To see the other types of publications on this topic, follow the link: Attack Detection Automation.
Journal articles on the topic 'Attack Detection Automation'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Attack Detection Automation.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Wressnegger, Christian. "Efficient machine learning for attack detection." it - Information Technology 62, no. 5-6 (December 16, 2020): 279–86. http://dx.doi.org/10.1515/itit-2020-0015.
Full textAbstract:
AbstractDetecting and fending off attacks on computer systems is an enduring problem in computer security. In light of a plethora of different threats and the growing automation used by attackers, we are in urgent need of more advanced methods for attack detection. Manually crafting detection rules is by no means feasible at scale, and automatically generated signatures often lack context, such that they fall short in detecting slight variations of known threats.In the thesis “Efficient Machine Learning for Attack Detection” [35], we address the necessity of advanced attack detection. For the effective application of machine learning in this domain, a periodic retraining over time is crucial. We show that with the right data representation, efficient algorithms for mining substring statistics, and implementations based on probabilistic data structures, training the underlying model for establishing an higher degree of automation for defenses can be achieved in linear time.
2
Beshah, Yonas Kibret, Surafel Lemma Abebe, and Henock Mulugeta Melaku. "Drift Adaptive Online DDoS Attack Detection Framework for IoT System." Electronics 13, no. 6 (March 7, 2024): 1004. http://dx.doi.org/10.3390/electronics13061004.
Full textAbstract:
Internet of Things (IoT) security is becoming important with the growing popularity of IoT devices and their wide applications. Recent network security reports revealed a sharp increase in the type, frequency, sophistication, and impact of distributed denial of service (DDoS) attacks on IoT systems, making DDoS one of the most challenging threats. DDoS is used to commit actual, effective, and profitable cybercrimes. The current machine learning-based IoT DDoS attack detection systems use batch learning techniques, and hence are unable to maintain their performance over time in a dynamic environment. The dynamicity of heterogeneous IoT data causes concept drift issues that result in performance degradation and automation difficulties in detecting DDoS. In this study, we propose an adaptive online DDoS attack detection framework that detects and adapts to concept drifts in streaming data using a number of features often used in DDoS attack detection. This paper also proposes a novel accuracy update weighted probability averaging ensemble (AUWPAE) approach to detect concept drift and optimize zero-day DDoS detection. We evaluated the proposed framework using IoTID20 and CICIoT2023 dataset containing benign and DDoS traffic data. The results show that the proposed adaptive online DDoS attack detection framework is able to detect DDoS attacks with an accuracy of 99.54% and 99.33% for the respective datasets.
3
Okello, Fredrick Ochieng, Dennis Kaburu, and Ndia G. John. "Automation-Based User Input Sql Injection Detection and Prevention Framework." Computer and Information Science 16, no. 2 (May 2, 2023): 51. http://dx.doi.org/10.5539/cis.v16n2p51.
Full textAbstract:
Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since it is linked to a proxy database, which has a normal and abnormal code vector profiles that helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.
4
Housh, Mashor, Noy Kadosh, and Jack Haddad. "Detecting and Localizing Cyber-Physical Attacks in Water Distribution Systems without Records of Labeled Attacks." Sensors 22, no. 16 (August 12, 2022): 6035. http://dx.doi.org/10.3390/s22166035.
Full textAbstract:
Modern water distribution systems (WDSs) offer automated controls and operations to improve their efficiency and reliability. Nonetheless, such automation can be vulnerable to cyber-attacks. Therefore, various approaches have been suggested to detect cyber-attacks in WDSs. However, most of these approaches rely on labeled attack records which are rarely available in real-world applications. Thus, for a detection model to be practical, it should be able to detect and localize events without referring to a predetermined list of labeled attacks. This study proposes a semi-supervised approach that relies solely on attack-free datasets to address this challenge. The approach utilizes a reduction in dimensionality by using maximum canonical correlation analysis (MCCA) followed by support vector data description (SVDD). The developed algorithm was tested on two case studies and various datasets, demonstrating consistently high performance in detecting and localizing cyber-attacks.
5
Karthik Krishnan, T., S. Sridevi, G. Bindu, and R. Anandan. "Comparison and detail study of attacks and detection methods for wireless sensor network." International Journal of Engineering & Technology 7, no. 2.21 (April 20, 2018): 405. http://dx.doi.org/10.14419/ijet.v7i2.21.12453.
Full textAbstract:
Wireless sensor network is emanating technology in the field of telecommunications. WSNs can be applied in many fields like machine surveillance, precision agriculture, home automation and intelligent building environments. However the major aspect of WSN is the security as the sensor nodes are limited because of these facing several security threats such as black hole attack, worm hole attack, flooding etc. which is finally affecting the functioning of the whole network. These attacks are maximizing the consumption of power in the node and also it decreases life of the battery. In this paper, we discuss several types of security attacks in wireless sensor networks and also it introduces various intrusion detection systems to detect these attacks and prevent the compromised nodes in the WSN. And also we discuss about the different intrusion detection methods with the help of machine learning algorithms. In future these techniques can be helpful to create a safe and sophisticated network.
6
Ye, Shengke, Kaiye Dai, Guoli Fan, Ling Zhang, and Zhihao Liang. "Exploring the intersection of network security and database communication: a PostgreSQL Socket Connection case study." Transactions on Computer Science and Intelligent Systems Research 3 (April 10, 2024): 1–9. http://dx.doi.org/10.62051/pzqebt34.
Full textAbstract:
In this study, the network security of PostgreSQL database using Socket connection is deeply analyzed. By exploring Socket connections established by PostgreSQL over TCP, we find potential security threats and vulnerabilities during data transmission, which may expose database systems to network attacks such as unauthorized access and data leakage. In order to assess these security risks, this study simulated a variety of network attack scenarios, especially the implantation and detection of Webshell, to reveal the vulnerability of PostgreSQL to such network threats. Especially in defending against complex and changeable cyber threats such as Webshell attacks, this research also uses machine learning and artificial intelligence techniques to improve the automation level of security threat detection and response. These technologies can help identify complex attack patterns and improve resilience to emerging threats, thereby enhancing the overall security of PostgreSQL databases.
7
Sztyber-Betley, Anna, Michał Syfert, Jan Maciej Kościelny, and Zuzanna Górecka. "Controller Cyber-Attack Detection and Isolation." Sensors 23, no. 5 (March 3, 2023): 2778. http://dx.doi.org/10.3390/s23052778.
Full textAbstract:
This article deals with the cyber security of industrial control systems. Methods for detecting and isolating process faults and cyber-attacks, consisting of elementary actions named “cybernetic faults” that penetrate the control system and destructively affect its operation, are analysed. FDI fault detection and isolation methods and the assessment of control loop performance methods developed in the automation community are used to diagnose these anomalies. An integration of both approaches is proposed, which consists of checking the correct functioning of the control algorithm based on its model and tracking changes in the values of selected control loop performance indicators to supervise the control circuit. A binary diagnostic matrix was used to isolate anomalies. The presented approach requires only standard operating data (process variable (PV), setpoint (SP), and control signal (CV). The proposed concept was tested using the example of a control system for superheaters in a steam line of a power unit boiler. Cyber-attacks targeting other parts of the process were also included in the study to test the proposed approach’s applicability, effectiveness, and limitations and identify further research directions.
8
Binbusayyis, Adel. "Reinforcing Network Security: Network Attack Detection Using Random Grove Blend in Weighted MLP Layers." Mathematics 12, no. 11 (May 31, 2024): 1720. http://dx.doi.org/10.3390/math12111720.
Full textAbstract:
In the modern world, the evolution of the internet supports the automation of several tasks, such as communication, education, sports, etc. Conversely, it is prone to several types of attacks that disturb data transfer in the network. Efficient attack detection is needed to avoid the consequences of an attack. Traditionally, manual attack detection is limited by human error, less efficiency, and a time-consuming mechanism. To address the problem, a large number of existing methods focus on several techniques for better efficacy in attack detection. However, improvement is needed in significant factors such as accuracy, handling larger data, over-fitting versus fitting, etc. To tackle this issue, the proposed system utilized a Random Grove Blend in Weighted MLP (Multi-Layer Perceptron) Layers to classify network attacks. The MLP is used for its advantages in solving complex non-linear problems, larger datasets, and high accuracy. Conversely, it is limited by computation and requirements for a great deal of labeled training data. To resolve the issue, a random info grove blend and weight weave layer are incorporated into the MLP mechanism. To attain this, the UNSW–NB15 dataset, which comprises nine types of network attack, is utilized to detect attacks. Moreover, the Scapy tool (2.4.3) is utilized to generate a real-time dataset for classifying types of attack. The efficiency of the presented mechanism is calculated with performance metrics. Furthermore, internal and external comparisons are processed in the respective research to reveal the system’s better efficiency. The proposed model utilizing the advantages of Random Grove Blend in Weighted MLP attained an accuracy of 98%. Correspondingly, the presented system is intended to contribute to the research associated with enhancing network security.
9
Kim, Ye-Eun, Yea-Sul Kim, and Hwankuk Kim. "Effective Feature Selection Methods to Detect IoT DDoS Attack in 5G Core Network." Sensors 22, no. 10 (May 18, 2022): 3819. http://dx.doi.org/10.3390/s22103819.
Full textAbstract:
The 5G networks aim to realize a massive Internet of Things (IoT) environment with low latency. IoT devices with weak security can cause Tbps-level Distributed Denial of Service (DDoS) attacks on 5G mobile networks. Therefore, interest in automatic network intrusion detection using machine learning (ML) technology in 5G networks is increasing. ML-based DDoS attack detection in a 5G environment should provide ultra-low latency. To this end, utilizing a feature-selection process that reduces computational complexity and improves performance by identifying features important for learning in large datasets is possible. Existing ML-based DDoS detection technology mostly focuses on DDoS detection learning models on the wired Internet. In addition, studies on feature engineering related to 5G traffic are relatively insufficient. Therefore, this study performed feature selection experiments to reduce the time complexity of detecting and analyzing large-capacity DDoS attacks in real time based on ML in a 5G core network environment. The results of the experiment showed that the performance was maintained and improved when the feature selection process was used. In particular, as the size of the dataset increased, the difference in time complexity increased rapidly. The experiments show that the real-time detection of large-scale DDoS attacks in 5G core networks is possible using the feature selection process. This demonstrates the importance of the feature selection process for removing noisy features before training and detection. As this study conducted a feature study to detect network traffic passing through the 5G core with low latency using ML, it is expected to contribute to improving the performance of the 5G network DDoS attack automation detection technology using AI technology.
10
Oruganti, Rakesh, Jeeshitha J, and Rama Koteswara Rao G. "A Extensive Study on DDosBotnet Attacks in Multiple Environments Using Deep Learning and Machine Learning Techniques." ECS Transactions 107, no. 1 (April 24, 2022): 15181–93. http://dx.doi.org/10.1149/10701.15181ecst.
Full textAbstract:
Every organization provides security for their systems, servers, and other I.T. infrastructure resources using regular anti-viruses and malware detection software. With the increase of access to smart devices and appliances through secured and unsecured networks, there is a requirement to design an intelligent detection tool using deep learning techniques to handle complex vulnerabilities efficiently. The system should have the capability to prevent and control attacks from unreliable sources. The system administrator should immediately notify the system administrator—the proposed research studies about the DDoSBot net attacks in IoT devices. BotNets are Zombie servers, which can attack an extensive network with its automation process by designing a combination of prevention and detection mechanisms in a virtual environment that can access the cloud environment.
11
Leal Piedrahita, Erwin Alexander. "Hierarchical Clustering for Anomalous Traffic Conditions Detection in Power Substations." Ciencia e Ingeniería Neogranadina 30, no. 1 (November 12, 2019): 75–88. http://dx.doi.org/10.18359/rcin.4236.
Full textAbstract:
The IEC 61850 standard has contributed significantly to the substation management and automation process by incorporating the advantages of communications networks into the operation of power substations. However, this modernization process also involves new challenges in other areas. For example, in the field of security, several academic works have shown that the same attacks used in computer networks (DoS, Sniffing, Tampering, Spoffing among others), can also compromise the operation of a substation. This article evaluates the applicability of hierarchical clustering algorithms and statistical type descriptors (averages), in the identification of anomalous patterns of traffic in communication networks for power substations based on the IEC 61850 standard. The results obtained show that, using a hierarchical algorithm with Euclidean distance proximity criterion and simple link grouping method, a correct classification is achieved in the following operation scenarios: 1) Normal traffic, 2) IED disconnection, 3) Network discovery attack, 4) DoS attack, 5) IED spoofing attack and 6) Failure on the high voltage line. In addition, the descriptors used for the classification proved equally effective with other unsupervised clustering techniques such as K-means (partitional-type clustering), or LAMDA (diffuse-type clustering).
12
Alotaibi, Nouf Saeed, Hassan Ibrahim Ahmed, and Samah Osama M. Kamel. "Dynamic Adaptation Attack Detection Model for a Distributed Multi-Access Edge Computing Smart City." Sensors 23, no. 16 (August 12, 2023): 7135. http://dx.doi.org/10.3390/s23167135.
Full textAbstract:
The internet of things (IoT) technology presents an intelligent way to improve our lives and contributes to many fields such as industry, communications, agriculture, etc. Unfortunately, IoT networks are exposed to many attacks that may destroy the entire network and consume network resources. This paper aims to propose intelligent process automation and an auto-configured intelligent automation detection model (IADM) to detect and prevent malicious network traffic and behaviors/events at distributed multi-access edge computing in an IoT-based smart city. The proposed model consists of two phases. The first phase relies on the intelligent process automation (IPA) technique and contains five modules named, specifically, dataset collection and pre-processing module, intelligent automation detection module, analysis module, detection rules and action module, and database module. In the first phase, each module composes an intelligent connecting module to give feedback reports about each module and send information to the next modules. Therefore, any change in each process can be easily detected and labeled as an intrusion. The intelligent connection module (ICM) may reduce the search time, increase the speed, and increase the security level. The second phase is the dynamic adaptation of the attack detection model based on reinforcement one-shot learning. The first phase is based on a multi-classification technique using Random Forest Trees (RFT), k-Nearest Neighbor (K-NN), J48, AdaBoost, and Bagging. The second phase can learn the new changed behaviors based on reinforced learning to detect zero-day attacks and malicious events in IoT-based smart cities. The experiments are implemented using a UNSW-NB 15 dataset. The proposed model achieves high accuracy rates using RFT, K-NN, and AdaBoost of approximately 98.8%. It is noted that the accuracy rate of the J48 classifier achieves 85.51%, which is lower than the others. Subsequently, the accuracy rates of AdaBoost and Bagging based on J48 are 98.9% and 91.41%, respectively. Additionally, the error rates of RFT, K-NN, and AdaBoost are very low. Similarly, the proposed model achieves high precision, recall, and F1-measure high rates using RFT, K-NN, AdaBoost, and Bagging. The second phase depends on creating an auto-adaptive model through the dynamic adaptation of the attack detection model based on reinforcement one-shot learning using a small number of instances to conserve the memory of any smart device in an IoT network. The proposed auto-adaptive model may reduce false rates of reporting by the intrusion detection system (IDS). It can detect any change in the behaviors of smart devices quickly and easily. The IADM can improve the performance rates for IDS by maintaining the memory consumption, time consumption, and speed of the detection process.
13
Aslam, Muhammad Muzamil, Zahoor Ahmed, Liping Du, Muhammad Zohaib Hassan, Sajid Ali, and Muhammad Nasir. "An Overview of Recent Advances of Resilient Consensus for Multiagent Systems under Attacks." Computational Intelligence and Neuroscience 2022 (August 2, 2022): 1–26. http://dx.doi.org/10.1155/2022/6732343.
Full textAbstract:
Consensus control of multiagent systems (MASs) has been one of the most extensive research topics in the field of robotics and automation. The information sharing among the agents in the MASs depends upon the communication network because the interaction of agents may affect the consensus performance of the agents in a communication network. An unexpected fault and attack may occur on one agent and can propagate through the communication network into other agents. Thus, this may cause severe degradation of the whole MASs. In this paper, we first discussed MAS technologies. After that available technologies for the modeling of attacks and fundamental issues due to attacks on MAS attacks were discussed. We also introduced cooperative attack methodologies and model-based attack methodology. Objective of this article is to provide comprehensive study on recent advances in consensus control of MASs under attacks covering the published results until 2021. This survey presents different kinds of attacks, their estimation and detection, and resilient control against attacks. At the end, the survey accomplishes some potential recommendations for future direction to solve the key issues and challenges reported for secure consensus control of MASs.
14
Htwe, Chaw Su, Zin Thu Thu Myint, and Yee Mon Thant. "IoT Security Using Machine Learning Methods with Features Correlation." Journal of Computing Theories and Applications 2, no. 2 (August 18, 2024): 151–63. http://dx.doi.org/10.62411/jcta.11179.
Full textAbstract:
The Internet of Things (IoT) is an innovative technology that makes our environment smarter, with IoT devices as an integral part of home automation. Smart home systems are becoming increasingly popular as an IoT service in the home that connects via a network. Due to the security weakness of many devices, the malware is targeting IoT devices. After being infected with malicious attacks on smart devices, they act like bots that the intruders can control. Machine learning methods can assist in improving the attack detection process for these devices. However, the irrelevant features raise the computation time as well as affect the detection accuracy in the processing with many features. We proposed a machine learning-based IoT security framework using feature correlation. The feature extraction scheme, one-hot feature encoding, correlation feature selection, and attack detection implement an active detection mechanism. The results show that the implemented framework is not only for effective detection but also for lightweight performance. The proposed system outperforms the results with the selected features, which have almost 100% detection accuracy. It is also approved that the proposed system using CART is more suitable in terms of processing time and detection accuracy.
15
Oluwakemi, Oduwole Omolara, Muhammad, Umar Abdullahi, and Kene Tochukwu Anyachebelu. "Comparative Evaluation of Machine Learning Algorithms for Intrusion Detection." Asian Journal of Research in Computer Science 16, no. 4 (September 20, 2023): 8–22. http://dx.doi.org/10.9734/ajrcos/2023/v16i4366.
Full textAbstract:
This study undertakes a comparative examination of machine learning algorithms used for intrusion detection, addressing the escalating challenge of safeguarding networks from malicious attacks in an era marked by a proliferation of network-related applications. Given the limitations of conventional security tools in combatting intrusions effectively, the adoption of machine learning emerges as a promising avenue for bolstering detection capabilities. The research evaluates the efficacy of three distinct machine learning algorithms—Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), and Naive Bayes—in identifying diverse attack categories, including Denial of Service, Probe, Remote to Local, and User to Root.
Conducted on the NSL-KDD dataset, the analysis unveils CNN and RNN as superior performers compared to Naive Bayes, particularly in terms of detection accuracy. These findings extend value to both researchers and practitioners in the realm of intrusion detection systems, offering insights into optimal algorithmic choices. Furthermore, the study's implications resonate within broader contexts, such as the advancement of secure automation in industrial environments and the realm of automobile automation. Overall, this research contributes to the ongoing efforts to fortify network security and promote the development of safer technological landscapes.
16
Alkahtani, Hasan, and Theyazn H. H. Aldhyani. "Developing Cybersecurity Systems Based on Machine Learning and Deep Learning Algorithms for Protecting Food Security Systems: Industrial Control Systems." Electronics 11, no. 11 (May 27, 2022): 1717. http://dx.doi.org/10.3390/electronics11111717.
Full textAbstract:
Industrial control systems (ICSs) for critical infrastructure are extensively utilized to provide the fundamental functions of society and are frequently employed in critical infrastructure. Therefore, security of these systems from cyberattacks is essential. Over the years, several proposals have been made for various types of cyberattack detection systems, with each concept using a distinct set of processes and methodologies. However, there is a substantial void in the literature regarding approaches for detecting cyberattacks in ICSs. Identifying cyberattacks in ICSs is the primary aim of this proposed research. Anomaly detection in ICSs based on an artificial intelligence algorithm is presented. The methodology is intended to serve as a guideline for future research in this area. On the one hand, machine learning includes logistic regression, k-nearest neighbors (KNN), linear discriminant analysis (LDA), and decision tree (DT) algorithms, deep learning long short-term memory (LSTM), and the convolution neural network and long short-term memory (CNN-LSTM) network to detect ICS malicious attacks. The proposed algorithms were examined using real ICS datasets from the industrial partners Necon Automation and International Islamic University Malaysia (IIUM). There were three types of attacks: man-in-the-middle (mitm) attack, web-server access attack, and telnet attack, as well as normal. The proposed system was developed in two stages: binary classification and multiclass classification. The binary classification detected the malware as normal or attacks and the multiclass classification was used for detecting all individual attacks. The KNN and DT algorithms achieved superior accuracy (100%) in binary classification and multiclass classification. Moreover, a sensitivity analysis method was presented to predict the error between the target and prediction values. The sensitivity analysis results showed that the KNN and DT algorithms achieved R2 = 100% in both stages. The obtained results were compared with existing systems; the proposed algorithms outperformed existing systems.
17
Choi, In-Sun, Junho Hong, and Tae-Wan Kim. "Multi-Agent Based Cyber Attack Detection and Mitigation for Distribution Automation System." IEEE Access 8 (2020): 183495–504. http://dx.doi.org/10.1109/access.2020.3029765.
Full text
18
DAMANIK, HILLMAN AKHYAR, and MERRY ANGGRAENI. "Pola Pengelompokan dan Pencegahan Public Honeypot menggunakan Teknik K-Means dan Automation Shell-Script." ELKOMIKA: Jurnal Teknik Energi Elektrik, Teknik Telekomunikasi, & Teknik Elektronika 12, no. 1 (January 17, 2024): 65. http://dx.doi.org/10.26760/elkomika.v12i1.65.
Full textAbstract:
ABSTRAKMakalah ini mengimplementasikan sistem log honeypot untuk menganalisis eksploitasi dari global internet berupa kategori serangan Statistical Traffic Analysis, Top Targeted Attack Sources and Destination, Penetration Analysis dan Infection Pattern Analysis serta Intrusion Detection System (IDS). Pengelompokan level kategori serangan adalah low, medium, dan high, dengan Teknik K-Means dan menerapkan rule filtering IPTables Automation yang digunakan untuk teknik mitigasi pada perangkat farm server dan virtual router public. Hasil attribute yang di cluster mendapatkan jumlah kuadrat jarak cluster ke pusat cluster terdekat, ditimbang dengan bobot nilai μi dan persentase jumlah serangan sebesar 64% untuk kategori High, 36% medium dan Low dengan jumlah tahapan clustering sebanyak 3 tahapan iterasi untuk mendapatkan cluster yang sesuai. Iterasi hasil Rule Firewall IPTables, untuk perangkat vRouter menghasilkan history beban kerja CPU berkurang menjadi 28%, dan memory 39%. vFarm Server menunjukkan beban kerja CPU pada masing-masing vServer berkurang menjadi 43% dan Memory (RAM) menjadi menjadi 21%.Kata kunci: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables ABSTRACTThis paper implements a honeypot log system to analyze exploitation of the global internet in the form of Statistical Traffic Analysis attack categories, Top Targeted Attack Sources and Destinations, Penetration Analysis and Infection Pattern Analysis and Intrusion Detection System (IDS). The grouping of attack category levels is low, medium, and high, using the K-Means technique and applying the IPTables Automation filtering rule used for mitigation techniques on server farm devices and public virtual router. The results of the clustering attribute get the mean of the squares of the cluster distance to the nearest cluster center, weighted by the weight of the μi value and the percentage of the number of attacks is 64% for the High, 36% medium and Low with a number of clustering stages of 3 iteration stages to get the appropriate cluster. Iteration of the results of the IPTables Firewall Rule, for vRouter devices, results in a history of CPU workload being reduced to 28%, and memory to 39%. vFarm Server shows the CPU workload on each vServer is reduced to 43% and RAM to 21%.Keywords: Machine Learning, Cyber Security, Honeypot, K-Means, Firewall IPTables
19
Alshamsi, Omar, Khaled Shaalan, and Usman Butt. "Towards Securing Smart Homes: A Systematic Literature Review of Malware Detection Techniques and Recommended Prevention Approach." Information 15, no. 10 (October 13, 2024): 631. http://dx.doi.org/10.3390/info15100631.
Full textAbstract:
The exponential growth of the Internet of Things (IoT) sector has resulted in a surge of interconnected gadgets in smart households, thus exposing them to new cyber-attack susceptibilities. This systematic literature review investigates machine learning methodologies for detecting malware in smart homes, with a specific emphasis on identifying common threats such as denial-of-service attacks, phishing efforts, and zero-day vulnerabilities. By examining 56 publications published from 2019 to 2023, this analysis uncovers that users are the weakest link and that there is a possibility of attackers disrupting home automation systems, stealing confidential information, or causing physical harm. Machine learning approaches, namely, deep learning and ensemble approaches, are emerging as effective tools for detecting malware. In addition, this analysis highlights prevention techniques, such as early threat detection systems, intrusion detection systems, and robust authentication procedures, as crucial measures for improving smart home security. This study offers significant insights for academics and practitioners aiming to protect smart home settings from growing cybersecurity threats by summarizing the existing knowledge.
20
Wei, Min, Kee Wook Rim, and Kee Cheon Kim. "An Intrusion Detection Scheme for Home Wireless Sensor Networks." Applied Mechanics and Materials 121-126 (October 2011): 3799–804. http://dx.doi.org/10.4028/www.scientific.net/amm.121-126.3799.
Full textAbstract:
In this paper, we propose an intrusion detection framework through multi-agents scheme for wireless home automation networks. Our mechanisms include the wireless sensor network intrusion detection architecture and an intrusion detection scheme for security enhancement. For the performance evaluation of our mechanism, we use the wireless data measured on the real wireless home networks. The simulation results show that the security manager detect the intrusion attack to improve the whole performance of the system, and can prolong the lifetime of the network.
21
Kasturi, Santanam, Xiaolong Li, Peng Li, and John Pickard. "A Proposed Approach to Integrate Application Security Vulnerability Data with Incidence Response Systems." American Journal of Networks and Communications 13, no. 1 (March 7, 2024): 19–29. http://dx.doi.org/10.11648/j.ajnc.20241301.12.
Full textAbstract:
This paper has proposed a method to develop an attack tree, from application vulnerability data discovered through tests and scans and correlation analysis using incoming transaction requests monitored by a Web Application Firewall (WAF) tool. The attack tree shows multiple pathways for an attack to shape through vulnerability linkages and a deeper analysis of the Common Weakness Enumeration (CWE) and Common Vulnerability Exposure (CVE) mapping to individual vulnerabilities. By further relating to a parent, peer, or child CWE (including CWEs that follow another CWE and in some cases precede other CWEs) will provide more insight into the attack patterns. These patterns will reveal a multi-vulnerability, multi-application attack pattern which will be hard to visualize without data consolidation and correlation analysis. The correlation analysis tied to the test and scan data supports a vulnerability lineage starting from incoming requests to individual vulnerabilities found in the code that traces a possible attack path. This solution, if automated, can provide threat alerts and immediate focus on vulnerabilities that need to be remedied as a priority. SOAR (Security Orchestration, Automation, and Response), XSOAR (Extended Security Orchestration, Automation, and Response), SIEM (Security Information and Event Management), and XDR (Extended Detection and Response) are more constructed to suit networks, infrastructure and devices, and sensors; not meant for application security vulnerability information as collected. So, this paper makes a special case that must be made for integration of application security information as part of threat intelligence, and threat and incident response systems.
22
Khan, Zulfiqar Ali, and Akbar Siami Namin. "A Survey of DDOS Attack Detection Techniques for IoT Systems Using BlockChain Technology." Electronics 11, no. 23 (November 24, 2022): 3892. http://dx.doi.org/10.3390/electronics11233892.
Full textAbstract:
The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate attention because hackers access vital personal and financial information and then misuse it. These security issues can allow hackers to hijack IoT devices and then use them to establish a Botnet to launch a Distributed Denial of Service (DDoS) attack. Blockchain technology can provide security to IoT devices by providing secure authentication using public keys. Similarly, Smart Contracts (SCs) can improve the performance of the IoT–blockchain network through automation. However, surveyed work shows that the blockchain and SCs do not provide foolproof security; sometimes, attackers defeat these security mechanisms and initiate DDoS attacks. Thus, developers and security software engineers must be aware of different techniques to detect DDoS attacks. In this survey paper, we highlight different techniques to detect DDoS attacks. The novelty of our work is to classify the DDoS detection techniques according to blockchain technology. As a result, researchers can enhance their systems by using blockchain-based support for detecting threats. In addition, we provide general information about the studied systems and their workings. However, we cannot neglect the recent surveys. To that end, we compare the state-of-the-art DDoS surveys based on their data collection techniques and the discussed DDoS attacks on the IoT subsystems. The study of different IoT subsystems tells us that DDoS attacks also impact other computing systems, such as SCs, networking devices, and power grids. Hence, our work briefly describes DDoS attacks and their impacts on the above subsystems and IoT. For instance, due to DDoS attacks, the targeted computing systems suffer delays which cause tremendous financial and utility losses to the subscribers. Hence, we discuss the impacts of DDoS attacks in the context of associated systems. Finally, we discuss Machine-Learning algorithms, performance metrics, and the underlying technology of IoT systems so that the readers can grasp the detection techniques and the attack vectors. Moreover, associated systems such as Software-Defined Networking (SDN) and Field-Programmable Gate Arrays (FPGA) are a source of good security enhancement for IoT Networks. Thus, we include a detailed discussion of future development encompassing all major IoT subsystems.
23
Lu, Kang-Di, Guo-Qiang Zeng, Xizhao Luo, Jian Weng, Weiqi Luo, and Yongdong Wu. "Evolutionary Deep Belief Network for Cyber-Attack Detection in Industrial Automation and Control System." IEEE Transactions on Industrial Informatics 17, no. 11 (November 2021): 7618–27. http://dx.doi.org/10.1109/tii.2021.3053304.
Full text
24
Guo, Hui Ling. "Research on Rule Extraction Technology Based on Genetic Algorithm in Intrusion Detection." Advanced Materials Research 760-762 (September 2013): 857–61. http://dx.doi.org/10.4028/www.scientific.net/amr.760-762.857.
Full textAbstract:
It is necessary to establish the rule base before intrusion detection. An adaptive method based on genetic algorithms was presented for learning the intrusion detection rules in order to realize the automation of attack rule generation. The genetic algorithm is employed to derive a set of classification rules from network audit data, and the support-confidence framework is utilized as fitness function to judge the quality of each rule. The generated rules are then used to detect or classify network intrusions in a real-time environment.
25
Meleshko, Alexey, Anton Shulepov, Vasily Desnitsky, Evgenia Novikova, and Igor Kotenko. "Visualization Assisted Approach to Anomaly and Attack Detection in Water Treatment Systems." Water 14, no. 15 (July 29, 2022): 2342. http://dx.doi.org/10.3390/w14152342.
Full textAbstract:
The specificity of the water treatment field, associated with water transmission, distribution and accounting, as well as the need to use automation and intelligent tools for various information solutions and security tools, have resulted in the development of integrated approaches and practical solutions regarding various aspects of the functioning of such systems. The research problem lies in the insecurity of water treatment systems and their susceptibility to malicious influences from the side of potential intruders trying to compromise the functioning. To obtain initial data needed for assessing the states of a water treatment system, the authors have developed a case study presenting a combination of a physical model and a software simulator. The methodology proposed in the article includes combining methods of machine learning and visual data analysis to improve the detection of attacks and anomalies in water treatment systems. The selection of the methods and tuning of their modes and parameters made it possible to build a mechanism for efficient detection of attacks in data from sensors with accuracy values above 0.95 for each class of attack and mixed data. In addition, Change_Measure metric parameters were selected to ensure the detection of attacks and anomalies by using visual data analysis. The combined method allows identifying points when the functioning of the system changes, which could be used as a trigger to start resource-intensive procedures of manual and/or machine-assisted checking of the system state on the basis of the available machine learning models that involve processing big data arrays.
26
Barletta, Vita Santa, Danilo Caivano, Mirko De Vincentiis, Azzurra Ragone, Michele Scalera, and Manuel Ángel Serrano Martín. "V-SOC4AS: A Vehicle-SOC for Improving Automotive Security." Algorithms 16, no. 2 (February 14, 2023): 112. http://dx.doi.org/10.3390/a16020112.
Full textAbstract:
Integrating embedded systems into next-generation vehicles is proliferating as they increase safety, efficiency, and driving comfort. These functionalities are provided by hundreds of electronic control units (ECUs) that communicate with each other using various protocols that, if not properly designed, may be vulnerable to local or remote attacks. The paper presents a vehicle-security operation center for improving automotive security (V-SOC4AS) to enhance the detection, response, and prevention of cyber-attacks in the automotive context. The goal is to monitor in real-time each subsystem of intra-vehicle communication, that is controller area network (CAN), local interconnect network (LIN), FlexRay, media oriented systems transport (MOST), and Ethernet. Therefore, to achieve this goal, security information and event management (SIEM) was used to monitor and detect malicious attacks in intra-vehicle and inter-vehicle communications: messages transmitted between vehicle ECUs; infotainment and telematics systems, which provide passengers with entertainment capabilities and information about the vehicle system; and vehicular ports, which allow vehicles to connect to diagnostic devices, upload content of various types. As a result, this allows the automation and improvement of threat detection and incident response processes. Furthermore, the V-SOC4AS allows the classification of the received message as malicious and non-malicious and acquisition of additional information about the type of attack. Thus, this reduces the detection time and provides more support for response activities. Experimental evaluation was conducted on two state-of-the-art attacks: denial of service (DoS) and fuzzing. An open-source dataset was used to simulate the vehicles. V-SOC4AS exploits security information and event management to analyze the packets sent by a vehicle using a rule-based mechanism. If the payload contains a CAN frame attack, it is notified to the SOC analysts.
27
T, Sowmika, Rohith Paul L, and Malathi G. "IOT Based Smart Rodent Detection and Fire Alert System in Farmland." International Research Journal of Multidisciplinary Technovation 2, no. 3 (May 30, 2020): 1–6. http://dx.doi.org/10.34256/irjmt2031.
Full textAbstract:
Agriculture is playing an important role in the development of a country. In this work, a smart and safe agriculture system is proposed that would notify the farmer about the deficit of moisture in the soil, snakes concealed under the soil, passers crossing the farm at odd times using IOT. The flame sensor and humidity sensor are deployed in farms in order to find humidity and detect fire attack. It is virtually hard for everyone to monitor the growth of plants in a large agricultural farmland. The approach that can be used to solve this problem is using IOT based sensor networks to assist the current traditional methods that are used by the farmers in order to improve their efficiency. This approach in turn significantly reduces the carbon release from agriculture which in turn will have a positive impact in solving our climate change crisis. The Indian economy accepts security in terms like protection from attacks of rodents in fields. Hence, this work focuses on raising a smart agriculture using automation and IOT technologies.
28
Rao, Alwal Keerthan, and T. Rajashekar Reddy. "AUTONOMOUS MISSILE DEFENSE SYSTEM: INTEGRATING ADVANCED SONAR-BASED TRACKING FOR PRECISE DETECTION." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 14, no. 2 (March 9, 2023): 1055–60. http://dx.doi.org/10.61841/turcomat.v14i2.14332.
Full textAbstract:
The objective of this project is to develop and build an automated system for detecting and neutralizing missiles. This system is specifically engineered to identify and track the target (missile) while it maneuvers in various directions. The automated target destruction system tracks the missile's trajectory and engages it by precisely aligning and firing onto the target. This system comprises an advanced sonar-based object tracking system that continuously monitors the target. Once the target is detected, it transmits the precise location of the target to a Central Control System. The Central Control System initiates the movement of the firing mechanism towards the target (missile). After correcting the orientation, it transmits the control command to the firing system in order to launch an attack on the target. This project utilizes an ultrasonic radar system and a DC geared motorpowered firing device that is connected to a Microcontroller based control unit. We choose the use of ultrasonic sensors due to their ability to cover a greater detecting distance and detect targets under various illumination circumstances, including both day and night. Microcontroller programming is accomplished using the Embedded 'C' language. This article has undergone processing in order to minimize human labor and fully automate the missile system. This results in reduced human error and more precision in system processing. This survey outlines the many approaches to automating the missile guidance system using maneuverable actuators. The diverse concepts pertaining to the automation system and the design modules will facilitate the exploration of multiple approaches in relation to the automation system.
29
B, Vivekanadam. "IoT based Smart Grid Attack Resistance in AC and DC State Estimation." Journal of Electrical Engineering and Automation 2, no. 3 (January 19, 2021): 118–22. http://dx.doi.org/10.36548/jeea.2020.3.002.
Full textAbstract:
Use of automation and intelligence in smart grids has led to implementation in a number of applications. When internet of things is incorporated it will result in the significant improvement a number of factors such as fault recovery, energy delivery efficiency, demand response and reliability. However, the collaboration of internet of things and smart grid gives rise to a number of security issues and threats. This is especially the case when using internet based protocols and public communication infrastructure. To address these issues we should ensure that the data stored is secure and critical information from the data is extracted in a careful manner. If any threat to its security is detective an early blackout warning should be issued immediately. In this paper we have proposed a geometric view point for big data attacks which is capable of bypassing bad data detection. We have created an environment where replay scheme is used launch blind energy big data attack. The defence mechanism of our proposed work is studied and found to be efficient. Experimental evidence supports our theory and we have found our methodology to efficiently improve error detection rate.
30
Ilokanuno, Ogochukwu A. "Smart Meter Tampering Detection Using IoT Based Unsupervised Machine Learning." International Journal for Research in Applied Science and Engineering Technology 12, no. 4 (April 30, 2024): 5434–45. http://dx.doi.org/10.22214/ijraset.2024.61153.
Full textAbstract:
Abstract: This work presents a novel smart grid tampering detection system re-engineered for end user monitoring and pipeline automation. The research focused on distributed energy resources. In context, the end user load profile, and generation capacity were processed in the cloud environment for tampering management. Computational pipelined methodology was adopted using baseline data from an independent electricity consumption data from 2018-2021 Abuja. First, a smart grid (SG) survey was carried using existing home estate at Abuja to ascertain tampering procedures in distributed energy resource domain. From the energy survey, the system architecture was developed and implemented based on computational model curve for dynamic attack vector mitigation.
31
Feng, Tao, and Bugang Zhang. "Security Evaluation and Improvement of the Extended Protocol EIBsec for KNX/EIB." Information 14, no. 12 (December 8, 2023): 653. http://dx.doi.org/10.3390/info14120653.
Full textAbstract:
The European Installation Bus(EIB) protocol, also known as KNX/EIB, is widely used in building and home automation. An extension of the KNX/EIB protocol, EIBsec, is primarily designed to meet the requirements for data transmission security in distributed building automation systems. However, this protocol has some security issues in the request, key distribution, and identity authentication processes. This paper employs a formal analysis method that combines Colored Petri Net (CPN) theory with the Dolev-Yao attack model to evaluate and enhance the EIBsec protocol. It utilizes the CPN Tools to conduct CPN modeling analysis on the protocol and introduces a security assessment model to carry out intrusion detection and security assessment. Through this analysis, vulnerabilities in the protocol, such as tampering and replay attacks, are identified. To address these security concerns, we introduce hash verification and timestamp judgment methods into the original protocol to enhance its security. Subsequently, based on the improved protocol, we conduct CPN modeling and verify the security of the new scheme. Finally, through a comparison and analysis of the performance and security between the original protocol and the improved scheme, it is found that the improved scheme has higher security.
32
Hassan, Jawad, Muhammad Kamran Abid, Mughees Ahmad, Ali Ghulam, Muhammad Salman Fakhar, and Muhammad Asif. "A Survey on Blockchain-based Intrusion Detection Systems for IoT." VAWKUM Transactions on Computer Sciences 11, no. 1 (May 2, 2023): 138–51. http://dx.doi.org/10.21015/vtcs.v11i1.1385.
Full textAbstract:
The Internet of Things (IoT) is a contemporary concept that unifies the Internet and physical objects across various domains, such as home automation, manufacturing, healthcare, and environmental monitoring. This integration enables users to leverage Internet-connected devices in their daily routines. Despite its numerous advantages, IoT also presents several security challenges. As the popularity of IoT continues to grow, ensuring the security of IoT networks has become a critical concern. While encryption and authentication can enhance the security of IoT networks, protecting IoT devices against cyber-attacks remains a complex task. A successful cyber-attack on an IoT system may not only result in information loss but also potentially cripple the entire system. Intrusion detection systems (IDS) are instrumental in identifying malicious activities that could compromise or disrupt network performance. Consequently, there is a pressing need for effective IDS solutions to safeguard IoT systems. Blockchain, an emerging technology, bolsters security systems to counter modern threats. In this paper, we provide an extensive review of state-of-the-art blockchain-based intrusion detection systems for IoT applications. Additionally, we present recent advancements in addressing security concerns in a tabular format. Lastly, we identify open challenges and current limitations that warrant further exploration.
33
Agnew, Dennis, Nader Aljohani, Reynold Mathieu, Sharon Boamah, Keerthiraj Nagaraj, Janise McNair, and Arturo Bretas. "Implementation Aspects of Smart Grids Cyber-Security Cross-Layered Framework for Critical Infrastructure Operation." Applied Sciences 12, no. 14 (July 7, 2022): 6868. http://dx.doi.org/10.3390/app12146868.
Full textAbstract:
Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks.
34
Dixit, Priyanka, Rashi Kohli, Angel Acevedo-Duque, Romel Ramon Gonzalez-Diaz, and Rutvij H. Jhaveri. "Comparing and Analyzing Applications of Intelligent Techniques in Cyberattack Detection." Security and Communication Networks 2021 (June 14, 2021): 1–23. http://dx.doi.org/10.1155/2021/5561816.
Full textAbstract:
Now a day’s advancement in technology increases the use of automation, mobility, smart devices, and application over the Internet that can create serious problems for protection and the privacy of digital data and raised the global security issues. Therefore, the necessity of intelligent systems or techniques can prevent and protect the data over the network. Cyberattack is the most prominent problem of cybersecurity and now a challenging area of research for scientists and researchers. These attacks may destroy data, system, and resources and sometimes may damage the whole network. Previously numerous traditional techniques were used for the detection and mitigation of cyberattack, but the techniques are not efficient for new attacks. Today’s machine learning and metaheuristic techniques are popularly applied in different areas to achieve efficient computation and fast processing of complex data of the network. This paper is discussing the improvements and enhancement of security models, frameworks for the detection of cyberattacks, and prevention by using different machine learning and optimization techniques in the domain of cybersecurity. This paper is focused on the literature of different metaheuristic algorithms for optimal feature selection and machine learning techniques for the classification of attacks, and some of the prominent algorithms such as GA, evolutionary, PSO, machine learning, and others are discussed in detail. This study provides descriptions and tutorials that can be referred from various literature citations, references, or latest research papers. The techniques discussed are efficiently applied with high performance for detection, mitigation, and identification of cyberattacks and provide a security mechanism over the network. Hence, this survey presents the description of various existing intelligent techniques, attack datasets, different observations, and comparative studies in detail.
35
Wang, Lijun, Xian Guo, Xiaofan Zhang, and Zhanhui Gang. "Industrial Information Security Detection and Protection: Monitoring and Warning Platform Architecture Design and Cryptographic Antitheft Technology System Upgrade." Journal of Sensors 2022 (August 25, 2022): 1–11. http://dx.doi.org/10.1155/2022/1263330.
Full textAbstract:
Industrial information security is an important part of the national security strategy that affects the economy and people’s lives. With the rapid development of automation and information technology, common protocols and common hardware and software based on information technology are increasingly used in industrial information control system products and are widely used in industries such as energy, metallurgy, water resource management, chemical, and production. Attacks on critical industrial information can not only cause accidents, losses, and local production pollution but also disrupt the balance of supply and demand of raw materials in the area covered by the system. Therefore, it is of great theoretical and practical importance to study industrial information security as an important measure to ensure the stable operation of the system. In this paper, we analyze the main industrial structure characteristics, external environment, and security requirements and propose a monitoring and warning platform architecture with cryptographic antitheft technology system based on hierarchical modeling and closed-loop control. It can prevent the spread of the attack and reduce its negative impact.
36
Söğüt, Esra, and O. Ayhan Erdem. "A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems." Applied Sciences 13, no. 10 (May 13, 2023): 5993. http://dx.doi.org/10.3390/app13105993.
Full textAbstract:
Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems.
37
Aravamudhan, Parthiban, and Kanimozhi T. "A novel adaptive network intrusion detection system for internet of things." PLOS ONE 18, no. 4 (April 21, 2023): e0283725. http://dx.doi.org/10.1371/journal.pone.0283725.
Full textAbstract:
Cyber-attack is one of the most challenging aspects of information technology. After the emergence of the Internet of Things, which is a vast network of sensors, technology started moving towards the Internet of Things (IoT), many IoT based devices interplay in most of the application wings like defence, healthcare, home automation etc., As the technology escalates, it gives an open platform for raiders to hack the network devices. Even though many traditional methods and Machine Learning algorithms are designed hot, still it “Have a Screw Loose” in detecting the cyber-attacks. To “Pull the Plug on” an effective “Intrusion Detection System (IDS)” is designed with “Deep Learning” technique. This research work elucidates the importance in detecting the cyber-attacks as “Anomaly” and “Normal”. Fast Region-Based Convolution Neural Network (Fast R-CNN), a deep convolution network is implemented to develop an efficient and adaptable IDS. After hunting many research papers and articles, “Gradient Boosting” is found to be a powerful optimizer algorithm that gives us a best results when compared to other existing methods. This algorithm uses “Regression” tactics, a statistical technique to predict the continuous target variable that correlates between the variables. To create a structured valid dataset, a stacked model is made by implementing the two most popular dimensionality reduction techniques Principal Component Analysis (PCA) and Singular Value Decomposition (SVD) algorithms. The brainwaves made us to hybridize Fast R-CNN and Gradient Boost Regression (GBR) which reduces the loss function, processing time and boosts the model’s performance. All the above said methods are trained and tested with NIDS dataset V.10 2017. Finally, the “Decision Making” model decides the best result by giving an alert message. Our proposed model attains a high accuracy of 99.5% in detecting the “Cyber Attacks”. The experiment results revealed that the effectiveness of our proposed model surpasses other deep neural network and machine learning techniques which have less accuracy.
38
Alshahrani, Hani, Attiya Khan, Muhammad Rizwan, Mana Saleh Al Reshan, Adel Sulaiman, and Asadullah Shaikh. "Intrusion Detection Framework for Industrial Internet of Things Using Software Defined Network." Sustainability 15, no. 11 (June 2, 2023): 9001. http://dx.doi.org/10.3390/su15119001.
Full textAbstract:
The Industrial Internet of Things (IIoT) refers to the employment of the Internet of Things in industrial management, where a substantial number of machines and devices are linked and synchronized with the help of software programs and third platforms to improve the overall productivity. The acquisition of the industrial IoT provides benefits that range from automation and optimization to eliminating manual processes and improving overall efficiencies, but security remains to be forethought. The absence of reliable security mechanisms and the magnitude of security features are significant obstacles to enhancing IIoT security. Over the last few years, alarming attacks have been witnessed utilizing the vulnerabilities of the IIoT network devices. Moreover, the attackers can also sink deep into the network by using the relationships amidst the vulnerabilities. Such network security threats cause industries and businesses to suffer financial losses, reputational damage, and theft of important information. This paper proposes an SDN-based framework using machine learning techniques for intrusion detection in an industrial IoT environment. SDN is an approach that enables the network to be centrally and intelligently controlled through software applications. In our framework, the SDN controller employs a machine-learning algorithm to monitor the behavior of industrial IoT devices and networks by analyzing traffic flow data and ultimately determining the flow rules for SDN switches. We use SVM and Decision Tree classification models to analyze our framework’s network intrusion and attack detection performance. The results indicate that the proposed framework can detect attacks in industrial IoT networks and devices with an accuracy of 99.7%.
39
Shalaginov, Andrii, and Muhammad Ajmal Azad. "Securing Resource-Constrained IoT Nodes: Towards Intelligent Microcontroller-Based Attack Detection in Distributed Smart Applications." Future Internet 13, no. 11 (October 27, 2021): 272. http://dx.doi.org/10.3390/fi13110272.
Full textAbstract:
In recent years, the Internet of Things (IoT) devices have become an inseparable part of our lives. With the growing demand for Smart Applications, it becomes clear that IoT will bring regular automation and intelligent sensing to a new level thus improving quality of life. The core component of the IoT ecosystem is data which exists in various forms and formats. The collected data is then later used to create context awareness and make meaningful decisions. Besides an undoubtedly large number of advantages from the usage of IoT, there exist numerous challenges attributed to the security of objects that cannot be neglected for uninterrupted services. The Mirai botnet attack demonstrated that the IoT system is susceptible to different forms of cyberattacks. While advanced data analytics and Machine Learning have proved efficiency in various applications of cybersecurity, those still have not been explored enough in the literature from the applicability perspective in the domain of resource-constrained IoT. Several architectures and frameworks have been proposed for defining the ways for analyzing the data, yet mostly investigating off-chip analysis. In this contribution, we show how an Artificial Neural Network model can be trained and deployed on trivial IoT nodes for detecting intelligent similarity-based network attacks. This article proposes a concept of the resource-constrained intelligent system as a part of the IoT infrastructure to be able to harden the cybersecurity on microcontrollers. This work will serve as a stepping stone for the application of Artificial Intelligence on devices with limited computing capabilities such as end-point IoT nodes.
40
Almuqren, Latifah, Sumayh S. Aljameel, Hamed Alqahtani, Saud S. Alotaibi, Manar Ahmed Hamza, and Ahmed S. Salama. "A White Shark Equilibrium Optimizer with a Hybrid Deep-Learning-Based Cybersecurity Solution for a Smart City Environment." Sensors 23, no. 17 (August 24, 2023): 7370. http://dx.doi.org/10.3390/s23177370.
Full textAbstract:
Smart grids (SGs) play a vital role in the smart city environment, which exploits digital technology, communication systems, and automation for effectively managing electricity generation, distribution, and consumption. SGs are a fundamental module of smart cities that purpose to leverage technology and data for enhancing the life quality for citizens and optimize resource consumption. The biggest challenge in dealing with SGs and smart cities is the potential for cyberattacks comprising Distributed Denial of Service (DDoS) attacks. DDoS attacks involve overwhelming a system with a huge volume of traffic, causing disruptions and potentially leading to service outages. Mitigating and detecting DDoS attacks in SGs is of great significance to ensuring their stability and reliability. Therefore, this study develops a new White Shark Equilibrium Optimizer with a Hybrid Deep-Learning-based Cybersecurity Solution (WSEO-HDLCS) technique for a Smart City Environment. The goal of the WSEO-HDLCS technique is to recognize the presence of DDoS attacks, in order to ensure cybersecurity. In the presented WSEO-HDLCS technique, the high-dimensionality data problem can be resolved by the use of WSEO-based feature selection (WSEO-FS) approach. In addition, the WSEO-HDLCS technique employs a stacked deep autoencoder (SDAE) model for DDoS attack detection. Moreover, the gravitational search algorithm (GSA) is utilized for the optimal selection of the hyperparameters related to the SDAE model. The simulation outcome of the WSEO-HDLCS system is validated on the CICIDS-2017 dataset. The widespread simulation values highlighted the promising outcome of the WSEO-HDLCS methodology over existing methods.
41
Bannikuppe Srinivasiah, Venkatesh Prasad, Roopashree Hejjaji Ranganathasharma, and Venkatesh Ramanna. "Multi-objective-trust aware improved grey wolf optimization technique for uncovering adversarial attacks in WSNs." Indonesian Journal of Electrical Engineering and Computer Science 36, no. 1 (October 1, 2024): 375. http://dx.doi.org/10.11591/ijeecs.v36.i1.pp375-391.
Full textAbstract:
Wireless sensor network (WSN) is made of several sensor nodes (SN) that monitor various applications and collect environmental data. WSNs are essential for a wide range application, including healthcare, industrial automation, and environmental monitoring. However, these networks are susceptible to several security threats, underscoring the need for robust attack detection systems. Therefore, in this study, a multi-objective-trust aware improved grey wolf optimization (M-TAIGWO) is implemented to mitigate various attacks types. This implemented M-TAIGWO method is used to select secure cluster heads (CH) and routes to obtain secure communication through the network. The implemented M-TAIGWO provides improved security against malicious attacks by increasing the energy efficiency. The important aim of M-TAIGWO is to attain secured data transmission and maximize the WSN network lifetime. The M-TAIGWO method’s performance is evaluated through energy consumption and delay. The implemented method obtains a high PDR of 98% for 500 nodes, which is superior to the quantum behavior and gaussian mutation Archimedes optimization algorithm (QGAOA), with a delay of 15 ms for 100 nodes which is lesser than fuzzy and secured clustering algorithms. In comparison to the trust-based routing protocol for WSNs utilizing an adaptive genetic algorithm (TAGA), this implemented method achieves defense hello fold, black hole, sinkhole, and selective forwarding attacks effectively.
42
Rai, Ankush, and Jagadeesh Kannan R. "MICROTUBULE BASED NEURO-FUZZY NESTED FRAMEWORK FOR SECURITY OF CYBER PHYSICAL SYSTEM." Asian Journal of Pharmaceutical and Clinical Research 10, no. 13 (April 1, 2017): 230. http://dx.doi.org/10.22159/ajpcr.2017.v10s1.19646.
Full textAbstract:
Network and system security of cyber physical system is of vital significance in the present information correspondence environment. Hackers and network intruders can make numerous fruitful endeavors to bring crashing of the networks and web services by unapproved interruption. Computing systems connected to the Internet are stood up to with a plenty of security threats, running from exemplary computer worms to impart drive by downloads and bot networks. In the most recent years these threats have achieved another nature of automation and sophistication, rendering most defenses inadequate. Ordinary security measures that depend on the manual investigation of security incidents and attack advancement intrinsically neglect to give an assurance from these threats. As an outcome, computer systems regularly stay unprotected over longer time frames. This study presents a network intrusion detection based on machine learning as a perfect match for this issue, as learning strategies give the capacity to naturally dissect data and backing early detection of threats. The results from the study have created practical results so far and there is eminent wariness in the community about learning based defenses. Machine learning based Intrusion Detection and Network Security Systems are one of these solutions. It dissects and predicts the practices of clients, and after that these practices will be viewed as an attack or a typical conduct.
43
Mazur-Milecka, Magdalena, Jacek Ruminski, Wojciech Glac, and Natalia Glowacka. "Detection and Model of Thermal Traces Left after Aggressive Behavior of Laboratory Rodents." Applied Sciences 11, no. 14 (July 20, 2021): 6644. http://dx.doi.org/10.3390/app11146644.
Full textAbstract:
Automation of complex social behavior analysis of experimental animals would allow for faster, more accurate and reliable research results in many biological, pharmacological, and medical fields. However, there are behaviors that are not only difficult to detect for the computer, but also for the human observer. Here, we present an analysis of the method for identifying aggressive behavior in thermal images by detecting traces of saliva left on the animals’ fur after a bite, nape attack, or grooming. We have checked the detection capabilities using simulations of social test conditions inspired by real observations and measurements. Detection of simulated traces different in size and temperature on single original frame revealed the dependence of the parameters of commonly used corner detectors (R score, ranking) on the parameters of the traces. We have also simulated temperature of saliva changes in time and proved that the detection time does not affect the correctness of the approximation of the observed process. Furthermore, tracking the dynamics of temperature changes of these traces allows to conclude about the exact moment of the aggressive action. In conclusion, the proposed algorithm together with thermal imaging provides additional data necessary to automate the analysis of social behavior in rodents.
44
Kasturi, Santanam, Xiaolong Li, Peng Li, and John Pickard. "On the Benefits of Vulnerability Data Consolidation in Application Security." International Conference on Cyber Warfare and Security 19, no. 1 (March 21, 2024): 455–62. http://dx.doi.org/10.34190/iccws.19.1.2086.
Full textAbstract:
This research aims to build upon a conceptual idea of consolidating all application security vulnerability data from monitoring, detection, and discovery tools into a physical system that allows for convergence of observation and response to an event that is a threat. Multiple application security testing and monitoring tools are deployed at different layers of an application architecture and capture activities that occur at that layer. This multi-layer data capture is disconnected without any analysis of data lineage from the externally exposed web attack surface to deep down into the application and data layers. It is only through this data consolidation can one provide a reliable statistical analysis of correlating multiple vulnerability information and synthesize an attack pattern and predict possible events accurately. The benefits of such a system are discussed in this paper that includes how one can organize the data, identifying temporal and spatial correlation of events, focusing on specific web requests that point to a specific vulnerability, and formulating a fast response to such events. Advantages of integrating with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR/XSOAR), Extended Detection Response (XDR) are briefly discussed. The analysis can be further used to develop a predictive system using deep learning (DL) techniques using correlation of application security vulnerability information.
45
Le Weng, Le Weng, Chao Feng Le Weng, Zhi-Yuan Shi Chao Feng, Ying-Min Zhang Zhi-Yuan Shi, and Lian-Fen Huang Ying-Min Zhang. "FASSFuzzer—An Automated Vulnerability Detection System for Android System Services." 電腦學刊 33, no. 2 (April 2022): 189–200. http://dx.doi.org/10.53106/199115992022043302017.
Full textAbstract:
<p>As the core component of Android framework, Android system services provide a large number of basic and core function services for Android system. It has a lot of resources and very high system permissions. And for the Android system, it is a very important attack surface. Attackers can use Android system service vulnerabilities to steal user privacy, cause Android applications or Android system denial of service, remote malicious code execution and other malicious behaviors, which will seriously affect the security of Android users. Based on fuzzy testing technology, this paper designed and implemented a vulnerability mining system for Android system services, optimized and improved the fuzzy testing method, so as to improve the speed and effectiveness of vulnerability mining, and timely submitted the discovered vulnerabilities to the corresponding manufacturers and security agencies, to help Android manufacturers repair the vulnerabilities in time. The main work of this paper is as follows: Aiming at the null pointer reference vulnerability of Android system services, we designed and implemented an automatic fast mining system FASSFuzzer. FASSFuzzer uses ADB to quickly detect null pointer reference vulnerabilities in Android services. At the same time, FASSFuzzer added automatic design to automatically perceive the generation of vulnerabilities and ensure the full automation of the whole vulnerability mining process, and automatically generate a vulnerability mining report after the completion of vulnerability mining.</p> <p> </p>
46
Le Weng, Le Weng, Chao Feng Le Weng, Zhi-Yuan Shi Chao Feng, Ying-Min Zhang Zhi-Yuan Shi, and Lian-Fen Huang Ying-Min Zhang. "FASSFuzzer—An Automated Vulnerability Detection System for Android System Services." 電腦學刊 33, no. 2 (April 2022): 189–200. http://dx.doi.org/10.53106/199115992022043302017.
Full textAbstract:
<p>As the core component of Android framework, Android system services provide a large number of basic and core function services for Android system. It has a lot of resources and very high system permissions. And for the Android system, it is a very important attack surface. Attackers can use Android system service vulnerabilities to steal user privacy, cause Android applications or Android system denial of service, remote malicious code execution and other malicious behaviors, which will seriously affect the security of Android users. Based on fuzzy testing technology, this paper designed and implemented a vulnerability mining system for Android system services, optimized and improved the fuzzy testing method, so as to improve the speed and effectiveness of vulnerability mining, and timely submitted the discovered vulnerabilities to the corresponding manufacturers and security agencies, to help Android manufacturers repair the vulnerabilities in time. The main work of this paper is as follows: Aiming at the null pointer reference vulnerability of Android system services, we designed and implemented an automatic fast mining system FASSFuzzer. FASSFuzzer uses ADB to quickly detect null pointer reference vulnerabilities in Android services. At the same time, FASSFuzzer added automatic design to automatically perceive the generation of vulnerabilities and ensure the full automation of the whole vulnerability mining process, and automatically generate a vulnerability mining report after the completion of vulnerability mining.</p> <p> </p>
47
Wang, Dongzhihan, Guijin Ma, and Xiaorui Liu. "An intelligent recognition framework of access control system with anti-spoofing function." AIMS Mathematics 7, no. 6 (2022): 10495–512. http://dx.doi.org/10.3934/math.2022585.
Full textAbstract:
<abstract> <p>Under the background that Covid-19 is spreading across the world, the lifestyle of people has to confront a series of changes and challenges. This also presents new problems and requirements to automation facilities. For example, nowadays masks have almost become necessities for people in public places. However, most access control systems (ACS) cannot recognize people wearing masks and authenticate their identities to deal with increasingly serious epidemic pressure. Consequently, many public entries have turned to an attendant mode that brings low efficiency, infection potential, and high possibility of negligence. In this paper, a new security classification framework based on face recognition is proposed. This framework uses mask detection algorithm and face authentication algorithm with anti-spoofing function. In order to evaluate the performance of the framework, this paper employs the Chinese Academy of Science Institute of Automation-Face Anti-spoofing Datasets (CASIA-FASD) and Reply-Attack datasets as benchmarks. Performance evaluation indicates that the Half Total Error Rate (HTER) is 9.7%, the Equal Error Rate (EER) is 5.5%. The average process time of a single frame is 0.12 seconds. The results demonstrate that this framework has a high anti-spoofing capability and can be employed on the embedded system to complete the mask detection and face authentication task in real-time.</p> </abstract>
48
Karopoulos, Georgios, Georgios Kambourakis, Efstratios Chatzoglou, José L. Hernández-Ramos, and Vasileios Kouliaridis. "Demystifying In-Vehicle Intrusion Detection Systems: A Survey of Surveys and a Meta-Taxonomy." Electronics 11, no. 7 (March 29, 2022): 1072. http://dx.doi.org/10.3390/electronics11071072.
Full textAbstract:
Breaches in the cyberspace due to cyber-physical attacks can harm the physical space, and any type of vehicle is an alluring target for wrongdoers for an assortment of reasons. Especially, as the automobiles are becoming increasingly interconnected within the Cooperative Intelligent Transport System (C-ITS) realm and their level of automation elevates, the risk for cyberattacks augments along with the attack surface, thus inexorably rendering the risk of complacency and inaction sizable. Next to other defensive measures, intrusion detection systems (IDS) already comprise an inextricable component of modern automobiles in charge of detecting intrusions in the system while in operation. This work concentrates on in-vehicle IDS with the goal to deliver a fourfold comprehensive survey of surveys on this topic. First, we collect and analyze all existing in-vehicle IDS classifications and fuse them into a simpler, overarching one that can be used as a base for classifying any work in this area. Second, we gather and elaborate on the so-far available datasets which can be possibly used to train and evaluate an in-vehicle IDS. Third, we survey non-commercial simulators which may be utilized for creating a dataset or evaluating an IDS. The last contribution pertains to a thorough exposition of the future trends and challenges in this area. To our knowledge, this work provides the first wholemeal survey on in-vehicle IDS, and it is therefore anticipated to serve as a groundwork and point of reference for multiple stakeholders at varying levels.
49
Ibraheem, Manar Khalid Ibraheem, Abdullah Ali Jawad Al-Abadi, Mbarka Belhaj Mohamed, and Ahmed Fakhfakh. "A Security-Enhanced Energy Conservation with Enhanced Random Forest Classifier for Low Execution Time Framework (S-2EC-ERF) for Wireless Sensor Networks." Applied Sciences 14, no. 6 (March 7, 2024): 2244. http://dx.doi.org/10.3390/app14062244.
Full textAbstract:
Wireless sensor networks (WSNs) play a pivotal role in diverse applications such as environmental monitoring, industrial automation, healthcare, and smart cities. The motivation behind the development of WSNs stems from their impact in providing real-time data on various environmental parameters. The challenge for WSNs is to achieve strong security and efficient energy saving together. Traditional methods sought to find solutions either through security or energy. In response, this study proposed a secure and energy-efficient framework for enhancing security measures in WSNs while minimizing the impact on energy resources by using the Enhanced Consumed Energy Leach (ECP-LEACH) protocol and the Enhanced Random Forest Classifier for Low Execution Time (ERF-LET) algorithm for attack detection named Security-Enhanced Energy Conservation with ERF-LET (S-2EC-ERF). The integration of the detection algorithm at the node level played a pivotal role in fortifying the security posture of individual nodes by detecting and mitigating potential security threats. Leveraging a comprehensive dataset obtained from NS3 simulations, the ERF-LET algorithm demonstrated its proficiency in differentiating between normal and attack packets, thereby laying a strong foundation for subsequent evaluations, where it achieved an accuracy of 98.193%. The proposed methodology was further validated through real-time simulations conducted on the NS3. The results demonstrated the superiority of the proposed S-2EC-ERF in terms of the packet delivery ratio (PDR), average throughput, end-to-end delay, and mean energy consumption compared to the Security-Enhanced Energy Conservation with Logistic Regression (S-2EC-LR), Security-Enhanced Energy Conservation with Decision Tree (S-2EC-DT), and Security-Enhanced Energy Conservation with AdaBoost (S-2EC-Ada) algorithms.
50
Faris, Mohammed, Mohd Nazri Mahmud, Mohd Fadzli Mohd Salleh, and Alhamzah Alnoor. "Wireless sensor network security: A recent review based on state-of-the-art works." International Journal of Engineering Business Management 15 (January 2023): 184797902311572. http://dx.doi.org/10.1177/18479790231157220.
Full textAbstract:
Wireless sensor networks (WSNs) are a major part of the telecommunications sector. WSN is applied in many aspects, including surveillance battlefields, patient medical monitoring, building automation, traffic control, environmental monitoring, and building intrusion monitoring. The WSN is made up of a vast number of sensor nodes, which are interconnected through a network. However, despite the growing usage of applications that rely on WSNs, they continue to suffer from restrictions, such as security issues and limited characteristics due to low memory and calculation power. Security issues lead to a lack of communication between sensors, wasting more energy. The need for efficient solutions has increased, especially with the rise of the Internet of Things, which relies on the effectiveness of WSNs. This review focuses on security issues by reviewing and addressing diverse types of WSN assaults that happened on each layer of the WSN that were published in security issues in the previous 3 years. As a consequence, this paper gives a taxonomy of security threats for each layer and different algorithmic solutions that numerous researchers who seek to counter this attack have explored. This study also presents a framework for constructing an intrusion detection system in the WSN by emphasising the drawbacks of each approach suggested by researchers to defend against specific forms of assault. In order to diminish the impact of this attack, this summary shows which attacks the majority of researchers have dealt with as well as which ones they have not yet addressed in their academic work.