how network traffic characterising can be used for identification of botnet at local networks. To analyse the characteristic, behaviour or pattern of the botnet in the network traffic, a proper network analysing tools is needed. Several network analysis tools available today are used for the analysis process of the network traffic. In the analysis phase, <br /> the botnet detection strategy based on the signature and DNS anomaly approach are selected to identify the behaviour and the characteristic of the botnet. In anomaly approach most of the behavioural and characteristic identification of the botnet is done by comparing between the normal and anomalous traffic. The main focus of the network analysis is studied on UDP protocol network traffic. Based on the analysis of the network traffic, <br /> the following anomalies are identified, anomalous DNS packet request, <br /> the NetBIOS attack, anomalous DNS MX query, DNS amplification attack and UDP flood attack. This study, identify significant Botnet characteristic in local network traffic for UDP network as additional approach for Botnet detection mechanism.</span>
23
Naseer, Sheraz, Rao Faizan Ali, P. D. D. Dominic, and Yasir Saleem. "Learning Representations of Network Traffic Using Deep Neural Networks for Network Anomaly Detection: A Perspective towards Oil and Gas IT Infrastructures." Symmetry 12, no. 11 (2020): 1882. http://dx.doi.org/10.3390/sym12111882.
Der volle Inhalt der QuelleAnnotation:
Oil and Gas organizations are dependent on their IT infrastructure, which is a small part of their industrial automation infrastructure, to function effectively. The oil and gas (O&G) organizations industrial automation infrastructure landscape is complex. To perform focused and effective studies, Industrial systems infrastructure is divided into functional levels by The Instrumentation, Systems and Automation Society (ISA) Standard ANSI/ISA-95:2005. This research focuses on the ISA-95:2005 level-4 IT infrastructure to address network anomaly detection problem for ensuring the security and reliability of Oil and Gas resource planning, process planning and operations management. Anomaly detectors try to recognize patterns of anomalous behaviors from network traffic and their performance is heavily dependent on extraction time and quality of network traffic features or representations used to train the detector. Creating efficient representations from large volumes of network traffic to develop anomaly detection models is a time and resource intensive task. In this study we propose, implement and evaluate use of Deep learning to learn effective Network data representations from raw network traffic to develop data driven anomaly detection systems. Proposed methodology provides an automated and cost effective replacement of feature extraction which is otherwise a time and resource intensive task for developing data driven anomaly detectors. The ISCX-2012 dataset is used to represent ISA-95 level-4 network traffic because the O&G network traffic at this level is not much different than normal internet traffic. We trained four representation learning models using popular deep neural network architectures to extract deep representations from ISCX 2012 traffic flows. A total of sixty anomaly detectors were trained by authors using twelve conventional Machine Learning algorithms to compare the performance of aforementioned deep representations with that of a human-engineered handcrafted network data representation. The comparisons were performed using well known model evaluation parameters. Results showed that deep representations are a promising feature in engineering replacement to develop anomaly detection models for IT infrastructure security. In our future research, we intend to investigate the effectiveness of deep representations, extracted using ISA-95:2005 Level 2-3 traffic comprising of SCADA systems, for anomaly detection in critical O&G systems.
24
Zhu, Xia, Weidong Song, and Lin Gao. "Regional Patch Detection of Road Traffic Network." Journal of Sensors 2020 (June 2, 2020): 1–6. http://dx.doi.org/10.1155/2020/6836091.
Der volle Inhalt der QuelleAnnotation:
Road traffic network (RTN) structure plays an important role in the field of complex network analysis. In this paper, we propose a regional patch detection method from RTN via community detection of complex network. Firstly, the refined Adapted PageRank algorithm, which combines with the influence factors of the location property weight, the geographic distance weight and the road level weight, is used to calculate the candidate ranking results of key nodes in the RTN. Secondly, the ranking result and the shortest path distance as two significant impact factors are used to select the key points of the RTN, and then the Adapted K-Means algorithm is applied to regional patch detection of the RTN. Finally, based on the experimental data of Zhangwu road traffic network, the analysis results are as follows: Zhangwu is divided into 9 functional structures with key node locations as the core. Regional patch structure is divided according to key points, and the RTN is actually divided into nine small functional communities. Nine functional regional patches constitute a new network structure, maintaining connectivity between the regional patches can improve the overall efficiency of the RTN.
25
Poonkavithai, K., and A. Keerthika. "Unreliable Road Network Traffic Detection and Prevention." International Journal of u- and e-Service, Science and Technology 8, no. 5 (2015): 13–22. http://dx.doi.org/10.14257/ijunesst.2015.8.5.02.
Der volle Inhalt der Quelle
26
Thomas, Ciza. "Improving intrusion detection for imbalanced network traffic." Security and Communication Networks 6, no. 3 (2012): 309–24. http://dx.doi.org/10.1002/sec.564.
Der volle Inhalt der Quelle
27
Parres-Peredo, Alvaro, Ivan Piza-Davila, and Francisco Cervantes. "Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity." Applied Sciences 9, no. 20 (2019): 4381. http://dx.doi.org/10.3390/app9204381.
Der volle Inhalt der QuelleAnnotation:
Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user’s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.
28
Rajaboevich, Gulomov Sherzod, and Ganiev Abdukhalil Abdujalilovich. "Methods and models of protecting computer networks from un-wanted network traffic." International Journal of Engineering & Technology 7, no. 4 (2018): 2541. http://dx.doi.org/10.14419/ijet.v7i4.14744.
Der volle Inhalt der QuelleAnnotation:
In this article a method of measure network traffic to collect data about the header of packets and to analyze the traffic dump in computer networks are offered. A method for detecting anomalies and a formal model for protecting information from DDoS attacks, which make it possible to simplify the development of filter rule sets and improve the efficiency of computer networks, taking into account, the interaction of detection modules and the use of formal set-theoretic constructions are proposed.
29
Nie, Laisen, Dingde Jiang, and Zhihan Lv. "Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks." Annals of Telecommunications 72, no. 5-6 (2016): 297–305. http://dx.doi.org/10.1007/s12243-016-0546-3.
Der volle Inhalt der Quelle
30
Algelal, Zahraa M., Eman Abdulaziz Ghani Aldhaher, Dalia N. Abdul-Wadood, and Radhwan Hussein Abdulzhraa Al-Sagheer. "Botnet detection using ensemble classifiers of network flow." International Journal of Electrical and Computer Engineering (IJECE) 10, no. 3 (2020): 2543. http://dx.doi.org/10.11591/ijece.v10i3.pp2543-2550.
Der volle Inhalt der QuelleAnnotation:
Recently, Botnets have become a common tool for implementing and transferring various malicious codes over the Internet. These codes can be used to execute many malicious activities including DDOS attack, send spam, click fraud, and steal data. Therefore, it is necessary to use Modern technologies to reduce this phenomenon and avoid them in advance in order to differentiate the Botnets traffic from normal network traffic. In this work, ensemble classifier algorithms to identify such damaging botnet traffic. We experimented with different ensemble algorithms to compare and analyze their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Botnet Detection offers a reliable and cheap style for ensuring transferring integrity and warning the risks before its occurrence.
31
Demertzis, Konstantinos, Konstantinos Tsiknas, Dimitrios Takezis, Charalabos Skianis, and Lazaros Iliadis. "Darknet Traffic Big-Data Analysis and Network Management for Real-Time Automating of the Malicious Intent Detection Process by a Weight Agnostic Neural Networks Framework." Electronics 10, no. 7 (2021): 781. http://dx.doi.org/10.3390/electronics10070781.
Der volle Inhalt der QuelleAnnotation:
Attackers are perpetually modifying their tactics to avoid detection and frequently leverage legitimate credentials with trusted tools already deployed in a network environment, making it difficult for organizations to proactively identify critical security risks. Network traffic analysis products have emerged in response to attackers’ relentless innovation, offering organizations a realistic path forward for combatting creative attackers. Additionally, thanks to the widespread adoption of cloud computing, Device Operators (DevOps) processes, and the Internet of Things (IoT), maintaining effective network visibility has become a highly complex and overwhelming process. What makes network traffic analysis technology particularly meaningful is its ability to combine its core capabilities to deliver malicious intent detection. In this paper, we propose a novel darknet traffic analysis and network management framework to real-time automating the malicious intent detection process, using a weight agnostic neural networks architecture. It is an effective and accurate computational intelligent forensics tool for network traffic analysis, the demystification of malware traffic, and encrypted traffic identification in real time. Based on a weight agnostic neural networks (WANNs) methodology, we propose an automated searching neural net architecture strategy that can perform various tasks such as identifying zero-day attacks. By automating the malicious intent detection process from the darknet, the advanced proposed solution is reducing the skills and effort barrier that prevents many organizations from effectively protecting their most critical assets.
32
Kim, Hyun-Koo, Kook-Yeol Yoo, Ju H. Park, and Ho-Youl Jung. "Traffic Light Recognition Based on Binary Semantic Segmentation Network." Sensors 19, no. 7 (2019): 1700. http://dx.doi.org/10.3390/s19071700.
Der volle Inhalt der QuelleAnnotation:
A traffic light recognition system is a very important building block in an advanced driving assistance system and an autonomous vehicle system. In this paper, we propose a two-staged deep-learning-based traffic light recognition method that consists of a pixel-wise semantic segmentation technique and a novel fully convolutional network. For candidate detection, we employ a binary-semantic segmentation network that is suitable for detecting small objects such as traffic lights. Connected components labeling with an eight-connected neighborhood is applied to obtain bounding boxes of candidate regions, instead of the computationally demanding region proposal and regression processes of conventional methods. A fully convolutional network including a convolution layer with three filters of (1 × 1) at the beginning is designed and implemented for traffic light classification, as traffic lights have only a set number of colors. The simulation results show that the proposed traffic light recognition method outperforms the conventional two-staged object detection method in terms of recognition performance, and remarkably reduces the computational complexity and hardware requirements. This framework can be a useful network design guideline for the detection and recognition of small objects, including traffic lights.
33
Patel, Darsh, Kathiravan Srinivasan, Chuan-Yu Chang, Takshi Gupta, and Aman Kataria. "Network Anomaly Detection inside Consumer Networks—A Hybrid Approach." Electronics 9, no. 6 (2020): 923. http://dx.doi.org/10.3390/electronics9060923.
Der volle Inhalt der QuelleAnnotation:
With an increasing number of Internet of Things (IoT) devices in the digital world, the attack surface for consumer networks has been increasing exponentially. Most of the compromised devices are used as zombies for attacks such as Distributed Denial of Services (DDoS). Consumer networks, unlike most commercial networks, lack the infrastructure such as managed switches and firewalls to easily monitor and block undesired network traffic. To counter such a problem with limited resources, this article proposes a hybrid anomaly detection approach that detects irregularities in the network traffic implicating compromised devices by using only elementary network information like Packet Size, Source, and Destination Ports, Time between subsequent packets, Transmission Control Protocol (TCP) Flags, etc. Essential features can be extracted from the available data, which can further be used to detect zero-day attacks. The paper also provides the taxonomy of various approaches to classify anomalies and description on capturing network packets inside consumer networks.
34
Dymora, Paweł, Miroslaw Mazurek, and Sławomir Jaskółka. "VoIP Anomaly Detection - selected methods of statistical analysis." Annales Universitatis Mariae Curie-Sklodowska, sectio AI – Informatica 16, no. 2 (2017): 14. http://dx.doi.org/10.17951/ai.2016.16.2.14.
Der volle Inhalt der QuelleAnnotation:
<p>Self-similarity analysis and anomaly detection in networks are interesting fields of research and scientific work of scientists around the world. Simulation studies have demonstrated that the Hurst parameter estimation can be used to detect traffic anomaly. The actual network traffic is self-similar or long-range dependent. The dramatic expansion of applications on modern networks gives rise to a fundamental challenge to network security. The Hurst values are compared with confidence intervals of normal values to detect anomaly in VoIP.</p>
35
Qu, Yanyu, Fangling Pu, Jianguo Yin, Lingzi Liu, and Xin Xu. "Dynamic Traffic Detection and Modeling for Beidou Satellite Networks." Journal of Sensors 2020 (January 22, 2020): 1–11. http://dx.doi.org/10.1155/2020/4575721.
Der volle Inhalt der QuelleAnnotation:
Beidou navigation system (BDS) has been developed as an integrated system. The third BDS, BSD-3, will be capable of providing not only global positioning and navigation but also data communication. When the volume of data transmitted through BDS-3 continues to increase, BDS-3 will encounter network traffic congestion, unbalanced resource usage, or security attacks as terrestrial networks. The network traffic monitoring is essential for automatic management and safety assurance of BDS-3. A dynamic traffic detection method including traffic prediction by Long Short-Term Memory (LSTM) and a dynamically adjusting polling strategy is proposed to unevenly sample the traffic of each link. A distributed traffic detection architecture is designed for collection of the detected traffic and its related temporal and spatial information with low delay. A time-varying graph (TVG) model is introduced to represent the dynamic topology, the time-varying link, and its traffic. The BDS-3 network is simulated by STK. The WIDE dataset is used to simulate the traffic between the satellite and ground station. Simulation results show that the dynamic traffic detection method can follow the variation of the traffic of each link with uneven sampling. The detected traffic can be transmitted to the ground station in near real time through the distributed traffic detection architecture. The traffic and its related information are stored by using Neo4j in terms of the TVG model. The nodes, edges, and traffic of BDS-3 can be quickly queried through Neo4j. The presented dynamic traffic detection and representation schemes will support BDS-3 to establish automatic management and security system and develop business.
36
Lu, Liang Fu, Zheng-Hai Huang, Mohammed A. Ambusaidi, and Kui-Xiang Gou. "A Large-Scale Network Data Analysis via Sparse and Low Rank Reconstruction." Discrete Dynamics in Nature and Society 2014 (2014): 1–10. http://dx.doi.org/10.1155/2014/323764.
Der volle Inhalt der QuelleAnnotation:
With the rapid growth of data communications in size and complexity, the threat of malicious activities and computer crimes has increased accordingly as well. Thus, investigating efficient data processing techniques for network operation and management over large-scale network traffic is highly required. Some mathematical approaches on flow-level traffic data have been proposed due to the importance of analyzing the structure and situation of the network. Different from the state-of-the-art studies, we first propose a new decomposition model based on accelerated proximal gradient method for packet-level traffic data. In addition, we present the iterative scheme of the algorithm for network anomaly detection problem, which is termed as NAD-APG. Based on the approach, we carry out the intrusion detection for packet-level network traffic data no matter whether it is polluted by noise or not. Finally, we design a prototype system for network anomalies detection such as Probe and R2L attacks. The experiments have shown that our approach is effective in revealing the patterns of network traffic data and detecting attacks from large-scale network traffic. Moreover, the experiments have demonstrated the robustness of the algorithm as well even when the network traffic is polluted by the large volume anomalies and noise.
37
Oujezsky, Vaclav, Tomas Horvath, and Vladislav Skorpil. "Botnet C&C Traffic and Flow Lifespans Using Survival Analysis." International Journal of Advances in Telecommunications, Electrotechnics, Signals and Systems 6, no. 1 (2017): 38. http://dx.doi.org/10.11601/ijates.v6i1.205.
Der volle Inhalt der QuelleAnnotation:
This paper addresses the issue of detecting unwanted traffic in data networks, namely the detection of botnet networks. In this paper, we focused on a time behavioral analysis, more specifically said – lifespans of a simulated botnet network traffic, collected and discovered from NetFlow messages, and also of real botnet communication of a malware.As a method we chose survival analysis and for rigorous testing of differences Mantel–Cox test. Lifespans of those referred traffics are discovered and calculated by lifelines using Python language.Based on our research we have figured out a possibility to distinguish the individual lifespans of C&C communications that are identical to each other by using survival projection curves, although it occurred in a different time course.
38
Wei, Songjie, Zedong Zhang, Shasha Li, and Pengfei Jiang. "Calibrating Network Traffic with One-Dimensional Convolutional Neural Network with Autoencoder and Independent Recurrent Neural Network for Mobile Malware Detection." Security and Communication Networks 2021 (February 26, 2021): 1–10. http://dx.doi.org/10.1155/2021/6695858.
Der volle Inhalt der QuelleAnnotation:
In response to the surging challenge in the number and types of mobile malware targeting smart devices and their sophistication in malicious behavior camouflage, we propose to compose a traffic behavior modeling method based on one-dimensional convolutional neural network with autoencoder and independent recurrent neural network (1DCAE-IndRNN) for mobile malware detection. The design solves the problem that most existing approaches for mobile malware traffic detection struggle with capturing the network traffic dynamics and the sequential characteristics of anomalies in the traffic. We reconstruct and apply the one-dimensional convolutional neural network to extract local features from multiple network flows. The autoencoder is applied to digest the principal traffic features from the neural network and is integrated into the independent recurrent neural network construction to highlight the sequential relationship between the highly significant features. In addition, the Softmax function with the LReLU activation function is adjusted and embedded to the neurons of the independent recurrent neural network to effectively alleviate the problem of unstable training. We conduct a series of experiments to evaluate the effectiveness of the proposed method and its performance for the 1DCAE-IndRNN-integrated detection procedure. The detection results of the public Android malware dataset CICAndMal2017 show that the proposed method achieves up to 98% detection accuracy and recall rates with clear advantages over other benchmark methods.
39
Mažeika, Dalius, and Saulius Jasonis. "NETWORK TRAFFIC ANOMALIES DETECTING USING MAXIMUM ENTROPY METHOD / KOMPIUTERIŲ TINKLO SRAUTO ANOMALIJŲ ATPAŽINIMAS MAKSIMALIOS ENTROPIJOS METODU." Mokslas – Lietuvos ateitis 6, no. 2 (2014): 162–67. http://dx.doi.org/10.3846/mla.2014.22.
Der volle Inhalt der QuelleAnnotation:
The problem of traffic anomalies in computer networks is analyzed. NetFlow packets are used as network traffic data and maximum entropy methods is used for anomalies detection. Method detects network anomalies by comparing the current network traffic against a baseline distribution. Method is adopted according to NetFow data and performace of the method is improved. Prototype of anomalies detection system was developed and experimental investigation carried out. Results of investigation confirmed that method is sensitive to deviations of the network traffic and can be successfully used for network traffic anomalies detection. Straipsnyje nagrinėjama kompiuterių tinklo srauto anomalijų atpažinimo problema. Kompiuterių tinklo srautui stebėti pasirenkama NetFlow technologija, o anomalijos aptinkamos maksimalios entropijos metodu. Metodas pritaikytas NetFlow pateikiamiems duomenims apdoroti. Sukurta programinė priemonė ir atliktas eksperimentinis metodo tinkamumo tyrimas analizuojant „Cisco“ maršrutizatoriaus srauto duomenis. Metodas patobulintas siekiant pagreitinti skaičiavimus, tačiau neprarandant tikslumo. Nustatyta, kad metodas yra jautrus įvairaus tipo tinklo srauto nuokrypiams ir gali būti sėkmingai taikomas tinklo srauto anomalijoms aptikti.
40
Du, Chunlai, Shenghui Liu, Lei Si, Yanhui Guo, and Tong Jin. "Using Object Detection Network for Malware Detection and Identification in Network Traffic Packets." Computers, Materials & Continua 64, no. 3 (2020): 1785–96. http://dx.doi.org/10.32604/cmc.2020.010091.
Der volle Inhalt der Quelle
41
Lin, Tu-Liang, and Hong-Yi Chang. "Black Hole Traffic Anomaly Detections in Wireless Sensor Network." International Journal of Grid and High Performance Computing 7, no. 1 (2015): 42–51. http://dx.doi.org/10.4018/ijghpc.2015010104.
Der volle Inhalt der QuelleAnnotation:
With the flourish of Internet of Things, the security issues in wireless sensor network (WSN), especially traffic anomaly detections, have attracted researchers' attentions. As a distributed wireless network, WSN is vulnerable to many attacks. In this research, the authors investigate the traffic anomaly detections of a well-known attack, black hole attack, in WSNs. With limited computation capacity, sensor nodes are unable to perform sophisticated detection techniques. Therefore, the authors propose a profile based monitoring approach with a restricted feature set to supervise the network traffic. The proposed profile based monitoring approach contains two components, feature selection and anomaly detection. In order to complement the limited computing capacity of a sensor node, feature selection component will extract features with high contribution or high relevance for future monitoring. The anomaly detection component monitors the selected features and alarms the administrator when an anomaly is detected. Two types of combination are proposed, graphic and non-graphic based models. The graphic based approach seems to surpass the non-graphic based approach, but the graphic based approach takes much longer time to select the important features than non-graphic based approach.
42
Zain ul Abideen, Muhammad, Shahzad Saleem, and Madiha Ejaz. "VPN Traffic Detection in SSL-Protected Channel." Security and Communication Networks 2019 (October 29, 2019): 1–17. http://dx.doi.org/10.1155/2019/7924690.
Der volle Inhalt der QuelleAnnotation:
In recent times, secure communication protocols over web such as HTTPS (Hypertext Transfer Protocol Secure) are being widely used instead of plain web communication protocols like HTTP (Hypertext Transfer Protocol). HTTPS provides end-to-end encryption between the user and service. Nowadays, organizations use network firewalls and/or intrusion detection and prevention systems (IDPS) to analyze the network traffic to detect and protect against attacks and vulnerabilities. Depending on the size of organization, these devices may differ in their capabilities. Simple network intrusion detection system (NIDS) and firewalls generally have no feature to inspect HTTPS or encrypted traffic, so they rely on unencrypted traffic to manage the encrypted payload of the network. Recent and powerful next-generation firewalls have Secure Sockets Layer (SSL) inspection feature which are expensive and may not be suitable for every organizations. A virtual private network (VPN) is a service which hides real traffic by creating SSL-protected channel between the user and server. Every Internet activity is then performed under the established SSL tunnel. The user inside the network with malicious intent or to hide his activity from the network security administration of the organization may use VPN services. Any VPN service may be used by users to bypass the filters or signatures applied on network security devices. These services may be the source of new virus or worm injected inside the network or a gateway to facilitate information leakage. In this paper, we have proposed a novel approach to detect VPN activity inside the network. The proposed system analyzes the communication between user and the server to analyze and extract features from network, transport, and application layer which are not encrypted and classify the incoming traffic as malicious, i.e., VPN traffic or standard traffic. Network traffic is analyzed and classified using DNS (Domain Name System) packets and HTTPS- (Hypertext Transfer Protocol Secure-) based traffic. Once traffic is classified, the connection based on the server’s IP, TCP port connected, domain name, and server name inside the HTTPS connection is analyzed. This helps in verifying legitimate connection and flags the VPN-based traffic. We worked on top five freely available VPN services and analyzed their traffic patterns; the results show successful detection of the VPN activity performed by the user. We analyzed the activity of five users, using some sort of VPN service in their Internet activity, inside the network. Out of total 729 connections made by different users, 329 connections were classified as legitimate activity, marking 400 remaining connections as VPN-based connections. The proposed system is lightweight enough to keep minimal overhead, both in network and resource utilization and requires no specialized hardware.
43
Fadlil, Abdul, Imam Riadi, and Sukma Aji. "Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics." Bulletin of Electrical Engineering and Informatics 6, no. 2 (2017): 140–48. http://dx.doi.org/10.11591/eei.v6i2.605.
Der volle Inhalt der QuelleAnnotation:
Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.
44
Bai, Huiwen, Guangjie Liu, Weiwei Liu, Yingxue Quan, and Shuhua Huang. "N-Gram, Semantic-Based Neural Network for Mobile Malware Network Traffic Detection." Security and Communication Networks 2021 (April 23, 2021): 1–17. http://dx.doi.org/10.1155/2021/5599556.
Der volle Inhalt der QuelleAnnotation:
Mobile malware poses a great challenge to mobile devices and mobile communication. With the explosive growth of mobile networks, it is significant to detect mobile malware for mobile security. Since most mobile malware relies on the networks to coordinate operations, steal information, or launch attacks, evading network monitor is difficult for the mobile malware. In this paper, we present an N-gram, semantic-based neural modeling method to detect the network traffic generated by the mobile malware. In the proposed scheme, we segment the network traffic into flows and extract the application layer payload from each packet. Then, the generated flow payload data are converted into the text form as the input of the proposed model. Each flow text consists of several domains with 20 words. The proposed scheme models the domain representation using convolutional neural network with multiwidth kernels from each domain. Afterward, relationships of domains are adaptively encoded in flow representation using gated recurrent network and then the classification result is obtained from an attention layer. A series of experiments have been conducted to verify the effectiveness of our proposed scheme. In addition, to compare with the state-of-the-art methods, several comparative experiments also are conducted. The experiment results depict that our proposed scheme is better in terms of accuracy.
45
Saganowski, Łukasz, and Tomasz Andrysiak. "Snort IDS Hybrid ADS Preprocessor." Image Processing & Communications 17, no. 4 (2012): 17–22. http://dx.doi.org/10.2478/v10248-012-0024-0.
Der volle Inhalt der QuelleAnnotation:
Abstract The paper presents hybrid anomaly detection preprocessor for SNORT IDS - Intrusion Detection System [1] base on statistical test and DWT - Discrete Wavelet Transform coefficient analysis. Preprocessor increases functionality of SNORT IDS system and has complementary properties. Possibility of detection network anomalies is increased by using two different algorithms. SNORT captures network traffic features which are used by ADS (Anomaly Detection System) preprocessor for detecting anomalies. Chi-square statistical test and DWT subband coefficients energy values are used for calculating of normal network traffic profiles. We evaluated proposed SNORT extension with the use of test network.
46
Jiang, Jun, and Symeon Papavassiliou. "Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies." Computer Communications 29, no. 10 (2006): 1627–38. http://dx.doi.org/10.1016/j.comcom.2005.07.030.
Der volle Inhalt der Quelle
47
Clausen, Henry, Gudmund Grov, and David Aspinall. "CBAM: A Contextual Model for Network Anomaly Detection." Computers 10, no. 6 (2021): 79. http://dx.doi.org/10.3390/computers10060079.
Der volle Inhalt der QuelleAnnotation:
Anomaly-based intrusion detection methods aim to combat the increasing rate of zero-day attacks, however, their success is currently restricted to the detection of high-volume attacks using aggregated traffic features. Recent evaluations show that the current anomaly-based network intrusion detection methods fail to reliably detect remote access attacks. These are smaller in volume and often only stand out when compared to their surroundings. Currently, anomaly methods try to detect access attack events mainly as point anomalies and neglect the context they appear in. We present and examine a contextual bidirectional anomaly model (CBAM) based on deep LSTM-networks that is specifically designed to detect such attacks as contextual network anomalies. The model efficiently learns short-term sequential patterns in network flows as conditional event probabilities. Access attacks frequently break these patterns when exploiting vulnerabilities, and can thus be detected as contextual anomalies. We evaluated CBAM on an assembly of three datasets that provide both representative network access attacks, real-life traffic over a long timespan, and traffic from a real-world red-team attack. We contend that this assembly is closer to a potential deployment environment than current NIDS benchmark datasets. We show that, by building a deep model, we are able to reduce the false positive rate to 0.16% while effectively detecting six out of seven access attacks, which is significantly lower than the operational range of other methods. We further demonstrate that short-term flow structures remain stable over long periods of time, making the CBAM robust against concept drift.
48
Dymora, Paweł, and Mirosław Mazurek. "Anomaly Detection in IoT Communication Network Based on Spectral Analysis and Hurst Exponent." Applied Sciences 9, no. 24 (2019): 5319. http://dx.doi.org/10.3390/app9245319.
Der volle Inhalt der QuelleAnnotation:
Internet traffic monitoring is a crucial task for the security and reliability of communication networks and Internet of Things (IoT) infrastructure. This description of the traffic statistics is used to detect traffic anomalies. Nowadays, intruders and cybercriminals use different techniques to bypass existing intrusion detection systems based on signature detection and anomalies. In order to more effectively detect new attacks, a model of anomaly detection using the Hurst exponent vector and the multifractal spectrum is proposed. It is shown that a multifractal analysis shows a sensitivity to any deviation of network traffic properties resulting from anomalies. Proposed traffic analysis methods can be ideal for protecting critical data and maintaining the continuity of internet services, including the IoT.
49
Wu, Weiwei, Haoyu Zhang, Shengrun Zhang, and Frank Witlox. "Community Detection in Airline Networks: An Empirical Analysis of American vs. Southwest Airlines." Journal of Advanced Transportation 2019 (December 31, 2019): 1–11. http://dx.doi.org/10.1155/2019/3032015.
Der volle Inhalt der QuelleAnnotation:
In this paper, we develop a route-traffic-based method for detecting community structures in airline networks. Our model is both an application and an extension of the Clauset-Newman-Moore (CNM) modularity maximization algorithm, in that we apply the CNM algorithm to large airline networks, and take both route distance and passenger volumes into account. Therefore, the relationships between airports are defined not only based on the topological structure of the network but also by a traffic-driven indicator. To illustrate our model, two case studies are presented: American Airlines and Southwest Airlines. Results show that the model is effective in exploring the characteristics of the network connections, including the detection of the most influential nodes and communities on the formation of different network structures. This information is important from an airline operation pattern perspective to identify the vulnerability of networks.
50
Damasevicius, Robertas, Algimantas Venckauskas, Sarunas Grigaliunas, et al. "LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection." Electronics 9, no. 5 (2020): 800. http://dx.doi.org/10.3390/electronics9050800.
Der volle Inhalt der QuelleAnnotation:
Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent efforts, there is still a lack of real-world network-based datasets which can capture modern network traffic cases and provide examples of many different types of network attacks and intrusions. To alleviate this need, we present LITNET-2020, a new annotated network benchmark dataset obtained from the real-world academic network. The dataset presents real-world examples of normal and under-attack network traffic. We describe and analyze 85 network flow features of the dataset and 12 attack types. We present the analysis of the dataset features by using statistical analysis and clustering methods. Our results show that the proposed feature set can be effectively used to identify different attack classes in the dataset. The presented network dataset is made freely available for research purposes.