To see the other types of publications on this topic, follow the link: Known and Zero-Day Attacks Detection.
Journal articles on the topic 'Known and Zero-Day Attacks Detection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Known and Zero-Day Attacks Detection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Nerella Sameera, M.Siva Jyothi, K.Lakshmaji, and V.S.R.Pavan Kumar. Neeli. "Clustering based Intrusion Detection System for effective Detection of known and Zero-day Attacks." Journal of Advanced Zoology 44, no. 4 (December 2, 2023): 969–75. http://dx.doi.org/10.17762/jaz.v44i4.2423.
Full textAbstract:
Developing effective security measures is the most challenging task now a days and hence calls for the development of intelligent intrusion detection systems. Most of the existing intrusion detection systems perform best at detecting known attacks but fail to detect zero-day attacks due to the lack of labeled examples. Authors in this paper, comes with a clustering-based IDS framework that can effectively detect both known and zero-day attacks by following unsupervised machine learning techniques. This research uses NSL-KDD dataset for the motive of experimentation and the experimental results exhibit best performance with an accuracy of 78%.
2
Hindy, Hanan, Robert Atkinson, Christos Tachtatzis, Jean-Noël Colin, Ethan Bayne, and Xavier Bellekens. "Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection." Electronics 9, no. 10 (October 14, 2020): 1684. http://dx.doi.org/10.3390/electronics9101684.
Full textAbstract:
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.
3
Ohtani, Takahiro, Ryo Yamamoto, and Satoshi Ohzahata. "IDAC: Federated Learning-Based Intrusion Detection Using Autonomously Extracted Anomalies in IoT." Sensors 24, no. 10 (May 18, 2024): 3218. http://dx.doi.org/10.3390/s24103218.
Full textAbstract:
The recent rapid growth in Internet of Things (IoT) technologies is enriching our daily lives but significant information security risks in IoT fields have become apparent. In fact, there have been large-scale botnet attacks that exploit undiscovered vulnerabilities, known as zero-day attacks. Several intrusion detection methods based on network traffic monitoring have been proposed to address this issue. These methods employ federated learning to share learned attack information among multiple IoT networks, aiming to improve collective detection capabilities against attacks including zero-day attacks. Although their ability to detect zero-day attacks with high precision has been confirmed, challenges such as autonomous labeling of attacks from traffic information and attack information sharing between different device types still remain. To resolve the issues, this paper proposes IDAC, a novel intrusion detection method with autonomous attack candidate labeling and federated learning-based attack candidate sharing. The labeling of attack candidates in IDAC is executed using information autonomously extracted from traffic information, and the labeling can also be applied to zero-day attacks. The federated learning-based attack candidate sharing enables candidate aggregation from multiple networks, and it executes attack determination based on the aggregated similar candidates. Performance evaluations demonstrated that IDS with IDAC within networks based on attack candidates is feasible and achieved comparable detection performance against multiple attacks including zero-day attacks compared to the existing methods while suppressing false positives in the extraction of attack candidates. In addition, the sharing of autonomously extracted attack candidates from multiple networks improves both detection performance and the required time for attack detection.
4
Hairab, Belal Ibrahim, Heba K. Aslan, Mahmoud Said Elsayed, Anca D. Jurcut, and Marianne A. Azer. "Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques." Electronics 12, no. 3 (January 23, 2023): 573. http://dx.doi.org/10.3390/electronics12030573.
Full textAbstract:
The rapid development of cyberattacks in the field of the Internet of things (IoT) introduces new security challenges regarding zero-day attacks. Intrusion-detection systems (IDS) are usually trained on specific attacks to protect the IoT application, but the attacks that are yet unknown for IDS (i.e., zero-day attacks) still represent challenges and concerns regarding users’ data privacy and security in those applications. Anomaly-detection methods usually depend on machine learning (ML)-based methods. Under the ML umbrella are classical ML-based methods, which are known to have low prediction quality and detection rates with regard to data that it has not yet been trained on. DL-based methods, especially convolutional neural networks (CNNs) with regularization methods, address this issue and give a better prediction quality with unknown data and avoid overfitting. In this paper, we evaluate and prove that the CNNs have a better ability to detect zero-day attacks, which are generated from nonbot attackers, compared to classical ML. We use classical ML, normal, and regularized CNN classifiers (L1, and L2 regularized). The training data consists of normal traffic data, and DDoS attack data, as it is the most common attack in the IoT. In order to give the full picture of this evaluation, the testing phase of those classifiers will include two scenarios, each having data with different attack distribution. One of these is the backdoor attack, and the other is the scanning attack. The results of the testing proves that the regularized CNN classifiers still perform better than the classical ML-based methods in detecting zero-day IoT attacks.
5
Al-Rushdan, Huthifh, Mohammad Shurman, and Sharhabeel Alnabelsi. "On Detection and Prevention of Zero-Day Attack Using Cuckoo Sandbox in Software-Defined Networks." International Arab Journal of Information Technology 17, no. 4A (July 31, 2020): 662–70. http://dx.doi.org/10.34028/iajit/17/4a/11.
Full textAbstract:
Networks attacker may identify the network vulnerability within less than one day; this kind of attack is known as zero-day attack. This undiscovered vulnerability by vendors empowers the attacker to affect or damage the network operation, because vendors have less than one day to fix this new exposed vulnerability. The existing defense mechanisms against the zero-day attacks focus on the prevention effort, in which unknown or new vulnerabilities typically cannot be detected. To the best of our knowledge the protection mechanism against zero-day attack is not widely investigated for Software-Defined Networks (SDNs). Thus, in this work we are motivated to develop a new zero-day attack detection and prevention mechanism for SDNs by modifying Cuckoo sandbox tool. The mechanism is implemented and tested under UNIX system. The experiments results show that our proposed mechanism successfully stops the zero-day malwares by isolating the infected clients, in order to prevent the malwares from spreading to other clients. Moreover, results show the effectiveness of our mechanism in terms of detection accuracy and response time
6
Alam, Naushad, and Muqeem Ahmed. "Zero-day Network Intrusion Detection using Machine Learning Approach." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 8s (August 18, 2023): 194–201. http://dx.doi.org/10.17762/ijritcc.v11i8s.7190.
Full textAbstract:
Zero-day network attacks are a growing global cybersecurity concern. Hackers exploit vulnerabilities in network systems, making network traffic analysis crucial in detecting and mitigating unauthorized attacks. However, inadequate and ineffective network traffic analysis can lead to prolonged network compromises. To address this, machine learning-based zero-day network intrusion detection systems (ZDNIDS) rely on monitoring and collecting relevant information from network traffic data. The selection of pertinent features is essential for optimal ZDNIDS performance given the voluminous nature of network traffic data, characterized by attributes. Unfortunately, current machine learning models utilized in this field exhibit inefficiency in detecting zero-day network attacks, resulting in a high false alarm rate and overall performance degradation. To overcome these limitations, this paper introduces a novel approach combining the anomaly-based extended isolation forest algorithm with the BAT algorithm and Nevergrad. Furthermore, the proposed model was evaluated using 5G network traffic, showcasing its effectiveness in efficiently detecting both known and unknown attacks, thereby reducing false alarms when compared to existing systems. This advancement contributes to improved internet security.
7
Bu, Seok-Jun, and Sung-Bae Cho. "Deep Character-Level Anomaly Detection Based on a Convolutional Autoencoder for Zero-Day Phishing URL Detection." Electronics 10, no. 12 (June 21, 2021): 1492. http://dx.doi.org/10.3390/electronics10121492.
Full textAbstract:
Considering the fatality of phishing attacks, the data-driven approach using massive URL observations has been verified, especially in the field of cyber security. On the other hand, the supervised learning approach relying on known attacks has limitations in terms of robustness against zero-day phishing attacks. Moreover, it is known that it is critical for the phishing detection task to fully exploit the sequential features from the URL characters. Taken together, to ensure both sustainability and intelligibility, we propose the combination of a convolution operation to model the character-level URL features and a deep convolutional autoencoder (CAE) to consider the nature of zero-day attacks. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest performance among the latest deep-learning methods. We demonstrated the superiority of the proposed method by receiver-operating characteristic (ROC) curve analysis in addition to 10-fold cross-validation and confirmed that the sensitivity improved by 3.98% compared to the latest deep model.
8
Ali, Shamshair, Saif Ur Rehman, Azhar Imran, Ghazif Adeem, Zafar Iqbal, and Ki-Il Kim. "Comparative Evaluation of AI-Based Techniques for Zero-Day Attacks Detection." Electronics 11, no. 23 (November 28, 2022): 3934. http://dx.doi.org/10.3390/electronics11233934.
Full textAbstract:
Many intrusion detection and prevention systems (IDPS) have been introduced to identify suspicious activities. However, since attackers are exploiting new vulnerabilities in systems and are employing more sophisticated advanced cyber-attacks, these zero-day attacks remain hidden from IDPS in most cases. These features have incentivized many researchers to propose different artificial intelligence-based techniques to prevent, detect, and respond to such advanced attacks. This has also created a new requirement for a comprehensive comparison of the existing schemes in several aspects ; after a thorough study we found that there currently exists no detailed comparative analysis of artificial intelligence-based techniques published in the last five years. Therefore, there is a need for this kind of work to be published, as there are many comparative analyses in other fields of cyber security that are available for readers to review.In this paper, we provide a comprehensive review of the latest and most recent literature, which introduces well-known machine learning and deep learning algorithms and the challenges they face in detecting zero-day attacks. Following these qualitative analyses, we present the comparative evaluation results regarding the highest accuracy, precision, recall, and F1 score compared to different datasets.
9
Rodríguez, Eva, Pol Valls, Beatriz Otero, Juan José Costa, Javier Verdú, Manuel Alejandro Pajuelo, and Ramon Canal. "Transfer-Learning-Based Intrusion Detection Framework in IoT Networks." Sensors 22, no. 15 (July 27, 2022): 5621. http://dx.doi.org/10.3390/s22155621.
Full textAbstract:
Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require balanced datasets with large amounts of labeled data; however, there is a lack of such large collections in IoT networks. This paper proposes an efficient intrusion detection framework based on transfer learning (TL), knowledge transfer, and model refinement, for the effective detection of zero-day attacks. The framework is tailored to 5G IoT scenarios with unbalanced and scarce labeled datasets. The TL model is based on convolutional neural networks (CNNs). The framework was evaluated to detect a wide range of zero-day attacks. To this end, three specialized datasets were created. Experimental results show that the proposed TL-based framework achieves high accuracy and low false prediction rate (FPR). The proposed solution has better detection rates for the different families of known and zero-day attacks than any previous DL-based IDS. These results demonstrate that TL is effective in the detection of cyberattacks in IoT environments.
10
Sheikh, Zakir Ahmad, Yashwant Singh, Pradeep Kumar Singh, and Paulo J. Sequeira Gonçalves. "Defending the Defender: Adversarial Learning Based Defending Strategy for Learning Based Security Methods in Cyber-Physical Systems (CPS)." Sensors 23, no. 12 (June 9, 2023): 5459. http://dx.doi.org/10.3390/s23125459.
Full textAbstract:
Cyber-Physical Systems (CPS) are prone to many security exploitations due to a greater attack surface being introduced by their cyber component by the nature of their remote accessibility or non-isolated capability. Security exploitations, on the other hand, rise in complexities, aiming for more powerful attacks and evasion from detections. The real-world applicability of CPS thus poses a question mark due to security infringements. Researchers have been developing new and robust techniques to enhance the security of these systems. Many techniques and security aspects are being considered to build robust security systems; these include attack prevention, attack detection, and attack mitigation as security development techniques with consideration of confidentiality, integrity, and availability as some of the important security aspects. In this paper, we have proposed machine learning-based intelligent attack detection strategies which have evolved as a result of failures in traditional signature-based techniques to detect zero-day attacks and attacks of a complex nature. Many researchers have evaluated the feasibility of learning models in the security domain and pointed out their capability to detect known as well as unknown attacks (zero-day attacks). However, these learning models are also vulnerable to adversarial attacks like poisoning attacks, evasion attacks, and exploration attacks. To make use of a robust-cum-intelligent security mechanism, we have proposed an adversarial learning-based defense strategy for the security of CPS to ensure CPS security and invoke resilience against adversarial attacks. We have evaluated the proposed strategy through the implementation of Random Forest (RF), Artificial Neural Network (ANN), and Long Short-Term Memory (LSTM) on the ToN_IoT Network dataset and an adversarial dataset generated through the Generative Adversarial Network (GAN) model.
11
Mala, V., and K. Meena. "Hybrid classification model to detect advanced intrusions using data mining techniques." International Journal of Engineering & Technology 7, no. 2.4 (March 10, 2018): 10. http://dx.doi.org/10.14419/ijet.v7i2.4.10031.
Full textAbstract:
Traditional signature based approach fails in detecting advanced malwares like stuxnet, flame, duqu etc. Signature based comparison and correlation are not up to the mark in detecting such attacks. Hence, there is crucial to detect these kinds of attacks as early as possible. In this research, a novel data mining based approach were applied to detect such attacks. The main innovation lies on Misuse signature detection systems based on supervised learning algorithm. In learning phase, labeled examples of network packets systems calls are (gave) provided, on or after which algorithm can learn about the attack which is fast and reliable to known. In order to detect advanced attacks, unsupervised learning methodologies were employed to detect the presence of zero day/ new attacks. The main objective is to review, different intruder detection methods. To study the role of Data Mining techniques used in intruder detection system. Hybrid –classification model is utilized to detect advanced attacks.
12
Das, Saikat, Mohammad Ashrafuzzaman, Frederick T. Sheldon, and Sajjan Shiva. "Ensembling Supervised and Unsupervised Machine Learning Algorithms for Detecting Distributed Denial of Service Attacks." Algorithms 17, no. 3 (February 24, 2024): 99. http://dx.doi.org/10.3390/a17030099.
Full textAbstract:
The distributed denial of service (DDoS) attack is one of the most pernicious threats in cyberspace. Catastrophic failures over the past two decades have resulted in catastrophic and costly disruption of services across all sectors and critical infrastructure. Machine-learning-based approaches have shown promise in developing intrusion detection systems (IDSs) for detecting cyber-attacks, such as DDoS. Herein, we present a solution to detect DDoS attacks through an ensemble-based machine learning approach that combines supervised and unsupervised machine learning ensemble frameworks. This combination produces higher performance in detecting known DDoS attacks using supervised ensemble and for zero-day DDoS attacks using an unsupervised ensemble. The unsupervised ensemble, which employs novelty and outlier detection, is effective in identifying prior unseen attacks. The ensemble framework is tested using three well-known benchmark datasets, NSL-KDD, UNSW-NB15, and CICIDS2017. The results show that ensemble classifiers significantly outperform single-classifier-based approaches. Our model with combined supervised and unsupervised ensemble models correctly detects up to 99.1% of the DDoS attacks, with a negligible rate of false alarms.
13
Nkongolo, Mike, Jacobus Philippus van Deventer, and Sydney Mambwe Kasongo. "UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats." Information 12, no. 10 (September 30, 2021): 405. http://dx.doi.org/10.3390/info12100405.
Full textAbstract:
This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.
14
Peppes, Nikolaos, Theodoros Alexakis, Evgenia Adamopoulou, and Konstantinos Demestichas. "The Effectiveness of Zero-Day Attacks Data Samples Generated via GANs on Deep Learning Classifiers." Sensors 23, no. 2 (January 12, 2023): 900. http://dx.doi.org/10.3390/s23020900.
Full textAbstract:
Digitization of most of the services that people use in their everyday life has, among others, led to increased needs for cybersecurity. As digital tools increase day by day and new software and hardware launch out-of-the box, detection of known existing vulnerabilities, or zero-day as they are commonly known, becomes one of the most challenging situations for cybersecurity experts. Zero-day vulnerabilities, which can be found in almost every new launched software and/or hardware, can be exploited instantly by malicious actors with different motives, posing threats for end-users. In this context, this study proposes and describes a holistic methodology starting from the generation of zero-day-type, yet realistic, data in tabular format and concluding to the evaluation of a Neural Network zero-day attacks’ detector which is trained with and without synthetic data. This methodology involves the design and employment of Generative Adversarial Networks (GANs) for synthetically generating a new and larger dataset of zero-day attacks data. The newly generated, by the Zero-Day GAN (ZDGAN), dataset is then used to train and evaluate a Neural Network classifier for zero-day attacks. The results show that the generation of zero-day attacks data in tabular format reaches an equilibrium after about 5000 iterations and produces data that are almost identical to the original data samples. Last but not least, it should be mentioned that the Neural Network model that was trained with the dataset containing the ZDGAN generated samples outperformed the same model when the later was trained with only the original dataset and achieved results of high validation accuracy and minimal validation loss.
15
Wang, Hui, Yifeng Wang, and Yuanbo Guo. "Unknown network attack detection method based on reinforcement zero-shot learning." Journal of Physics: Conference Series 2303, no. 1 (July 1, 2022): 012008. http://dx.doi.org/10.1088/1742-6596/2303/1/012008.
Full textAbstract:
Abstract With the increasing growth of zero-day attacks, traditional machine learning-based network intrusion detection systems (NIDS) are difficult to cope with a large amount of unknown network attacks without labeled data. To this end, this paper proposes a new unknown network attack detection method, which combines zero-shot learning algorithm with reinforcement learning algorithm. First, the feature vector in traffic data and the semantic vector in threat intelligence are encoded in the hidden space by variational autoencoder, so that the two modalities are matched in the hidden space, and then the hidden features of known class and unknown class are used to input into the training classifier to get the predicted of the labeling results, and then use asynchronous advantage actor-critic based algorithm to learn and correct the attack results that are misclassified by the variational autoencoder to improve the accuracy of detection. Experiments prove that the proposed method in this paper achieves more than 95% accuracy on four unknown network attack classes that are difficult to identify, namely MAILBOMB, U2R, POD, and SNAPATTACK, which illustrates the effectiveness and feasibility of the method.
16
Subbarayalu, Venkatraman, and Maria Anu Vensuslaus. "An Intrusion Detection System for Drone Swarming Utilizing Timed Probabilistic Automata." Drones 7, no. 4 (April 3, 2023): 248. http://dx.doi.org/10.3390/drones7040248.
Full textAbstract:
Unmanned aerial vehicles (UAVs), commonly known as drones, have found extensive applications across diverse sectors, such as agriculture, delivery, surveillance, and military. In recent times, drone swarming has emerged as a novel field of research, which involves multiple drones working in collaboration towards a shared objective. This innovation holds immense potential in transforming the way we undertake tasks, including military operations, environmental monitoring, and search and rescue missions. However, the emergence of drone swarms also brings new security challenges, as they can be susceptible to hacking and intrusion. To address these concerns, we propose utilizing a timed probabilistic automata (TPA)-based intrusion detection system (IDS) to model the normal behavior of drone swarms and identify any deviations that may indicate an intrusion. This IDS system is particularly efficient and adaptable in detecting different types of attacks in drone swarming. Its ability to adapt to evolving attack patterns and identify zero-day attacks makes it an invaluable tool in protecting drone swarms from malicious attacks.
17
Emmah, Victor T., Chidiebere Ugwu, and Laeticia N. Onyejegbu. "An Enhanced Classification Model for Likelihood of Zero-Day Attack Detection and Estimation." European Journal of Electrical Engineering and Computer Science 5, no. 4 (August 19, 2021): 69–75. http://dx.doi.org/10.24018/ejece.2021.5.4.350.
Full textAbstract:
The growing threat to sensitive information stored in computer systems and devices is becoming alarming. This is as a result of the proliferation of different malware created on a daily basis to cause zero-day attacks. Most of the malware whose signatures are known can easily be detected and blocked, however, the unknown malwares are the most dangerous. In this paper a zero-day vulnerability model based on deep-reinforcement learning is presented. The technique employs a Monte Carlo Based Pareto Rule (Deep-RL-MCB-PR) approach that exploits a reward learning and training feature with sparse feature generation and adaptive multi-layered recurrent prediction for the detection and subsequent mitigation of zero-day threats. The new model has been applied to the Kyoto benchmark datasets for intrusion detection systems, and compared to an existing system, that uses a multi-layer protection and a rule-based ranking (RBK) approach to detect a zero-day attack likelihood. Experiments were performed using the dataset, and simulation results show that the Deep-RL-MCB-PR technique when measured with the classification accuracy metrics, produced about 67.77%. The dataset was further magnified, and the result of classification accuracy showed about 75.84%. These results account for a better error response when compared to the RBK technique.
18
Yao, Wenbin, Longcan Hu, Yingying Hou, and Xiaoyong Li. "A Lightweight Intelligent Network Intrusion Detection System Using One-Class Autoencoder and Ensemble Learning for IoT." Sensors 23, no. 8 (April 20, 2023): 4141. http://dx.doi.org/10.3390/s23084141.
Full textAbstract:
Network intrusion detection technology is key to cybersecurity regarding the Internet of Things (IoT). The traditional intrusion detection system targeting Binary or Multi-Classification can detect known attacks, but it is difficult to resist unknown attacks (such as zero-day attacks). Unknown attacks require security experts to confirm and retrain the model, but new models do not keep up to date. This paper proposes a Lightweight Intelligent NIDS using a One-Class Bidirectional GRU Autoencoder and Ensemble Learning. It can not only accurately identify normal and abnormal data, but also identify unknown attacks as the type most similar to known attacks. First, a One-Class Classification model based on a Bidirectional GRU Autoencoder is introduced. This model is trained with normal data, and has high prediction accuracy in the case of abnormal data and unknown attack data. Second, a multi-classification recognition method based on ensemble learning is proposed. It uses Soft Voting to evaluate the results of various base classifiers, and identify unknown attacks (novelty data) as the type most similar to known attacks, so that exception classification becomes more accurate. Experiments are conducted on WSN-DS, UNSW-NB15, and KDD CUP99 datasets, and the recognition rates of the proposed models in the three datasets are raised to 97.91%, 98.92%, and 98.23% respectively. The results verify the feasibility, efficiency, and portability of the algorithm proposed in the paper.
19
Mehedy, Hasan MD. "Combating Evolving Threats: A Signature-Anomaly Based Hybrid Intrusion Detection System for Smart Homes with False Positive Mitigation." International Journal for Research in Applied Science and Engineering Technology 12, no. 5 (May 31, 2024): 403–11. http://dx.doi.org/10.22214/ijraset.2024.61393.
Full textAbstract:
Abstract: As people are looking for a more comfortable life, IoT applications are coming to play. Smart home system is one of the most popular IoT applications in the last decade. A smart home network is crucial to function smart home system properly. Cyber attacks on a smart home network can damage a lot. Network intrusion detection and prevention system (NIDPS) is a good solution to protect against Cyber threat in smart home network. This research will implement hybrid NIDPS in smart home network by combining signature based and anomaly-detection based NIDPS. This hybrid NIDPS will prevent known known attack from public internet, local internet and zero-day attack. Also, this system will be able to reduce false positive result and improve signature based NIDPS rules accurately by manual inspection.
20
Neuschmied, Helmut, Martin Winter, Branka Stojanović, Katharina Hofer-Schmitz, Josip Božić, and Ulrike Kleb. "APT-Attack Detection Based on Multi-Stage Autoencoders." Applied Sciences 12, no. 13 (July 5, 2022): 6816. http://dx.doi.org/10.3390/app12136816.
Full textAbstract:
In the face of emerging technological achievements, cyber security remains a significant issue. Despite the new possibilities that arise with such development, these do not come without a drawback. Attackers make use of the new possibilities to take advantage of possible security defects in new systems. Advanced-persistent-threat (APT) attacks represent sophisticated attacks that are executed in multiple steps. In particular, network systems represent a common target for APT attacks where known or yet undiscovered vulnerabilities are exploited. For this reason, intrusion detection systems (IDS) are applied to identify malicious behavioural patterns in existing network datasets. In recent times, machine-learning (ML) algorithms are used to distinguish between benign and anomalous activity in such datasets. The application of such methods, especially autoencoders, has received attention for achieving good detection results for APT attacks. This paper builds on this fact and applies several autoencoder-based methods for the detection of such attack patterns in two datasets created by combining two publicly available benchmark datasets. In addition to that, statistical analysis is used to determine features to supplement the anomaly detection process. An anomaly detector is implemented and evaluated on a combination of both datasets, including two experiment instances–APT-attack detection in an independent test dataset and in a zero-day-attack test dataset. The conducted experiments provide promising results on the plausibility of features and the performance of applied algorithms. Finally, a discussion is provided with suggestions of improvements in the anomaly detector.
21
Venu Gopal Bitra, Ajay Kumar, Seshagiri Rao, Prakash, and Md. Shakeel Ahmed. "Comparative analysis on intrusion detection system using machine learning approach." World Journal of Advanced Research and Reviews 21, no. 3 (March 30, 2024): 2555–62. http://dx.doi.org/10.30574/wjarr.2024.21.3.0983.
Full textAbstract:
The increasing popularity of online data storage and access has raised concerns about security and privacy in the face of growing online threats. However, with the rise of online threats, security and privacy have become major concerns. Intrusion detection systems (IDS) play an important role in protecting data integrity by identifying and quarantining records in the event of unexpected changes. Anomaly-based IDS, which uses machine learning-based approach and algorithms, is an effective way to detect known and unknown attacks, including zero-day attacks. The proposed project is used to create model to implement and analyze anomaly-based IDS to classify malicious attack types such as normal (non-intrusion), DoS, Probe, U2R and R2L. The analysis is conducted on KDDCup99 Dataset which consists of different attacks that a IDS go through. The Machine Learning Algorithms like KNN, SVM, Random Forest and LightGBM are used for the analysis. The Comparitive Analysis is made on KDDCup99 Dataset using the above Machine Learning Algorithms that uses the hybrid techniques and Ensemble techniques like Bagging and Boosting.
22
Khraisat, Gondal, Vamplew, Kamruzzaman, and Alazab. "A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks." Electronics 8, no. 11 (October 23, 2019): 1210. http://dx.doi.org/10.3390/electronics8111210.
Full textAbstract:
The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.
23
Merugu, Akshay, Hrishikesh Goud Chagapuram, and Rahul Bollepalli. "Spam Email Detection Using Convolutional Neural Networks: An Empirical Study." International Journal for Research in Applied Science and Engineering Technology 11, no. 10 (October 31, 2023): 981–91. http://dx.doi.org/10.22214/ijraset.2023.56143.
Full textAbstract:
Abstract: This study leverages Convolutional Neural Networks (CNNs); a state-of-the-art deep learning architecture primarily used in image analysis, and adapts it for the detection of phishing emails. By treating email content as multi-dimensional data, we employ CNNs to extract meaningful features and patterns from email headers, text, and attachments. Our approach not only identifies known phishing templates but also has the capability to detect emerging and zero-day phishing attacks
24
Bhaya, Wesam S., and Mustafa A. Ali. "Review on Malware and Malware Detection Using Data Mining Techniques." JOURNAL OF UNIVERSITY OF BABYLON for Pure and Applied Sciences 25, no. 5 (November 29, 2017): 1585–601. http://dx.doi.org/10.29196/jub.v25i5.104.
Full textAbstract:
Malicious software is any type of software or codes which hooks some: private information, data from the computer system, computer operations or(and) merely just to do malicious goals of the author on the computer system, without permission of the computer users. (The short abbreviation of malicious software is Malware). However, the detection of malware has become one of biggest issues in the computer security field because of the current communication infrastructures are vulnerable to penetration from many types of malware infection strategies and attacks. Moreover, malwares are variant and diverse in volume and types and that strictly explode the effectiveness of traditional defense methods like signature approach, which is unable to detect a new malware. However, this vulnerability will lead to a successful computer system penetration (and attack) as well as success of more advanced attacks like distributed denial of service (DDoS) attack. Data mining methods can be used to overcome limitation of signature-based techniques to detect the zero-day malware. This paper provides an overview of malware and malware detection system using modern techniques such as techniques of data mining approach to detect known and unknown malware samples.
25
Getman, Aleksandr Igorevich, Maxim Nikolaevich Goryunov, Andrey Georgievich Matskevich, and Dmitry Aleksandrovich Rybolovlev. "A Comparison of a Machine Learning-Based Intrusion Detection System and Signature-Based Systems." Proceedings of the Institute for System Programming of the RAS 34, no. 5 (2022): 111–26. http://dx.doi.org/10.15514/ispras-2022-34(5)-7.
Full textAbstract:
The paper discusses the approach to the comparison of intrusion detection systems (IDS) that is based on several independent scenarios and comprehensive testing. This approach enabled to identify the advantages and disadvantages of the IDS based on machine learning methods (ML IDS), to identify the conditions under which ML IDS is able to outperform signature-based systems in terms of detection quality, to assess the practical applicability of ML IDS. The developed scenarios enabled to model the realization of both known attacks and a zero-day exploit. The conclusion is made about the advantage of ML IDS in the detection of previously unknown attacks and the feasibility of the construction of hybrid detection systems that combine the potential of signature-based and heuristic methods of analysis.
26
Rahman, Rizwan Ur, and Deepak Singh Tomar. "Web Bot Detection System Based on Divisive Clustering and K-Nearest Neighbor Using Biostatistics Features Set." International Journal of Digital Crime and Forensics 13, no. 6 (November 1, 2021): 1–27. http://dx.doi.org/10.4018/ijdcf.20211101.oa6.
Full textAbstract:
Web bots are destructive programs that automatically fill the web form and steal the data from web sites. According to numerous web bot traffic reports, web bots traffic comprises of more than fifty percent of the total web traffic. An effective guard against the stealing of the data from web sites and automated web form is to identify and confirm the human user presence on web sites. In this paper, an efficient k-Nearest Neighbor algorithm using hierarchical clustering for web bot detection is proposed. Proposed technique exploits a novel taxonomy of web bot features known as Biostatistics Features. Numerous attack scenarios for web bot attacks such as automatic account registration, automatic form filling, bulk message posting, and web scrapping are created to imitate the zero-day web bot attacks. The proposed technique is evaluated with number of experiments using standard evaluation parameters. The experimental result analysis demonstrates that the proposed technique is extremely efficient in differentiating human users from web bots.
27
Dr.R.Venkatesh, Kavitha S, Dr Uma Maheswari N,. "Network Anomaly Detection for NSL-KDD Dataset Using Deep Learning." INFORMATION TECHNOLOGY IN INDUSTRY 9, no. 2 (March 31, 2021): 821–27. http://dx.doi.org/10.17762/itii.v9i2.419.
Full textAbstract:
Deep learning based intrusion detection cyber security methods gained increased popularity. The essential element to provide protection to the ICT infrastructure is the intrusion detection systems (IDSs). Intelligent solutions are necessary to control the complexity and increase in the new attack types. The intelligent system (DL/ML) has been widely used with its benefits to effectively deal with complex and great dimensional data. The IDS has various attack types like known, unknown, zero day attacks are attractive to and detected using unsupervised machine learning techniques. A novel methodology has been proposed that combines the benefits of Isolation forest (One Class) Support Vector Machine (OCSVM) with active learning method to detect threats without any prior knowledge. The NSL-KDD dataset has been used to evaluate the various DL methods with active learning method. The results show that this method performs better than other techniques. The design methodology inspires the efforts to emerging anomaly detection.
28
P. Arul, Et al. "Predicting the Attacks in IoT Devices using DP Algorithm." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 11 (November 30, 2023): 164–68. http://dx.doi.org/10.17762/ijritcc.v11i11.9133.
Full textAbstract:
The fundamental goal of this study is to predict cyber-attacks before they occur and to protect the network. Most existing attack detection algorithms cannot identify zero day attacks because they lack previously known data patterns to predict the threat, which is one of the biggest issues in the existing approaches. This research work offers a novel prediction method based on Gaussian regression that identifies cyber-attacks utilizing a unique dual data pattern categorization technique with no false positives. To improve the accuracy of the prediction and to reduce the prediction time consumption, this study introduces a dual prediction technique one locally – at the fog level where non-parametric input data is dealt with two functions namely quadratic & reliability function to ease the prediction and the other universally – cloud level where result of skill mechanism is carried out. Even if the local prediction misses an attack, the universal prediction sniffs it and protects the IoT devices and the data. A detailed comparison regarding accuracy and packet drop is carried out by simulating flooding attacks using on varying numbers of dummy nodes and the proposed system found to outscore the existing methods convincingly.
29
Othman, Trifa S., and Saman M. Abdullah. "An Intelligent Intrusion Detection System for Internet of Things Attack Detection and Identification Using Machine Learning." ARO-THE SCIENTIFIC JOURNAL OF KOYA UNIVERSITY 11, no. 1 (May 22, 2023): 126–37. http://dx.doi.org/10.14500/aro.11124.
Full textAbstract:
The usability and scalability of Internet of things (IoT) technology are expanding in such a way that they facilitate human living standards. However, they increase the vulnerabilities and attack vectors over IoT networks as well. Thus, more security challenges could be expected and encountered, and more security services and solutions should be provided. Although many security techniques propose and promise good solutions for that intrusion detection systems IDSs still considered the best. Many works proposed machine learning (ML)-based IDSs for IoT attack detection and classification. Nevertheless, they suffer from two main gaps. First, few of the works utilized or could analyze an up-to-date version of IoT-based attack behaviors. Second, few of the works can be considered as multi-class attack detection and classification. Therefore, this work proposes an intelligent IDS (IIDS) by exploiting the ability of ML algorithms to classify and identify malicious from benign behaviors among IoT network packets. Three ML classifier algorithms are investigated, which are K-Nearest Neighbor, support vector machine, and artificial neural network. The developed models have been trained and tested as binary and multi-class classifiers against 15 types of attacks and benign. This work employs an up-to-date dataset known as IoT23, which covers millions of malicious and benign behaviors of IoT-connected devices. The process of developing the proposed IIDSs goes under different preprocessing phases and methods, such as null value solving, SMOTE method for the imbalanced datasets, data normalization, and feature selections. The results present IIDSs as good binary and multi-class classifiers even for zero-day attacks.
30
Dange, Varsha, Soham Phadke, Tilak Solunke, Sidhesh Marne, Snehal Suryawanshi, and Om Surase. "Weighted Multiclass Intrusion Detection System." ITM Web of Conferences 57 (2023): 01009. http://dx.doi.org/10.1051/itmconf/20235701009.
Full textAbstract:
Attackers are continuously coming up with new attack strategies since cyber security is a field that is continually changing. As a result, it’s important to update and enhance the system frequently to ensure its efficiency against fresh threats. Unauthorised entry, usage, or manipulation of a computer system or network by a person or programme is referred to as an intrusion. There are numerous ways for an incursion to happen, including using software flaws, phishing scams, or social engineering techniques. A realistic solution to handle the risks brought on by the interconnectedness and interoperability of computer systems is to use deep learning architectures to build an adaptive and resilient network intrusion detection system (IDS) to identify and categorise network attacks. Artificial neural networks (ANNs) or deep learning can help adaptive intrusion detection systems (IDS) with learning capabilities identify well-known and unique or zero-day network behavioural patterns, which can significantly reduce the risk of compromise. The NSL-KDD dataset, which represents both synthetically manufactured attack actions and real-world network communication activity, is used to show the effectiveness of the model. Model trained with this dataset to detect a wide range of attack patterns, which help in building an effective IDS.
31
BOBROVNIKOVA, KIRA, MARIIA KAPUSTIAN, and DMYTRO DENYSIUK. "RESEARCH OF MACHINE LEARNING BASED METHODS FOR CYBERATTACKS DETECTION IN THE INTERNET OF THINGS INFRASTRUCTURE." Computer systems and information technologies, no. 3 (April 14, 2022): 110–15. http://dx.doi.org/10.31891/csit-2021-5-15.
Full textAbstract:
The growing demand for IoT devices is accelerating the pace of their production. In an effort to accelerate the launch of a new device and reduce its cost, manufacturers often neglect to comply with cybersecurity requirements for these devices. The lack of security updates and transparency regarding the security status of IoT devices, as well as unsafe deployment on the Internet, makes IoT devices the target of cybercrime attacks. Quarterly reports from cybersecurity companies show a low level of security of the Internet of Things infrastructure. Considering the widespread use of IoT devices not only in the private sector but also in objects for various purposes, including critical infrastructure objects, the security of these devices and the IoT infrastructure becomes more important.
Nowadays, there are many different methods of detecting cyberattacks on the Internet of Things infrastructure. Advantages of applying the machine-based methods in comparison with signature analysis are the higher detection accuracy and fewer false positive, the possibility of detecting both anomalies and new features of attacks. However, these methods also have certain disadvantages. Among them there is the need for additional hardware resources and lower data processing speeds. The paper presents an overview of modern methods aimed at detecting cyberattacks and anomalies in the Internet of Things using machine learning methods. The main disadvantages of the known methods are the inability to detect and adaptively respond to zero-day attacks and multi-vector attacks. The latter shortcoming is the most critical, as evidenced by the constantly increasing number of cyber attacks on the Internet of Things infrastructure. A common limitation for most known approaches is the need for significant computing resources and the significant response time of cyberattack detection systems.
32
M.R., Amal, and Venkadesh P. "Review of Cyber Attack Detection: Honeypot System." Webology 19, no. 1 (January 20, 2022): 5497–514. http://dx.doi.org/10.14704/web/v19i1/web19370.
Full textAbstract:
The number of connected devices in the network is growing day by day, and as the number of linked devices grows, so will the number of cyberattacks. All devices connected to the Internet has become a target of cyberattacks as network attack methods have developed. As a result, the security of network data cannot be neglected. To handle the future threats in this way, we employ honeypots, which are conceptual framework traps designed to block unauthorized access to both PCs and data. Every day, a large number of people access the internet throughout the world. Honeypot, also known as Intrusion Detection Technology, is a type of security technology that screens devices to prevent unwanted activities. This article will provide an overview of cyber security as well as a discussion of machine learning, cyber threats, and honeypot system-based techniques. This review paper was the result of a lot of research, and in assessing honeypots, the researchers found that they are becoming more of a concern for experts as an important security tool that can halt or limit system attacks and provide analysts with insights into the origins and behaviours of such attacks.
33
Khraisat, Ansam, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman, and Ammar Alazab. "Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine." Electronics 9, no. 1 (January 17, 2020): 173. http://dx.doi.org/10.3390/electronics9010173.
Full textAbstract:
Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.
34
Сычугов, А. А., and М. М. Греков. "Application of generative adversarial networks in anomaly detection systems." МОДЕЛИРОВАНИЕ, ОПТИМИЗАЦИЯ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ 9, no. 1(32) (January 31, 2021): 3–4. http://dx.doi.org/10.26102/2310-6018/2021.32.1.003.
Full textAbstract:
На сегодняшний день важным инструментом безопасности является система обнаружения вторжений, основанная на сигнатурах известных атак, однако данный метод неэффективен против уязвимостей нулевого дня. Актуальным подходом для нейтрализации ранее неизвестных компьютерных атак и нового вредоносного программного обеспечения является применение систем обнаружения вторжений на основе аномалий. Для построения системы, позволяющей классифицировать поступающие на вход данные, можно использовать алгоритмы машинного обучения. В настоящий момент применение такой системы обнаружения аномалий в реальных условиях недостаточно эффективно, так как велика вероятность ошибки классификации из-за неравномерного распределения данных между классами. Также необходимо учитывать возможность применения злоумышленником состязательных атак для преодоления алгоритмов классификации, вследствие чего реальная атака может быть пропущена детектором. В связи с этим, в данной статье описана задача несбалансированности обучающего набора данных и неустойчивости к состязательным атакам злоумышленников при использовании системы обнаружения аномалий на основе нейронных сетей. В качестве решения предлагается применить алгоритм генеративных состязательных сетей для дополнения малочисленного класса атак сгенерированными образцами, что также позволяет сделать классификатор более устойчивым к состязательным атакам. Рассмотрен алгоритм обучения генератора и дискриминатора, а также приведено описание набора данных NSL-KDD, который предлагается использовать в качестве обучающего и тестового. Today, intrusion detection system based on signatures of known attacks is an important security tool, but this method is ineffective against zero-day vulnerabilities. Anomaly-based intrusion detection systems are a relevant approach to neutralize previously unknown computer attacks and new malicious software. Machine learning algorithms can be used to build a system that can classify input data. At the moment, using this an anomaly detection system in real conditions is not effective enough, because there is a high probability of classification errors due to the non-uniform distribution of data between classes. It is also necessary to take into account the possibility of adversarial attacks used by an attacker to overcome classification algorithms, as a result of which a real attack can be missed by the detector. Thereat, this article describes the problem of imbalance in the training dataset and instability to adversarial attacks by intruders when using an anomaly detection system based on neural networks. As a solution, it is proposed to apply an algorithm of generative adversarial networks to supplement a small class of attacks with generated examples, which also makes the classifier more resistant to adversarial attacks. An algorithm for training the generator and discriminator is considered, and a description of the NSL-KDD dataset is given, which is proposed to be used as a training and test one.
35
Al-Sabbagh, Kais Said, Hamid M. Ali, and Elaf Sabah Abbas. "Development an Anomaly Network Intrusion Detection System Using Neural Network." Journal of Engineering 18, no. 12 (December 1, 2012): 1325–34. http://dx.doi.org/10.31026/j.eng.2012.12.03.
Full textAbstract:
Most intrusion detection systems are signature based that work similar to anti-virus but they are unable to detect the zero-day attacks. The importance of the anomaly based IDS has raised because of its ability to deal with the unknown attacks. However smart attacks are appeared to compromise the detection ability of the anomaly based IDS. By considering these weak points the proposed system is developed to overcome them. The proposed system is a development to the well-known payload anomaly detector (PAYL). By combining two stages with the PAYL detector, it gives good detection ability and acceptable ratio of false positive. The proposed system improve the models recognition ability in the PAYL detector, for a filtered unencrypted HTTP subset traffic of DARPA 1999 data set, from 55.234% in the PAYL system alone to 99.94% in the proposed system; due to the existence of the neural network self-organizing map (SOM). In addition SOM decreases the ratio of false positive from 44.676% in the PAYL system alone to 5.176% in the proposed system. The proposed system provides 80% detection ability of smart worms that are meant to invade the PAYL detector in the PAYL system alone, due to the existence of the randomization stage in the proposed system.
36
Iliyasu, Auwal Sani, Usman Alhaji Abdurrahman, and Lirong Zheng. "Few-Shot Network Intrusion Detection Using Discriminative Representation Learning with Supervised Autoencoder." Applied Sciences 12, no. 5 (February 24, 2022): 2351. http://dx.doi.org/10.3390/app12052351.
Full textAbstract:
Recently, intrusion detection methods based on supervised deep learning techniques (DL) have seen widespread adoption by the research community, as a result of advantages, such as the ability to learn useful feature representations from input data without excessive manual intervention. However, these techniques require large amounts of data to generalize well. Collecting a large-scale malicious sample is non-trivial, especially in the modern day with its constantly evolving landscape of cyber-threats. On the other hand, collecting a few-shot of malicious samples is more realistic in practical settings, as in cases such as zero-day attacks, where security agents are only able to intercept a limited number of such samples. Hence, intrusion detection methods based on few-shot learning is emerging as an alternative to conventional supervised learning approaches to simulate more realistic settings. Therefore, in this paper, we propose a novel method that leverages discriminative representation learning with a supervised autoencoder to achieve few-shot intrusion detection. Our approach is implemented in two stages: we first train a feature extractor model with known classes of malicious samples using a discriminative autoencoder, and then in the few-shot detection stage, we use the trained feature extractor model to fit a classifier with a few-shot examples of the novel attack class. We are able to achieve detection rates of 99.5% and 99.8% for both the CIC-IDS2017 and NSL-KDD datasets, respectively, using only 10 examples of an unseen attack.
37
Arshi, M., MD Nasreen, and Karanam Madhavi. "A Survey of DDOS Attacks Using Machine Learning Techniques." E3S Web of Conferences 184 (2020): 01052. http://dx.doi.org/10.1051/e3sconf/202018401052.
Full textAbstract:
The DDoS attacks are the most destructive attacks that interrupt the safe operation of essential services delivered by the internet community’s different organizations. DDOS stands for Distributed Denial Of Service attacks. These attacks are becoming more complex and expected to expand in number day after day, rendering detecting and combating these threats challenging. Hence, an advanced intrusion detection system (IDS) is required to identify and recognize an- anomalous internet traffic behaviour. Within this article the process is supported on the latest dataset containing the current form of DDoS attacks including (HTTP flood, SIDDoS). This study combines well-known grouping methods such as Naïve Bayes, Multilayer Perceptron (MLP), and SVM, Decision trees.
38
Kumar Lingamallu, Raghu, Pradeep Balasubramani, S. Arvind, P. Srinivasa Rao, Veeraswamy Ammisetty, Koppuravuri Gurnadha Gupta, M. N. Sharath, Y. J. Nagendra Kumar, and Vaibhav Mittal. "Securing IoT networks: A fog-based framework for malicious device detection." MATEC Web of Conferences 392 (2024): 01103. http://dx.doi.org/10.1051/matecconf/202439201103.
Full textAbstract:
Ensuring device security is a significant obstacle to effectively implementing the Internet of Things (IoT) and fog computing in today's Information Technology (IT) landscape. Researchers and IT firms have investigated many strategies to safeguard systems against unauthorized device assaults, often known as outside device assaults. Cyber-attacks and data thefts have significantly risen in many corporations, organizations, and sectors due to exploiting vulnerabilities in safeguarding IoT gadgets. The rise in the variety of IoT gadgets and their diverse protocols has increased zero-day assaults. Deep Learning (DL) is very effective in big data and cyber-security. Implementing a DL-based Gated Recurrent Unit (GRU) on IoT devices with constrained resources is unfeasible due to the need for substantial computational power and robust storage capacities. This study introduces an IoT-based Malicious Device Detection (IoT-MDD) that is dispersed, resilient, and has a high detecting rate for identifying various IoT cyber-attacks using deep learning. The suggested design incorporates an Intrusion Detection System (IDS) on fog nodes because of its decentralized structure, substantial processing capabilities, and proximity to edge gadgets. Tests demonstrate that the IoT-MDD model surpasses the performance of the other models. The study found that the cybersecurity architecture effectively detects malicious gadgets and decreases the percentage of false IDS alarms.
39
Kikelomo, Akinwole Agnes, Yekini Nureni Asafe, and Ogundele Israel Oludayo. "Malware Detection System Using Mathematics of Random Forest Classifier." International Journal of Advances in Scientific Research and Engineering 09, no. 03 (2023): 45–53. http://dx.doi.org/10.31695/ijasre.2023.9.3.6.
Full textAbstract:
Most cyberattacks including data breaches, identity theft, fraud, and other issues, are known to be caused by malware. Some of the malware attacks are categories as adware, spyware, virus, worm, trojan, rootkit, backdoor, ransomware and command and control (C&C) bot, based on its purpose and behaviour. Malware detectors still utilise signature-based approaches to detect malicious software, which can only detect known malware. Attacks by malware pose a serious threat to people's and organizations' cybersecurity globally. These attacks are occurring more frequently and more frequently lately. Over eight billion malware attacks occurred in 2020, up 4% over the previous year, according to a Symantec report. It is crucial that computer users safeguard their computers with a malware detector like an antivirus, anti-spyware, etc. When creating a machine learning model to differentiate between malicious and benign files, it might be challenging to use domain-level expertise to extract the necessary attributes. This research aims to create a malware detector that uses a trained random forest classifier model to find malware and stop zero-day assaults. A dataset (including both harmful and benign software PE header information) was obtained from virusshare.com and used to train the random forest classifier in order to create this malware detector. The Random Forest Classifier generate greater accuracy when compared with other machine learning classifiers, such as KNN (K-Nearest Neighbors), Decision Tree, Logistic Regression etc., the random forest classifier gives a better accuracy of 99.4%. The Classifier model used here will be a better option to use in order to efficiently and effectively detect malware, it shows that the methodology can be utilized as the basis for an operational system for detecting an unknown malicious executable.
40
Zoppi, Tommaso, Mohamad Gharib, Muhammad Atif, and Andrea Bondavalli. "Meta-Learning to Improve Unsupervised Intrusion Detection in Cyber-Physical Systems." ACM Transactions on Cyber-Physical Systems 5, no. 4 (October 31, 2021): 1–27. http://dx.doi.org/10.1145/3467470.
Full textAbstract:
Artificial Intelligence (AI)- based classifiers rely on Machine Learning (ML) algorithms to provide functionalities that system architects are often willing to integrate into critical Cyber-Physical Systems (CPSs) . However, such algorithms may misclassify observations, with potential detrimental effects on the system itself or on the health of people and of the environment. In addition, CPSs may be subject to threats that were not previously known, motivating the need for building Intrusion Detectors (IDs) that can effectively deal with zero-day attacks. Different studies were directed to compare misclassifications of various algorithms to identify the most suitable one for a given system. Unfortunately, even the most suitable algorithm may still show an unsatisfactory number of misclassifications when system requirements are strict. A possible solution may rely on the adoption of meta-learners, which build ensembles of base-learners to reduce misclassifications and that are widely used for supervised learning. Meta-learners have the potential to reduce misclassifications with respect to non-meta learners: however, misleading base-learners may let the meta-learner leaning towards misclassifications and therefore their behavior needs to be carefully assessed through empirical evaluation. To such extent, in this paper we investigate, expand, empirically evaluate, and discuss meta-learning approaches that rely on ensembles of unsupervised algorithms to detect (zero-day) intrusions in CPSs. Our experimental comparison is conducted by means of public datasets belonging to network intrusion detection and biometric authentication systems, which are common IDSs for CPSs. Overall, we selected 21 datasets, 15 unsupervised algorithms and 9 different meta-learning approaches. Results allow discussing the applicability and suitability of meta-learning for unsupervised anomaly detection, comparing metric scores achieved by base algorithms and meta-learners. Analyses and discussion end up showing how the adoption of meta-learners significantly reduces misclassifications when detecting (zero-day) intrusions in CPSs.
41
Li, Shiyun, and Omar Dib. "Enhancing Online Security: A Novel Machine Learning Framework for Robust Detection of Known and Unknown Malicious URLs." Journal of Theoretical and Applied Electronic Commerce Research 19, no. 4 (October 26, 2024): 2919–60. http://dx.doi.org/10.3390/jtaer19040141.
Full textAbstract:
The rapid expansion of the internet has led to a corresponding surge in malicious online activities, posing significant threats to users and organizations. Cybercriminals exploit malicious uniform resource locators (URLs) to disseminate harmful content, execute phishing schemes, and orchestrate various cyber attacks. As these threats evolve, detecting malicious URLs (MURLs) has become crucial for safeguarding internet users and ensuring a secure online environment. In response to this urgent need, we propose a novel machine learning-driven framework designed to identify known and unknown MURLs effectively. Our approach leverages a comprehensive dataset encompassing various labels—including benign, phishing, defacement, and malware—to engineer a robust set of features validated through extensive statistical analyses. The resulting malicious URL detection system (MUDS) combines supervised machine learning techniques, tree-based algorithms, and advanced data preprocessing, achieving a high detection accuracy of 96.83% for known MURLs. For unknown MURLs, the proposed framework utilizes CL_K-means, a modified k-means clustering algorithm, alongside two additional biased classifiers, achieving 92.54% accuracy on simulated zero-day datasets. With an average processing time of under 14 milliseconds per instance, MUDS is optimized for real-time integration into network endpoint systems. These outcomes highlight the efficacy and efficiency of the proposed MUDS in fortifying online security by identifying and mitigating MURLs, thereby reinforcing the digital landscape against cyber threats.
42
Samantray, Om Prakash, and Satya Narayan Tripathy. "An Opcode-Based Malware Detection Model Using Supervised Learning Algorithms." International Journal of Information Security and Privacy 15, no. 4 (October 2021): 18–30. http://dx.doi.org/10.4018/ijisp.2021100102.
Full textAbstract:
There are several malware detection techniques available that are based on a signature-based approach. This approach can detect known malware very effectively but sometimes may fail to detect unknown or zero-day attacks. In this article, the authors have proposed a malware detection model that uses operation codes of malicious and benign executables as the feature. The proposed model uses opcode extract and count (OPEC) algorithm to prepare the opcode feature vector for the experiment. Most relevant features are selected using extra tree classifier feature selection technique and then passed through several supervised learning algorithms like support vector machine, naive bayes, decision tree, random forest, logistic regression, and k-nearest neighbour to build classification models for malware detection. The proposed model has achieved a detection accuracy of 98.7%, which makes this model better than many of the similar works discussed in the literature.
43
Serinelli, Benedetto Marco, Anastasija Collen, and Niels Alexander Nijdam. "On the analysis of open source datasets: validating IDS implementation for well-known and zero day attack detection." Procedia Computer Science 191 (2021): 192–99. http://dx.doi.org/10.1016/j.procs.2021.07.024.
Full text
44
Rangaraju, Sakthiswaran. "AI SENTRY: REINVENTING CYBERSECURITY THROUGH INTELLIGENT THREAT DETECTION." EPH - International Journal of Science And Engineering 9, no. 3 (December 1, 2023): 30–35. http://dx.doi.org/10.53555/ephijse.v9i3.211.
Full textAbstract:
In recent years, the escalating complexity and frequency of cyber threats have presented a formidable challenge to traditional cybersecurity measures. The emergence of artificial intelligence (AI) technologies has revolutionized the landscape, offering a promising solution to fortify defenses against evolving threats. This paper introduces AI Sentry, an innovative approach to cybersecurity that leverages the power of AI for intelligent threat detection and prevention. AI Sentry embodies a paradigm shift in cybersecurity, integrating machine learning, neural networks, and advanced algorithms to proactively identify, analyze, and mitigate potential threats in real time. By continuously learning from vast datasets and adapting to new attack vectors, AI Sentry enhances its ability to recognize anomalous patterns and behaviors, thereby thwarting sophisticated cyber assaults. The core strength of AI Sentry lies in its capability to detect anomalies and predict threats with a high degree of accuracy, surpassing the limitations of traditional signature-based systems. Through anomaly detection, behavioral analysis, and contextual understanding, AI Sentry not only identifies known threats but also anticipates zero-day attacks and previously unseen malicious activities. This paper delves into the technical underpinnings of AI Sentry, elucidating its architecture, data processing techniques, machine learning models, and the orchestration of various AI components. Furthermore, it explores the ethical considerations and challenges associated with AI-powered cybersecurity, including issues of privacy, bias mitigation, and transparency in decision-making.
45
Alsulami, Basmah, Abdulmohsen Almalawi, and Adil Fahad. "Toward an Efficient Automatic Self-Augmentation Labeling Tool for Intrusion Detection Based on a Semi-Supervised Approach." Applied Sciences 12, no. 14 (July 17, 2022): 7189. http://dx.doi.org/10.3390/app12147189.
Full textAbstract:
Intrusion detection systems (IDSs) based on machine learning algorithms represent a key component for securing computer networks, where normal and abnormal behaviours of network traffic are automatically learned with no or limited domain experts’ interference. Most of existing IDS approaches rely on labeled predefined classes which require domain experts to efficiently and accurately identify anomalies and threats. However, it is very hard to acquire reliable, up-to-date, and sufficient labeled data for an efficient traffic intrusion detection model. To address such an issue, this paper aims to develop a novel self-automatic labeling intrusion detection approach (called SAL) which utilises only small labeled network traffic data to potentially detect most types of attacks including zero-day attacks. In particular, the proposed SAL approach has three phases including: (i) an ensemble-based decision-making phase to address the limitations of a single classifier by relying on the predictions of multi-classifiers, (ii) a function agreement phase to assign the class label based on an adaptive confidence threshold to unlabeled observations, and (iii) an augmentation labeling phase to maximise the accuracy and the efficiency of the intrusion detection systems in a classifier model and to detect new attacks and anomalies by utilising a hybrid voting-based ensemble learning approach. Experimental results on available network traffic data sets demonstrate that the proposed SAL approach achieves high performance in comparison to two well-known baseline IDSs based on machine learning algorithms.
46
H., Manjunath, and Saravana Kumar. "Network Intrusion Detection System using Convolution Recurrent Neural Networks and NSL-KDD Dataset." Fusion: Practice and Applications 13, no. 1 (2023): 117–25. http://dx.doi.org/10.54216/fpa.130109.
Full textAbstract:
Increase in network activity of transferring information online allows network breeches where intruders easily avail the most important information or data. The growth of online functioning and many other governmental data over the internet without security has caused data vulnerability; attackers can easily detect the data and misuse them. Network Intrusion Detection System (NIDS) has allowed this whole process of online data transfer to occur safely and secured transactions. Due to the cloud usage in network the huge amount of traffic is created as well as number of attacks are increased day by day. To prevent the vulnerability and its types are social, environmental, cognitive, military attacks in the network are classified using CRNN model. We used ensemble learning methods in machine learning algorithms are used to detect and prevent the malicious packets in the network. Our model detects the unauthorized users intruding into any network and alerts the organization regarding the same. When a typical firewall is unable to effectively stop certain sorts of attacks on computer system usage and network communications, a network intrusion detection system may be used. First, we are classifying the unauthorized packets using machine learning algorithm. Using our concept, we have used neural networks in this paper to detect any such attack. For the Network Security Laboratory - Knowledge Discovery in Databases data set using CNN and RNN algorithms, we also applied a few well-known techniques as boosting and pasting methods. In this CRNN approach, we demonstrate that neural networks are more effective than other methods at detecting attacks.
47
Balaji K. M. and Subbulakshmi T. "Malware Analysis Using Classification and Clustering Algorithms." International Journal of e-Collaboration 18, no. 1 (January 2022): 1–26. http://dx.doi.org/10.4018/ijec.290290.
Full textAbstract:
Malware analysis and detection are important tasks to be accomplished as malware is getting more and more arduous at every instance. The threats and problems posed by the public around the globe are also rapidly increasing. Detection of zero-day attacks and polymorphic viruses is also a challenging task to be done. The increasing threats and problems lead to the need for detection techniques which lead to the well-known and the most common approach called as machine learning. The purpose of this survey is to formulate the most effective feature extraction and classification ways that sums up the most effective methods (which includes algorithms) with maximum accuracy and also to effectively understand the clustering properties of the malware datasets by considering appropriate algorithms. This work also provides an overview on information about malwares used. The experimental results of the proposed model clearly showed that the KNN classifier as the most accurate with 0.962355 accuracy.
48
Dung, Nguyễn Thị, Nguyễn Văn Quân, and Nguyễn Việt Hùng. "Ứng dụng mô hình học sâu trong phát hiện tấn công trinh sát mạng." Journal of Science and Technology on Information security 2, no. 16 (February 13, 2023): 60–72. http://dx.doi.org/10.54654/isj.v1i16.922.
Full textAbstract:
Tóm tắt— Ngày nay, cùng với sự phát triển nhanh chóng của Internet là thực trạng gia tăng các cuộc tấn công mạng cả về quy mô lẫn số lượng. Trong đó, tin tặc có thể sử dụng nhiều phương pháp tấn công khác nhau, nhưng tất cả thường diễn ra theo quy trình nhất định, bắt đầu từ bước trinh sát mạng. Chính vì vậy, để kịp thời phát hiện sớm các hành vi xâm nhập mạng trái phép, đặc biệt là từ giai đoạn trinh sát mạng, cần triển khai các giải pháp, hệ thống phát hiện xâm nhập ứng dụng với những kỹ thuật phát hiện tiên tiến. Trên thực tế, các hệ thống phát hiện xâm nhập mạng (Intrusion Detection System - IDS) thường dựa trên các dấu hiệu thông qua các luật đã được thiết lập trước. Kỹ thuật này còn nhiều hạn chế do không phát hiện được các cuộc tấn công mới hoặc biến thể của các cuộc tấn công đã biết. Nhằm khắc phục hạn chế này, nhiều kỹ thuật ứng dụng máy học đã được nghiên cứu và triển khai. Trong bài báo này, nhóm tác giả đề xuất hướng tiếp cận cải tiến mô hình mạng học sâu hai giai đoạn ứng dụng trong hệ thống phát hiện và phân loại các hình thức tấn công trinh sát mạng. Đề xuất sẽ được đánh giá, thử nghiệm với bộ dữ liệu tiêu chuẩn NSL-KDD, UNSW-NB15, CTU13. Abstract— In recent years, the number of new types of attacks has increased dramatically. Although there are many types of attack techniques, all of them are following the similar chain of attack, beginning with network reconnaissance phase. Therefore, network reconnaissance attack detection problem is important for every Intrusion Detection System (IDS). In fact, network intrusion detection systems are based on pre-defined rules so they are not able to detect new attacks or variants of known attacks. Meanwhile, hackers have developed many automated toolkits that allow subtle changes to the attack behavior sufficient for IDS to treat as a zero-day attack. To overcome this limitation, many machine learning models have been applied in IDS and implemented in a real network. In this paper, we propose a new approach that uses two stage AutoEncoder to detect network reconnaissance attacks. The proposed approach is evaluated on network security datasets: NSL-KDD, UNSW_NB15, four scenarios of the CTU13 datasets and compared to existing methods.
49
U., Kumaran, Thangam S., T. V. Nidhin Prabhakar, Jana Selvaganesan, and Vishwas H.N. "Adversarial Defense: A GAN-IF Based Cyber-security Model for Intrusion Detection in Software Piracy." Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 14, no. 4 (December 23, 2023): 96–114. http://dx.doi.org/10.58346/jowua.2023.i4.008.
Full textAbstract:
Software-piracy continues to be most critical distress, posing grave threats to digital-assets and financial stability. Traditional Intrusion Detection systems (IDS) often battles hard to identify latest piracy attempts owing to their dependence on pre-established patterns. To effectively address this we attempt to suggest innovative approach leveraging DL based Generative Adversarial Networks (GANs) and ML based Isolation Forest (IF) for detecting software piracies. Our proposed GAN-IF based cyber-security model performs its functions by training a Generator network to mimic the behavior of genuine software applications. Discriminator network discriminates between legitimate and pirated software. Isolation Forests assists in detecting anomalies in diverse conditions, including unseen attacks. Integrated training based on DL and ML framework enables efficient learning and adaptation with respect to piracy challenges, making it highly-successful against prior known threats. There are several DL models which are utilized in IDS operations having limitations in terms of robustness, interpretability. Utilizing GAN in the context of cyber-security to combat software-piracy can have noteworthy merits since GANs can precisely identify forged software as they are skilled at generating fake content resembling actual. Training a GAN on legitimate software, helps to learn and identify disparities in pirated versions. Isolation-Forest can detect anomalies in software distribution networks or user behavior with respect to software usage by recognizing abnormal patterns indicating software piracy, like illegal access or sharing of software licenses. Our proposed model combines GANs and Isolation Forests, excels at accurately detecting subtle indicators of software piracy, a capability that traditional methods may fail to recognize. ML-DL integrated model continuously learns and updates its detection capabilities in response to evolving piracy tactics, making it resilient against zero-day attacks, polymorphic malware. Through adversarial training, ml-model minimizes false alarms and focuses only on genuine threats. In our evaluation, we demonstrate the effectiveness of GAN-IF based cyber-security model in detecting software piracy attempts across various scenarios. Results indicate that our approach outperforms traditional solutions in terms of detection accuracy and adaptability.
50
Jagan, Shanmugam, Ashish Ashish, Miroslav Mahdal, Kenneth Ruth Isabels, Jyoti Dhanke, Parita Jain, and Muniyandy Elangovan. "A Meta-Classification Model for Optimized ZBot Malware Prediction Using Learning Algorithms." Mathematics 11, no. 13 (June 24, 2023): 2840. http://dx.doi.org/10.3390/math11132840.
Full textAbstract:
Botnets pose a real threat to cybersecurity by facilitating criminal activities like malware distribution, attacks involving distributed denial of service, fraud, click fraud, phishing, and theft identification. The methods currently used for botnet detection are only appropriate for specific botnet commands and control protocols; they do not endorse botnet identification in early phases. Security guards have used honeypots successfully in several computer security defence systems. Honeypots are frequently utilised in botnet defence because they can draw botnet compromises, reveal spies in botnet membership, and deter attacker behaviour. Attackers who build and maintain botnets must devise ways to avoid honeypot traps. Machine learning methods support identification and inhibit bot threats to address the problems associated with botnet attacks. To choose the best features to feed as input to the machine learning classifiers to estimate the performance of botnet detection, a Kernel-based Ensemble Meta Classifier (KEMC) Strategy is suggested in this work. And particle swarm optimization (PSO) and genetic algorithm (GA) intelligent optimization algorithms are used to establish the ideal order. The model covered in this paper is employed to forecast Internet cyber security circumstances. The Binary Cross-Entropy (loss), the GA-PSO optimizer, the Softsign activation functions and ensembles were used in the experiment to produce the best results. The model succeeded because Forfileless malware, gathered from well-known datasets, achieved a total accuracy of 93.3% with a True Positive (TP) Range of 87.45% at zero False Positive (FP).