To see the other types of publications on this topic, follow the link: Security of machine learning classifiers.
Journal articles on the topic 'Security of machine learning classifiers'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Security of machine learning classifiers.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Atnafu, Surafel Mehari, and Prof (Dr ). Anuja Kumar Acharya. "Comparative Analysis of Intrusion Detection Attack Based on Machine Learning Classifiers." Indian Journal of Artificial Intelligence and Neural Networking 1, no. 2 (April 10, 2021): 22–28. http://dx.doi.org/10.35940/ijainn.b1025.041221.
Full textAbstract:
In current day information transmitted from one place to another by using network communication technology. Due to such transmission of information, networking system required a high security environment. The main strategy to secure this environment is to correctly identify the packet and detect if the packet contains a malicious and any illegal activity happened in network environments. To accomplish this, we use intrusion detection system (IDS). Intrusion detection is a security technology that design detects and automatically alert or notify to a responsible person. However, creating an efficient Intrusion Detection System face a number of challenges. These challenges are false detection and the data contain high number of features. Currently many researchers use machine learning techniques to overcome the limitation of intrusion detection and increase the efficiency of intrusion detection for correctly identify the packet either the packet is normal or malicious. Many machine-learning techniques use in intrusion detection. However, the question is which machine learning classifiers has been potentially to address intrusion detection issue in network security environment. Choosing the appropriate machine learning techniques required to improve the accuracy of intrusion detection system. In this work, three machine learning classifiers are analyzed. Support vector Machine, Naïve Bayes Classifier and K-Nearest Neighbor classifiers. These algorithms tested using NSL KDD dataset by using the combination of Chi square and Extra Tree feature selection method and Python used to implement, analyze and evaluate the classifiers. Experimental result show that K-Nearest Neighbor classifiers outperform the method in categorizing the packet either is normal or malicious.
2
Atnafu, Surafel Mehari, and Prof (Dr ). Anuja Kumar Acharya. "Comparative Analysis of Intrusion Detection Attack Based on Machine Learning Classifiers." Indian Journal of Artificial Intelligence and Neural Networking 1, no. 2 (April 10, 2021): 22–28. http://dx.doi.org/10.54105/ijainn.b1025.041221.
Full textAbstract:
In current day information transmitted from one place to another by using network communication technology. Due to such transmission of information, networking system required a high security environment. The main strategy to secure this environment is to correctly identify the packet and detect if the packet contains a malicious and any illegal activity happened in network environments. To accomplish this, we use intrusion detection system (IDS). Intrusion detection is a security technology that design detects and automatically alert or notify to a responsible person. However, creating an efficient Intrusion Detection System face a number of challenges. These challenges are false detection and the data contain high number of features. Currently many researchers use machine learning techniques to overcome the limitation of intrusion detection and increase the efficiency of intrusion detection for correctly identify the packet either the packet is normal or malicious. Many machine-learning techniques use in intrusion detection. However, the question is which machine learning classifiers has been potentially to address intrusion detection issue in network security environment. Choosing the appropriate machine learning techniques required to improve the accuracy of intrusion detection system. In this work, three machine learning classifiers are analyzed. Support vector Machine, Naïve Bayes Classifier and K-Nearest Neighbor classifiers. These algorithms tested using NSL KDD dataset by using the combination of Chi square and Extra Tree feature selection method and Python used to implement, analyze and evaluate the classifiers. Experimental result show that K-Nearest Neighbor classifiers outperform the method in categorizing the packet either is normal or malicious.
3
ALGorain, Fahad T., and John A. Clark. "Covering Arrays ML HPO for Static Malware Detection." Eng 4, no. 1 (February 9, 2023): 543–54. http://dx.doi.org/10.3390/eng4010032.
Full textAbstract:
Malware classification is a well-known problem in computer security. Hyper-parameter optimisation (HPO) using covering arrays (CAs) is a novel approach that can enhance machine learning classifier accuracy. The tuning of machine learning (ML) classifiers to increase classification accuracy is needed nowadays, especially with newly evolving malware. Four machine learning techniques were tuned using cAgen, a tool for generating covering arrays. The results show that cAgen is an efficient approach to achieve the optimal parameter choices for ML techniques. Moreover, the covering array shows a significant promise, especially cAgen with regard to the ML hyper-parameter optimisation community, malware detectors community and overall security testing. This research will aid in adding better classifiers for static PE malware detection.
4
Katzir, Ziv, and Yuval Elovici. "Quantifying the resilience of machine learning classifiers used for cyber security." Expert Systems with Applications 92 (February 2018): 419–29. http://dx.doi.org/10.1016/j.eswa.2017.09.053.
Full text
5
Gongada, Sandhya Rani, Muktevi Chakravarthy, and Bhukya Mangu. "Power system contingency classification using machine learning technique." Bulletin of Electrical Engineering and Informatics 11, no. 6 (December 1, 2022): 3091–98. http://dx.doi.org/10.11591/eei.v11i6.4031.
Full textAbstract:
One of the most effective ways for estimating the impact and severity of line failures on the static security of the power system is contingency analysis. The contingency categorization approach uses the overall performance index to measure the system's severity (OPI). The newton raphson (NR) load flow technique is used to extract network variables in a contingency situation for each transmission line failure. Static security is categorised into five categories in this paper: secure (S), critically secure (CS), insecure (IS), highly insecure (HIS), and most insecure (MIS). The K closest neighbor machine learning strategy is presented to categorize these patterns. The proposed machine learning classifiers are trained on the IEEE 30 bus system before being evaluated on the IEEE 14, IEEE 57, and IEEE 118 bus systems. The suggested k-nearest neighbor (KNN) classifier increases the accuracy of power system security assessments categorization. A fuzzy logic approach was also investigated and implemented for the IEEE 14 bus test system to forecast the aforementioned five classifications.
6
Mehanović, Dželila, and Jasmin Kevrić. "Phishing Website Detection Using Machine Learning Classifiers Optimized by Feature Selection." Traitement du Signal 37, no. 4 (October 10, 2020): 563–69. http://dx.doi.org/10.18280/ts.370403.
Full textAbstract:
Security is one of the most actual topics in the online world. Lists of security threats are constantly updated. One of those threats are phishing websites. In this work, we address the problem of phishing websites classification. Three classifiers were used: K-Nearest Neighbor, Decision Tree and Random Forest with the feature selection methods from Weka. Achieved accuracy was 100% and number of features was decreased to seven. Moreover, when we decreased the number of features, we decreased time to build models too. Time for Random Forest was decreased from the initial 2.88s and 3.05s for percentage split and 10-fold cross validation to 0.02s and 0.16s respectively.
7
Deshmukh, Miss Maithili, and Dr M. A. Pund. "Implementation Paper on Network Data Verification Using Machine Learning Classifiers Based on Reduced Feature Dimensions." International Journal for Research in Applied Science and Engineering Technology 10, no. 4 (April 30, 2022): 2921–24. http://dx.doi.org/10.22214/ijraset.2022.41938.
Full textAbstract:
Abstract: With the rapid development of network-based applications, new risks arise and extra security mechanisms require additional attention to enhance speed and accuracy. Although many new security tools are developed, the rapid rise of malicious activity may be a major problem and therefore the ever-evolving attacks pose serious threats to network security. Network administrators rely heavily on intrusion detection systems to detect such network intrusion activity. a serious approach is machine learning methods for intrusion detection, where we learn models from data to differentiate between abnormal and normal traffic. Although machine learning methods are often used, there are some drawbacks to deep analysis of machine learning algorithms in terms of intrusion detection. during this work, we present a comprehensive analysis of some existing machine learning classifiers within the context of known intrusions into network traffic. Specifically, we analyze classification along different dimensions, that is, feature selection, sensitivity to hyper-parameter selection, and sophistication imbalance problems involved in intrusion detection. We evaluate several classifications using the NSL-KDD dataset and summarize their effectiveness using detailed experimental evaluation. Keywords: IDS, Machine Learning, Classification Algorithms, NSL-KDD Dataset, Network Intrusion Detection, Data Mining, Feature Selection, WEKA, Hyperparameters, Hyperparameter Optimization.
8
Runwal, Akshat. "Anomaly based Intrusion Detection System using Machine Learning." International Journal for Research in Applied Science and Engineering Technology 9, no. 9 (September 30, 2021): 255–60. http://dx.doi.org/10.22214/ijraset.2021.37955.
Full textAbstract:
Abstract: Attacks on the computer infrastructures are becoming an increasingly serious issue. The problem is ubiquitous and we need a reliable system to prevent it. An anomaly detection-based network intrusion detection system is vital to any security framework within a computer network. The existing Intrusion detection system have a high detection rate but they also have mendacious alert rates. With the use of Machine Learning, we can implement an efficient and reliable model for Intrusion detection and stop some of the hazardous attacks in the network. This paper focuses on detailed study on NSL- KDD dataset after extracting some of the relevant records and then several experiments have been performed and evaluated to assess various machine learning classifiers based on dataset. The implemented experiments demonstrated that the Random forest classifier has achieved the highest average accuracy and has outperformed the other models in various evaluations. Keywords: Intrusion Detection System, Anomaly Detection, Machine Learning, Random Forest, Network Security
9
Abdulrezzak, Sarah, and Firas Sabir. "An Empirical Investigation on Snort NIDS versus Supervised Machine Learning Classifiers." Journal of Engineering 29, no. 2 (February 1, 2023): 164–78. http://dx.doi.org/10.31026/j.eng.2023.02.11.
Full textAbstract:
With the vast usage of network services, Security became an important issue for all network types. Various techniques emerged to grant network security; among them is Network Intrusion Detection System (NIDS). Many extant NIDSs actively work against various intrusions, but there are still a number of performance issues including high false alarm rates, and numerous undetected attacks. To keep up with these attacks, some of the academic researchers turned towards machine learning (ML) techniques to create software that automatically predict intrusive and abnormal traffic, another approach is to utilize ML algorithms in enhancing Traditional NIDSs which is a more feasible solution since they are widely spread. To upgrade the detection rates of current NIDSs, thorough analyses are essential to identify where ML predictors outperform them. The first step is to provide assessment of most used NIDS worldwide, Snort, and comparing its performance with ML classifiers. This paper provides an empirical study to evaluate performance of Snort and four supervised ML classifiers, KNN, Decision Tree, Bayesian net and Naïve Bays against network attacks, probing, Brute force and DoS. By measuring Snort metric, True Alarm Rate, F-measure, Precision and Accuracy and compares them with the same metrics conducted from applying ML algorithms using Weka tool. ML classifiers show an elevated performance with over 99% correctly classified instances for most algorithms, While Snort intrusion detection system shows a degraded classification of about 25% correctly classified instances, hence identifying Snort weaknesses towards certain attack types and giving leads on how to overcome those weaknesses. es.
10
Singh, Ravi, and Virender Ranga. "Performance Evaluation of Machine Learning Classifiers on Internet of Things Security Dataset." International Journal of Control and Automation 11, no. 5 (May 31, 2018): 11–24. http://dx.doi.org/10.14257/ijca.2018.11.5.02.
Full text
11
Deshmukh, Miss Maithili, and Dr M. A. Pund. "Review Paper on Network Data Verification Using Machine Learning Classifiers Based On Reduced Feature Dimensions." International Journal for Research in Applied Science and Engineering Technology 10, no. 4 (April 30, 2022): 1592–95. http://dx.doi.org/10.22214/ijraset.2022.41586.
Full textAbstract:
Abstract: With the rapid development of network-based applications, new risks arise and additional security mechanisms require additional attention to improve speed and accuracy. Although many new security tools have been developed, the rapid rise of malicious activity is a serious problem and the ever-evolving attacks pose serious threats to network security. Network administrators rely heavily on intrusion detection systems to detect such network intrusion activity. A major approach is machine learning methods for intrusion detection, where we learn models from data to differentiate between abnormal and normal traffic. Although machine learning methods are often used, there are some shortcomings in the in-depth analysis of machine learning algorithms in terms of intrusion detection. In this work, we present a comprehensive analysis of some existing machine learning classifiers with respect to known intrusions into network traffic. Specifically, we analyze classification with different dimensions, that is, feature selection, sensitivity to hyper-parameter selection, and class imbalance problems that are involved in intrusion detection. We evaluate several classifications using the NSL-KDD dataset and summarize their effectiveness using detailed experimental evaluation. Keywords: IDS, Machine Learning, Classification Algorithms, NSL-KDD Dataset, Network Intrusion Detection, Data Mining, Feature Selection, WEKA, Hyperparameters, Hyperparameter Optimization.
12
Alkaaf, Howida Abuabker, Aida Ali, Siti Mariyam Shamsuddin, and Shafaatunnur Hassan. "Exploring permissions in android applications using ensemble-based extra tree feature selection." Indonesian Journal of Electrical Engineering and Computer Science 19, no. 1 (July 1, 2020): 543. http://dx.doi.org/10.11591/ijeecs.v19.i1.pp543-552.
Full textAbstract:
<span>The fast development of mobile apps and its usage has led to increase the risk of exploiting user privacy. One method used in Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, that permissions could be exploited by attackers when granting certain combinations of permissions. So, the aim of this paper is to explore the pattern of malware apps based on analyzing permissions by proposing framework utilizing feature selection based on ensemble extra tree classifier method and machine learning classifier. The used dataset had 25458 samples (8643 malware apps & 16815 benign apps) with 173 features. Three dataset with 25458 samples and 5, 10 and 20 features respectively were generated after using the proposed feature selection method. All the dataset was fed to machine learning. Support Vector machine (SVM), K Neighbors Classifier, Decision Tree, Naïve bayes and Multilayer Perceptron (MLP) classifiers were used. The classifiers models were evaluated using true negative rate (TNR), false positive rate (FNR) and accuracy metrics. The experimental results obtained showed that Support Vector machine and KNeighbors Classifiers with 20 features achieved the highest accuracy with 94 % and TNR with rate of 89 % using KNeighbors Classifier. The FNR rate is dropped to 0.001 using 5 features with support vector machine (SVM) and Multilayer Perceptrons (MLP) classifiers. The result indicated that reducing permission features improved the performance of classification and reduced the computational overhead.</span>
13
S.R., Chandrasekaran, and Dr Sabiyath Fatima N. "Speculating the Threat of Cardiovascular Disease Using Classifiers with User-Focused Security Evaluations." Webology 19, no. 1 (January 20, 2022): 5529–46. http://dx.doi.org/10.14704/web/v19i1/web19372.
Full textAbstract:
In recent decades, cardiovascular disease (CVD) is the most common type of disease that is prevailing all over the world. It is a class of diseases that involve the heart and its vessels. Strokes and heart attacks are normally critical events that are largely provoked by congestion that restricts blood from streaming to the parts of the body. The principle aim of this research is to find the feature that accounts for cardiovascular disease risks. The collection of data from the hospitals and laboratories can determine the risk of patients having cardiovascular disease by analysing the trends and correlations between the dataset. First, the data undergoes a security process that involves user-level security. The data is further processed to show the comparison between the 12 features and find out the top few features that account for the risk of positive cardiovascular disease. This Machine learning techniques can be widely used in the medical field, to determine the risk of cardiovascular disease early. These collected data from the patients may be used to warn them. To identify the risk of having cardiovascular disease early there are some proposed machine learning algorithms like K-nearest neighbours, XG Boost, Gradient boost and Random Forest Classifier by measuring the metrics like precision, accuracy, f-1 score and recall. Out of all these algorithms, XG Boost yields the highest accuracy of 90%. To increase the overall accuracy stacking algorithm is used to combine all the base learner algorithms to produce a result at once. After stacking the overall accuracy boosted to 92% for the respective dataset.
14
Sharma, Shweta. "OVERVIEW OF MACHINE LEARNING IN CYBERSECURITY COMPARATIVE ANALYSIS OF CLASSIFIERS USING WEKA." Journal of University of Shanghai for Science and Technology 23, no. 08 (August 11, 2021): 334–43. http://dx.doi.org/10.51201/jusst/21/08385.
Full textAbstract:
Technologies have made a drastic change over years from mainframe computers to laptops, from telephone to cellular phone everything is changing and becoming digital. The online platform is the new way of working whether it is related to education, social gathering or business everything is going online which is easy, comfortable and consumes less time. Smart tv smartphones smartwatches that come under the category of IoT has been deployed all over the world nowadays, features like voice recognition system face detection system have become a crucial part of the most of the smart device. Nowadays it has become an essential part of our daily life but with the benefits, there is also a major concern that is increasing day by day that is cyber-attack. Security over cyberspace is a most crucial thing what user seeks for When security & machine learning both come into one picture it makes a huge impact on user’s safety. This research paper deals with the overview of machine learning and the need for machine learning in cybersecurity. I have also performed a comparison between two classifiers Naïve Bayes and decision tree by feeding the spam email dataset in the WEKA tool. The motive behind doing this classification is to check which classifier can interpret the result more accurately.
15
K, Poojitha. "Detection of Malware in Android Phones Using Machine Learning." International Journal for Research in Applied Science and Engineering Technology 10, no. 7 (July 31, 2022): 3344–47. http://dx.doi.org/10.22214/ijraset.2022.45726.
Full textAbstract:
Abstract: In a major cyber security scare, around 1.5 crore Android devices in India have been infected by malware without the knowledge of the users. According to a report by cyber security solution firm Check Point Research in 2020, a new variant of mobile malware has quietly infected around 2.5 crore devices worldwide. Malware is any type of malicious software or code designed to harm a user's device, such as trojans, adware, ransomware, spyware, viruses or phishing apps. The permissions and API-calls are extracted from all Android applications, and both were included as features in the dataset. It is a process of analysing the malware binary without running the code. To offer a simple, streamlined, document-centric experience Jupyter Notebook interactive development environment and Flask is utilized. The Androguard tool and genetic algorithm analyses the APK files by separately extracting the permissions for each APK file. Supervised Machine Learning algorithms used are Support Vector Machine (SVM) and MLP an ANN numeral network approach is used to compare the traditional machine learning techniques. Experiments will be conducted on two types of models, traditional machine learning classifiers and deep learning neural networks. Initially, the classifiers are trained using the dataset, taken from android malware dataset and then testing and evaluationis performed based on the extracted features. An efficient method to detect the presence of malware in the android mobile phones using the permissions, API calls is implemented and the best classifier is identified which gives optimal results with accuracy, F-measure, Recall, and Precision scores. This would enable users to easily navigate various resources available with an adaptive user interface using android application.
16
Khonde, Shraddha R., and Venugopal Ulagamuthalvi. "Hybrid Architecture for Distributed Intrusion Detection System Using Semi-supervised Classifiers in Ensemble Approach." Advances in Modelling and Analysis B 63, no. 1-4 (December 31, 2020): 10–19. http://dx.doi.org/10.18280/ama_b.631-403.
Full textAbstract:
Security of data is becoming a big treat today because of modern attacks. All the data passing through network is at risk as intruders can easily access and modify data. Security to the network is provided using Intrusion Detection System (IDS) which helps to monitor and analyze each packet entering or passing through the network. In this paper hybrid architecture for IDS is proposed which can work as an intelligent system in distributed environment. Proposed system makes use of semi-supervised machine learning classifiers into an ensemble approach. Classifiers used are Support vector machine, decision tree and k-nearest neighbor. Ensemble of this classifier is done and final prediction is given by majority voting algorithm. This system makes use of feature selection technique to reduce number of features used for training various classifiers. Experiments are conducted on NSL-KDD dataset. From results it is observed that ensemble technique increases accuracy by 3% and reduces false alarm rate by 0.05. System performance improves if used in ensemble approach as compare to individual classifier.
17
Shibaikin, Sergei, Vladimir Nikulin, and Andrei Abbakumov. "Analysis of machine learning methods for computer systems to ensure safety from fraudulent texts." Vestnik of Astrakhan State Technical University. Series: Management, computer science and informatics 2020, no. 1 (January 27, 2020): 29–40. http://dx.doi.org/10.24143/2072-9502-2020-1-29-40.
Full textAbstract:
IT Security is an essential condition for functioning of each company whose work is related to the information storage. Various models for detecting fraudulent texts including a support vector machine, neural networks, logistic regression, and a naive Bayes classifier, have been analyzed. It is proposed to increase the efficiency of detection of fraudulent messages by combining classifiers in ensembles. The metaclassifier allows to consider the accuracy values of all analyzers, involving in the work the construction of the weight matrix and the characteristic that determines the minimum accuracy boundary. Based on the developed method, a software module for the classification of fraudulent text messages written in Java using M1 class of the OPENCV open library was created and tested. The general algorithm of the ensemble method is given. An experiment based on logistic regression, a naive Bayesian classifier, a multilayer perceptron, and an ensemble of these classifiers has revealed the maximum efficiency of the naive Bayesian classification algorithm and the prospect of combining classifiers into ensembles. The combined methods (ensembles) improve the results and increase the efficiency of the analysis, in contrast
to the work of individual analyzers.
18
Mahfouz, Ahmed, Abdullah Abuhussein, Deepak Venugopal, and Sajjan Shiva. "Ensemble Classifiers for Network Intrusion Detection Using a Novel Network Attack Dataset." Future Internet 12, no. 11 (October 26, 2020): 180. http://dx.doi.org/10.3390/fi12110180.
Full textAbstract:
Due to the extensive use of computer networks, new risks have arisen, and improving the speed and accuracy of security mechanisms has become a critical need. Although new security tools have been developed, the fast growth of malicious activities continues to be a pressing issue that creates severe threats to network security. Classical security tools such as firewalls are used as a first-line defense against security problems. However, firewalls do not entirely or perfectly eliminate intrusions. Thus, network administrators rely heavily on intrusion detection systems (IDSs) to detect such network intrusion activities. Machine learning (ML) is a practical approach to intrusion detection that, based on data, learns how to differentiate between abnormal and regular traffic. This paper provides a comprehensive analysis of some existing ML classifiers for identifying intrusions in network traffic. It also produces a new reliable dataset called GTCS (Game Theory and Cyber Security) that matches real-world criteria and can be used to assess the performance of the ML classifiers in a detailed experimental evaluation. Finally, the paper proposes an ensemble and adaptive classifier model composed of multiple classifiers with different learning paradigms to address the issue of the accuracy and false alarm rate in IDSs. Our classifiers show high precision and recall rates and use a comprehensive set of features compared to previous work.
19
Chinguwo, Michael Richard, and R. Dhanalakshmi. "Detecting Cloud Based Phishing Attacks Using Stacking Ensemble Machine Learning Technique." International Journal for Research in Applied Science and Engineering Technology 11, no. 3 (March 31, 2023): 360–67. http://dx.doi.org/10.22214/ijraset.2023.49422.
Full textAbstract:
Abstract: Cloud computing enables users to access computing services over the Internet, but this also presents a security risk due to the anonymous nature of the Internet. Social engineering attacks are one of the most common security breaches in cloud computing, where attackers trick cloud users to reveal sensitive information. Detecting phishing attacks in cloud computing is challenging, and various solutions have been proposed, including rule-based and anomaly-based detection methods. Machine learning techniques have proven to be effective in detecting and classifying phishing attacks, particularly for distinguishing between legitimate and phishing websites. This paper proposes an ensemble approach utilizing four different machine learning classifiers to detect phishing websites. The study analyzes various features, such as address bar-based, domain-based, and HTML & JavaScript-based features, and the findings reveal that the proposed ensemble approach outperforms the base classifiers, achieving the highest accuracy of 98.8%.
20
Alothman, Zainab, Mouhammd Alkasassbeh, and Sherenaz Al-Haj Baddar. "An efficient approach to detect IoT botnet attacks using machine learning." Journal of High Speed Networks 26, no. 3 (November 27, 2020): 241–54. http://dx.doi.org/10.3233/jhs-200641.
Full textAbstract:
The numerous security loopholes in the design and implementation of many IoT devices have rendered them an easy target for botnet attacks. Several approaches to implement behavioral IoT botnet attacks detection have been explored, including machine learning. The main goal of previous studies was to achieve the highest possible accuracy in distinguishing normal from malicious IoT traffic, with minimal regard to the identification of the particular type of attack that is being launched. In this study, we present a machine learning based approach for detecting IoT botnet attacks that not only helps distinguish normal from malicious traffic, but also detects the type of the IoT botnet attack. To achieve this goal, the Bot-IoT dataset, in which instances have main attack and sub-attack categories, was utilized after performing the Synthetic Minority Over-sampling Technique (SMOTE), among other preprocessing techniques. Moreover, multiple classifiers were tested and the results from the best three, namely: J48, Random Forest (RF), and Multilayer Perceptron (MLP) networks were reported. The results showed the superiority of the RF and J48 classifiers compared to the MLP networks and other state-of-the-art solutions. The accuracy of the best binary classifier reported in this study reached 0.999, whereas the best accuracies of main attack and subcategories classifications reached 0.96 and 0.93, respectively. Only few studies address the classification errors in this domain, yet, it was assessed in this study in terms of False Negative (FN) rates. J48 and RF classifiers, here also, outperformed the MLP network classifier, and achieved a maximum micro FN rate for subcategories classification of 0.076.
21
Pise, Nitin. "APPLICATION OF MACHINE LEARNING FOR INTRUSION DETECTION SYSTEM." INFORMATION TECHNOLOGY IN INDUSTRY 9, no. 1 (March 1, 2021): 314–23. http://dx.doi.org/10.17762/itii.v9i1.134.
Full textAbstract:
Due to Covid-19 pandemic, the most of the organizations have permitted their employees to work from home. Also, it is every essential to have security at the highest level so that information will flow in the safe and trusted environment between the different organizations. There is always threat of misuses and different intrusions for communication of the data securely over the internet. As more and more people are using online transactions for the different purposes, it is found that the cyber attackers have become more active. Three in four organizations have faced the different cyber-attacks in the year 2020. So, the detection of intrusion is very important. The paper introduces the intrusion detection system and describes its classification. It discusses the different contributions to the literature in literature review section. The paper discusses the application of the different feature selection techniques for reducing the number of features, use of the different classification algorithms for the intrusion detection and it shows how machine learning is used effectively. KDD99 benchmark dataset was used to implement and measure the performance of the system and good results are obtained and the performance of the different classifier algorithms was compared. Tree based classifiers such as J48 and ensemble techniques such as random forest give the best performance on KDD99 dataset.
22
Abid, Adnan, Ansar Abbas, Adel Khelifi, Muhammad Shoaib Farooq, Razi Iqbal, and Uzma Farooq. "An architectural framework for information integration using machine learning approaches for smart city security profiling." International Journal of Distributed Sensor Networks 16, no. 10 (October 2020): 155014772096547. http://dx.doi.org/10.1177/1550147720965473.
Full textAbstract:
In the past few decades, the whole world has been badly affected by terrorism and other law-and-order situations. The newspapers have been covering terrorism and other law-and-order issues with relevant details. However, to the best of our knowledge, there is no existing information system that is capable of accumulating and analyzing these events to help in devising strategies to avoid and minimize such incidents in future. This research aims to provide a generic architectural framework to semi-automatically accumulate law-and-order-related news through different news portals and classify them using machine learning approaches. The proposed architectural framework discusses all the important components that include data ingestion, preprocessor, reporting and visualization, and pattern recognition. The information extractor and news classifier have been implemented, whereby the classification sub-component employs widely used text classifiers for a news data set comprising almost 5000 news manually compiled for this purpose. The results reveal that both support vector machine and multinomial Naïve Bayes classifiers exhibit almost 90% accuracy. Finally, a generic method for calculating security profile of a city or a region has been developed, which is augmented by visualization and reporting components that maps this information onto maps using geographical information system.
23
Shroff, Jugal, Rahee Walambe, Sunil Kumar Singh, and Ketan Kotecha. "Enhanced Security Against Volumetric DDoS Attacks Using Adversarial Machine Learning." Wireless Communications and Mobile Computing 2022 (March 11, 2022): 1–10. http://dx.doi.org/10.1155/2022/5757164.
Full textAbstract:
With the increasing number of Internet users, cybersecurity is becoming more and more critical. Denial of service (DoS) and distributed denial of service (DDoS) attacks are two of the most common types of attacks that can severely affect a website or a server and make them unavailable to other users. The number of DDoS attacks increased by 55% between the period January 2020 and March 2021. Some approaches for detecting the DoS and DDoS attacks employing different machine learning and deep learning techniques are reported in the literature. Recently, it is also observed that the attackers have started leveraging state-of-the-art AI tools such as generative models for generating synthetic attacks which fool the standard detectors. No concrete approach is reported for developing and training the models which are not only robust in the detection of standard DDoS attacks but which can also detect adversarial attacks which are created synthetically by the attackers with harmful intentions. To that end, in this work, we employ a generative adversarial network (GAN) to develop such a robust detector. The proposed framework can generate and classify the synthetic benign (normal) and malignant (DDoS) instances which are very similar to the corresponding real instances as evaluated by similarity scores. The GAN-based model also demonstrates how effectively the malicious actors can generate adversarial DDoS network traffic instances which look like normal instances using feature modification which are very difficult for the classifier to detect. An approach on how to make the classifiers robust enough to detect such kinds of deliberate adversarial attacks via modifying some specific attack features manually is also proposed. This work provides the first step towards developing a generic and robust detector for DDoS attacks originating from various sources.
24
Khan, Rijwan, Akhilesh Kumar Srivastava, Mahima Gupta, Pallavi Kumari, and Santosh Kumar. "Medicolite-Machine Learning-Based Patient Care Model." Computational Intelligence and Neuroscience 2022 (January 25, 2022): 1–12. http://dx.doi.org/10.1155/2022/8109147.
Full textAbstract:
This paper discusses the machine learning effect on healthcare and the development of an application named “Medicolite” in which various modules have been developed for convenience with health-related problems like issues with diet. It also provides online doctor appointments from home and medication through the phone. A healthcare system is “Smart” when it can decide on its own and can prescribe patients life-saving drugs. Machine learning helps in capturing data that are large and contain sensitive information about the patients, so data security is one of the important aspects of this system. It is a health system that uses trending technologies and mobile internet to connect people and healthcare institutions to make them aware of their health condition by intelligently responding to their questions. It perceives information through machine learning and processes this information using cloud computing. With the new technologies, the system decreases the manual intervention in healthcare. Every single piece of information has been saved in the system and the user can access it any time. Furthermore, users can take appointments at any time without standing in a queue. In this paper, the authors proposed a CNN-based classifier. This CNN-based classifier is faster than SVM-based classifier. When these two classifiers are compared based on training and testing sessions, it has been found that the CNN has taken less time (30 seconds) compared to SVM (58 seconds).
25
Lee, Ting Rong, Je Sen Teh, Norziana Jamil, Jasy Liew Suet Yan, and Jiageng Chen. "Lightweight Block Cipher Security Evaluation Based on Machine Learning Classifiers and Active S-Boxes." IEEE Access 9 (2021): 134052–64. http://dx.doi.org/10.1109/access.2021.3116468.
Full text
26
Adithya Nallamuthu, Suresh. "A Hybrid Genetic-Neuro Algorithm for Cloud Intrusion Detection System." Journal of Computational Science and Intelligent Technologies 1, no. 2 (2020): 15–25. http://dx.doi.org/10.53409/mnaa.jcsit20201203.
Full textAbstract:
The security for cloud network systems is essential and significant to secure the data source from intruders and attacks. Implementing an intrusion detection system (IDS) for securing from those intruders and attacks is the best option. Many IDS models are presently based on different techniques and algorithms like machine learning and deep learning. In this research, IDS for the cloud computing environment is proposed. Here in this model, the genetic algorithm (GA) and back propagation neural network (BPNN) is used for attack detection and classification. The Canadian Institute for Cyber-security CIC-IDS 2017 dataset is used for the evaluation of performance analysis. Initially, from the dataset, the data are preprocessed, and by using the genetic algorithm, the attack was detected. The detected attacks are classified using the BPNN classifier for identifying the types of attacks. The performance analysis was executed, and the results are obtained and compared with the existing machine learning-based classifiers like FC-ANN, NB-RF, KDBN, and FCM-SVM techniques. The proposed GA-BPNN model outperforms all these classifying techniques in every performance metric, like accuracy, precision, recall, and detection rate. Overall, from the performance analysis, the best classification accuracy is achieved for Web attack detection with 97.90%, and the best detection rate is achieved for Brute force attack detection with 97.89%.
27
Aljably, Randa, Yuan Tian, and Mznah Al-Rodhaan. "Preserving Privacy in Multimedia Social Networks Using Machine Learning Anomaly Detection." Security and Communication Networks 2020 (July 20, 2020): 1–14. http://dx.doi.org/10.1155/2020/5874935.
Full textAbstract:
Nowadays, user’s privacy is a critical matter in multimedia social networks. However, traditional machine learning anomaly detection techniques that rely on user’s log files and behavioral patterns are not sufficient to preserve it. Hence, the social network security should have multiple security measures to take into account additional information to protect user’s data. More precisely, access control models could complement machine learning algorithms in the process of privacy preservation. The models could use further information derived from the user’s profiles to detect anomalous users. In this paper, we implement a privacy preservation algorithm that incorporates supervised and unsupervised machine learning anomaly detection techniques with access control models. Due to the rich and fine-grained policies, our control model continuously updates the list of attributes used to classify users. It has been successfully tested on real datasets, with over 95% accuracy using Bayesian classifier, and 95.53% on receiver operating characteristic curve using deep neural networks and long short-term memory recurrent neural network classifiers. Experimental results show that this approach outperforms other detection techniques such as support vector machine, isolation forest, principal component analysis, and Kolmogorov–Smirnov test.
28
Al-Zewairi, Malek, Sufyan Almajali, and Moussa Ayyash. "Unknown Security Attack Detection Using Shallow and Deep ANN Classifiers." Electronics 9, no. 12 (November 26, 2020): 2006. http://dx.doi.org/10.3390/electronics9122006.
Full textAbstract:
Advancements in machine learning and artificial intelligence have been widely utilised in the security domain, including but not limited to intrusion detection techniques. With the large training datasets of modern traffic, intelligent algorithms and powerful machine learning tools, security researchers have been able to greatly improve on the intrusion detection models and enhance their ability to detect malicious traffic more accurately. Nonetheless, the problem of detecting completely unknown security attacks is still an open area of research. The enormous number of newly developed attacks constitutes an eccentric challenge for all types of intrusion detection systems. Additionally, the lack of a standard definition of what constitutes an unknown security attack in the literature and the industry alike adds to the problem. In this paper, the researchers reviewed the studies on detecting unknown attacks over the past 10 years and found that they tended to use inconsistent definitions. This formulates the need for a standard consistent definition to have comparable results. The researchers proposed a new categorisation of two types of unknown attacks, namely Type-A, which represents a completely new category of unknown attacks, and Type-B, which represents unknown attacks within already known categories of attacks. The researchers conducted several experiments and evaluated modern intrusion detection systems based on shallow and deep artificial neural network models and their ability to detect Type-A and Type-B attacks using two well-known benchmark datasets for network intrusion detection. The research problem was studied as both a binary and multi-class classification problem. The results showed that the evaluated models had poor overall generalisation error measures, where the classification error rate in detecting several types of unknown attacks from 92 experiments was 50.09%, which highlights the need for new approaches and techniques to address this problem.
29
Al-Akhras, Mousa, Mohammed Alawairdhi, Ali Alkoudari, and Samer Atawneh. "Using Machine Learning to Build a Classification Model for IoT Networks to Detect Attack Signatures." International journal of Computer Networks & Communications 12, no. 6 (November 30, 2020): 99–116. http://dx.doi.org/10.5121/ijcnc.2020.12607.
Full textAbstract:
Internet of things (IoT) has led to several security threats and challenges within society. Regardless of the benefits that it has brought with it to the society, IoT could compromise the security and privacy of individuals and companies at various levels. Denial of Service (DoS) and Distributed DoS (DDoS) attacks, among others, are the most common attack types that face the IoT networks. To counter such attacks, companies should implement an efficient classification/detection model, which is not an easy task. This paper proposes a classification model to examine the effectiveness of several machine-learning algorithms, namely, Random Forest (RF), k-Nearest Neighbors (KNN), and Naïve Bayes. The machine learning algorithms are used to detect attacks on the UNSW-NB15 benchmark dataset. The UNSW-NB15 contains normal network traffic and malicious traffic instants. The experimental results reveal that RF and KNN classifiers give the best performance with an accuracy of 100% (without noise injection) and 99% (with 10% noise filtering), while the Naïve Bayes classifier gives the worst performance with an accuracy of 95.35% and 82.77 without noise and with 10% noise, respectively. Other evaluation matrices, such as precision and recall, also show the effectiveness of RF and KNN classifiers over Naïve Bayes.
30
Shatnawi, Ahmed S., Aya Jaradat, Tuqa Bani Yaseen, Eyad Taqieddin, Mahmoud Al-Ayyoub, and Dheya Mustafa. "An Android Malware Detection Leveraging Machine Learning." Wireless Communications and Mobile Computing 2022 (May 6, 2022): 1–12. http://dx.doi.org/10.1155/2022/1830201.
Full textAbstract:
Android applications have recently witnessed a pronounced progress, making them among the fastest growing technological fields to thrive and advance. However, such level of growth does not evolve without some cost. This particularly involves increased security threats that the underlying applications and their users usually fall prey to. As malware becomes increasingly more capable of penetrating these applications and exploiting them in suspicious actions, the need for active research endeavors to counter these malicious programs becomes imminent. Some of the studies are based on dynamic analysis, and others are based on static analysis, while some are completely dependent on both. In this paper, we studied static, dynamic, and hybrid analyses to identify malicious applications. We leverage machine learning classifiers to detect malware activities as we explain the effectiveness of these classifiers in the classification process. Our results prove the efficiency of permissions and the action repetition feature set and their influential roles in detecting malware in Android applications. Our results show empirically very close accuracy results when using static, dynamic, and hybrid analyses. Thus, we use static analyses due to their lower cost compared to dynamic and hybrid analyses. In other words, we found the best results in terms of accuracy and cost (the trade-off) make us select static analysis over other techniques.
31
Jaradat, Ameera S., Malek M. Barhoush, and Rawan S. Bani Easa. "Network intrusion detection system: machine learning approach." Indonesian Journal of Electrical Engineering and Computer Science 25, no. 2 (February 1, 2022): 1151. http://dx.doi.org/10.11591/ijeecs.v25.i2.pp1151-1158.
Full textAbstract:
The main goal of intrusion detection system (IDS) is to monitor the network performance and to investigate any signs of any abnormalities over the network. Recently, intrusion detection systems employ machine learning techniques, due to the fact that machine learning techniques proved to have the ability of learning and adapting in addition to allowing a prompt response. This work proposes a model for intrusion detection and classification using machine learning techniques. The model first acquires the data set and transforms it in the proper format, then performs feature selection to pick out a subset of attributes that worth being considered. After that, the refined data set was processed by the Konstanz information miner (KNIME). To gain better performance and a decent comparative analysis, three different classifiers were applied. The anticipated classifiers have been executed and assessed utilizing the KNIME analytics platform using (CICIDS2017) datasets. The experimental results showed an accuracy rate ranging between (98.6) as the highest obtained while the average was (90.59%), which was satisfying compared to other approaches. The gained statistics of this research inspires the researchers of this field to use machine learning in cyber security and data analysis and build intrusion detection systems with higher accuracy.
32
Khan, Riaz Ullah, Xiaosong Zhang, Rajesh Kumar, Abubakar Sharif, Noorbakhsh Amiri Golilarz, and Mamoun Alazab. "An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers." Applied Sciences 9, no. 11 (June 11, 2019): 2375. http://dx.doi.org/10.3390/app9112375.
Full textAbstract:
In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%.
33
Abed, Abdullah Suhail, Brwa Khalil Abdullah Ahmed, Sura Khalil Ibrahim, Musaddak Maher Abdul Zahra, Mohanad Ahmed Salih, and Refed Adnan Jaleel. "Development of an Integrate E-Medical System Using Software Defined Networking and Machine Learning." Webology 19, no. 1 (January 20, 2022): 3410–18. http://dx.doi.org/10.14704/web/v19i1/web19224.
Full textAbstract:
Scholars and medical professionals have recognizes the importance of electronic medical monitoring services for tracking elderly people's health. These platforms generate a large amount of data, requiring privacy and data security. on the contrary, Using Software Defined Networking (SDN) to maintain network efficiency and flexibility, which is especially important in the case of healthcare observation, could be a viable solution. Moreover, machine learning can additionally utilized as a game changing tool which incorporated with SDN for optimal level of privacy and security. Even so, integrating SDN into machine learning, which heavily relies on health sensors of patients, is incredibly difficult. In this paper, an Integrate Medical Platform (IMP) with a focus on SDN and Machine learning integration is proposed. We produce a platform that reduces complexity by identifying high level SDN regulations based on the extracted flow classes and utilizing machine learning traffic flow classification techniques. F or various types of traffic, We employ supervised learning approaches based on models that have already been trained. We use four algorithms for supervised learning: Random forest, Logistic Regression classifiers, K-NN, and SVM, with different characteristics. Finally, we evaluated IMP by using accuracy, precision, TPR, TNR, FPR, MAE, and energy consumption.
34
Alsulaiman, Lama, and Saad Al-Ahmadi. "Performance Evaluation of Machine Learning Techniques for DOS Detection in Wireless Sensor Network." International Journal of Network Security & Its Applications 13, no. 2 (March 31, 2021): 21–29. http://dx.doi.org/10.5121/ijnsa.2021.13202.
Full textAbstract:
The nature of Wireless Sensor Networks (WSN) and the widespread of using WSN introduce many security threats and attacks. An effective Intrusion Detection System (IDS) should be used to detect attacks. Detecting such an attack is challenging, especially the detection of Denial of Service (DoS) attacks. Machine learning classification techniques have been used as an approach for DoS detection. This paper conducted an experiment using Waikato Environment for Knowledge Analysis (WEKA)to evaluate the efficiency of five machine learning algorithms for detecting flooding, grayhole, blackhole, and scheduling at DoS attacks in WSNs. The evaluation is based on a dataset, called WSN-DS. The results showed that the random forest classifier outperforms the other classifiers with an accuracy of 99.72%.
35
Kanaker, Hasan, Nader Abdel Karim, Samer A.B. Awwad, Nurul H.A. Ismail, Jamal Zraqou, and Abdulla M. F. Al ali. "Trojan Horse Infection Detection in Cloud Based Environment Using Machine Learning." International Journal of Interactive Mobile Technologies (iJIM) 16, no. 24 (December 20, 2022): 81–106. http://dx.doi.org/10.3991/ijim.v16i24.35763.
Full textAbstract:
Cloud computing technology is known as a distributed computing network, which consists of a large number of servers connected via the internet. This technology involves many worthwhile resources, such as applications, services, and large database storage. Users have the ability to access cloud services and resources through web services. Cloud computing provides a considerable number of benefits, such as effective virtualized resources, cost efficiency, self-service access, flexibility, and scalability. However, many security issues are present in cloud computing environment. One of the most common security challenges in the cloud computing environment is the trojan horses. Trojan horses can disrupt cloud computing services and damage the resources, applications, or virtual machines in the cloud structure. Trojan horse attacks are dangerous, complicated and very difficult to be detected. In this research, eight machine learning classifiers for trojan horse detection in a cloud-based environment have been investigated. The accuracy of the cloud trojan horses detection rate has been investigated using dynamic analysis, Cukoo sandbox, and the Weka data mining tool. Based on the conducted experiments, the SMO and Multilayer Perceptron have been found to be the best classifiers for trojan horse detection in a cloud-based environment. Although SMO and Multilayer Perceptron have achieved the highest accuracy rate of 95.86%, Multilayer Perceptron has outperformed SMO in term of Receiver Operating Characteristic (ROC) area.
36
Gbenga*, Fadare Oluwaseun, Prof Adetunmbi Adebayo Olusola, Dr (Mrs) Oyinloye Oghenerukevwe Eloho, and Dr Mogaji Stephen Alaba. "Towards Optimization of Malware Detection using Chi-square Feature Selection on Ensemble Classifiers." International Journal of Engineering and Advanced Technology 10, no. 4 (April 30, 2021): 254–62. http://dx.doi.org/10.35940/ijeat.d2359.0410421.
Full textAbstract:
The multiplication of malware variations is probably the greatest problem in PC security and the protection of information in form of source code against unauthorized access is a central issue in computer security. In recent times, machine learning has been extensively researched for malware detection and ensemble technique has been established to be highly effective in terms of detection accuracy. This paper proposes a framework that combines combining the exploit of both Chi-square as the feature selection method and eight ensemble learning classifiers on five base learners- K-Nearest Neighbors, Naïve Bayes, Support Vector Machine, Decision Trees, and Logistic Regression. K-Nearest Neighbors returns the highest accuracy of 95.37%, 87.89% on chi-square, and without feature selection respectively. Extreme Gradient Boosting Classifier ensemble accuracy is the highest with 97.407%, 91.72% with Chi-square as feature selection, and ensemble methods without feature selection respectively. Extreme Gradient Boosting Classifier and Random Forest are leading in the seven evaluative measures of chi-square as a feature selection method and ensemble methods without feature selection respectively. The study results show that the tree-based ensemble model is compelling for malware classification.
37
Hammad, Baraa Tareq, Norziana Jamil, Ismail Taha Ahmed, Zuhaira Muhammad Zain, and Shakila Basheer. "Robust Malware Family Classification Using Effective Features and Classifiers." Applied Sciences 12, no. 15 (August 5, 2022): 7877. http://dx.doi.org/10.3390/app12157877.
Full textAbstract:
Malware development has significantly increased recently, posing a serious security risk to both consumers and businesses. Malware developers continually find new ways to circumvent security research’s ongoing efforts to guard against malware attacks. Malware Classification (MC) entails labeling a class of malware to a specific sample, while malware detection merely entails finding malware without identifying which kind of malware it is. There are two main reasons why the most popular MC techniques have a low classification rate. First, Finding and developing accurate features requires highly specialized domain expertise. Second, a data imbalance that makes it challenging to classify and correctly identify malware. Furthermore, the proposed malware classification (MC) method consists of the following five steps: (i) Dataset preparation: 2D malware images are created from the malware binary files; (ii) Visualized Malware Pre-processing: the visual malware images need to be scaled to fit the CNN model’s input size; (iii) Feature extraction: both hand-engineering (Tamura) and deep learning (GoogLeNet) techniques are used to extract the features in this step; (iv) Classification: to perform malware classification, we employed k-Nearest Neighbor (KNN), Support Vector Machines (SVM), and Extreme Learning Machine (ELM). The proposed method is tested on a standard Malimg unbalanced dataset. The accuracy rate of the proposed method was extremely high, making it the most efficient option available. The proposed method’s accuracy rate was outperformed both the Hand-crafted feature and Deep Feature techniques, at 95.42 and 96.84 percent.
38
Nigus, Mersha, and H. L. Shashirekha. "A Comparison of Machine Learning and Deep Learning Models for Predicting Household Food Security Status." International Journal of Electrical and Electronics Research 10, no. 2 (June 30, 2022): 308–11. http://dx.doi.org/10.37391/ijeer.100241.
Full textAbstract:
ML and DL algorithms are becoming more popular to predict household food security status, which can be used by the governments and policymakers of the country to provide a food supply for the needy in case of emergency. ML models, namely: k-Nearest Neighbor (kNN), Logistic Regression (LR), Support Vector Machine (SVM), Naive Bayes (NB), Multi-Layer Perceptron (MLP) and DL models, namely: Artificial Neural Network (ANN) and Convolutional Neural network (CNN) are investigated to predict household food security status in Household Income, Consumption and Expenditure (HICE) survey data of Ethiopia. The standard evaluation measures such as accuracy, precision, recall, F1-score, Mean Absolute Error (MAE), and Root Mean Square Error (RMSE) are used to evaluate the models' predictive performance, and the experimental results reveal that ANN, a DL model surpassed the ML classifiers with an accuracy of 99.15%
39
Bangira, Tsitsi, Silvia Maria Alfieri, Massimo Menenti, and Adriaan van Niekerk. "Comparing Thresholding with Machine Learning Classifiers for Mapping Complex Water." Remote Sensing 11, no. 11 (June 5, 2019): 1351. http://dx.doi.org/10.3390/rs11111351.
Full textAbstract:
Small reservoirs play an important role in mining, industries, and agriculture, but storage levels or stage changes are very dynamic. Accurate and up-to-date maps of surface water storage and distribution are invaluable for informing decisions relating to water security, flood monitoring, and water resources management. Satellite remote sensing is an effective way of monitoring the dynamics of surface waterbodies over large areas. The European Space Agency (ESA) has recently launched constellations of Sentinel-1 (S1) and Sentinel-2 (S2) satellites carrying C-band synthetic aperture radar (SAR) and a multispectral imaging radiometer, respectively. The constellations improve global coverage of remotely sensed imagery and enable the development of near real-time operational products. This unprecedented data availability leads to an urgent need for the application of fully automatic, feasible, and accurate retrieval methods for mapping and monitoring waterbodies. The mapping of waterbodies can take advantage of the synthesis of SAR and multispectral remote sensing data in order to increase classification accuracy. This study compares automatic thresholding to machine learning, when applied to delineate waterbodies with diverse spectral and spatial characteristics. Automatic thresholding was applied to near-concurrent normalized difference water index (NDWI) (generated from S2 optical imagery) and VH backscatter features (generated from S1 SAR data). Machine learning was applied to a comprehensive set of features derived from S1 and S2 data. During our field surveys, we observed that the waterbodies visited had different sizes and varying levels of turbidity, sedimentation, and eutrophication. Five machine learning algorithms (MLAs), namely decision tree (DT), k-nearest neighbour (k-NN), random forest (RF), and two implementations of the support vector machine (SVM) were considered. Several experiments were carried out to better understand the complexities involved in mapping spectrally and spatially complex waterbodies. It was found that the combination of multispectral indices with SAR data is highly beneficial for classifying complex waterbodies and that the proposed thresholding approach classified waterbodies with an overall classification accuracy of 89.3%. However, the varying concentrations of suspended sediments (turbidity), dissolved particles, and aquatic plants negatively affected the classification accuracies of the proposed method, whereas the MLAs (SVM in particular) were less sensitive to such variations. The main disadvantage of using MLAs for operational waterbody mapping is the requirement for suitable training samples, representing both water and non-water land covers. The dynamic nature of reservoirs (many reservoirs are depleted at least once a year) makes the re-use of training data unfeasible. The study found that aggregating (combining) the thresholding results of two SAR and multispectral features, namely the S1 VH polarisation and the S2 NDWI, respectively, provided better overall accuracies than when thresholding was applied to any of the individual features considered. The accuracies of this dual thresholding technique were comparable to those of machine learning and may thus offer a viable solution for automatic mapping of waterbodies.
40
Almaiah, Mohammed Amin, Omar Almomani, Adeeb Alsaaidah, Shaha Al-Otaibi, Nabeel Bani-Hani, Ahmad K. Al Hwaitat, Ali Al-Zahrani, Abdalwali Lutfi, Ali Bani Awad, and Theyazn H. H. Aldhyani. "Performance Investigation of Principal Component Analysis for Intrusion Detection System Using Different Support Vector Machine Kernels." Electronics 11, no. 21 (November 1, 2022): 3571. http://dx.doi.org/10.3390/electronics11213571.
Full textAbstract:
The growing number of security threats has prompted the use of a variety of security techniques. The most common security tools for identifying and tracking intruders across diverse network domains are intrusion detection systems. Machine Learning classifiers have begun to be used in the detection of threats, thus increasing the intrusion detection systems’ performance. In this paper, the investigation model for an intrusion detection systems model based on the Principal Component Analysis feature selection technique and a different Support Vector Machine kernels classifier is present. The impact of various kernel functions used in Support Vector Machines, namely linear, polynomial, Gaussian radial basis function, and Sigmoid, is investigated. The performance of the investigation model is measured in terms of detection accuracy, True Positive, True Negative, Precision, Sensitivity, and F-measure to choose an appropriate kernel function for the Support Vector Machine. The investigation model was examined and evaluated using the KDD Cup’99 and UNSW-NB15 datasets. The obtained results prove that the Gaussian radial basis function kernel is superior to the linear, polynomial, and sigmoid kernels in both used datasets. Obtained accuracy, Sensitivity, and, F-measure of the Gaussian radial basis function kernel for KDD CUP’99 were 99.11%, 98.97%, and 99.03%. for UNSW-NB15 datasets were 93.94%, 93.23%, and 94.44%.
41
Thabtah, Fadi, and Firuz Kamalov. "Phishing Detection: A Case Analysis on Classifiers with Rules Using Machine Learning." Journal of Information & Knowledge Management 16, no. 04 (November 23, 2017): 1750034. http://dx.doi.org/10.1142/s0219649217500344.
Full textAbstract:
A typical predictive approach in data mining that produces If-Then knowledge for decision making is rule-based classification. Rule-based classification includes a large number of algorithms that fall under the categories of covering, greedy, rule induction, and associative classification. These approaches have shown promising results due to the simplicity of the models generated and the user’s ability to understand, and maintain them. Phishing is one of the emergent online threats in web security domains that necessitates anti-phishing models with rules so users can easily differentiate among website types. This paper critically analyses recent research studies on the use of predictive models with rules for phishing detection, and evaluates the applicability of these approaches on phishing. To accomplish our task, we experimentally evaluate four different rule-based classifiers that belong to greedy, associative classification and rule induction approaches on real phishing datasets and with respect to different evaluation measures. Moreover, we assess the classifiers derived and contrast them with known classic classification algorithms including Bayes Net and Simple Logistics. The aim of the comparison is to determine the pros and cons of predictive models with rules and reveal their actual performance when it comes to detecting phishing activities. The results clearly showed that eDRI, a recently greedy algorithm, not only generates useful models but these are also highly competitive with respect to predictive accuracy as well as runtime when they are employed as anti-phishing tools.
42
Azeez, Nureni Ayofe, Oluwanifise Ebunoluwa Odufuwa, Sanjay Misra, Jonathan Oluranti, and Robertas Damaševičius. "Windows PE Malware Detection Using Ensemble Learning." Informatics 8, no. 1 (February 10, 2021): 10. http://dx.doi.org/10.3390/informatics8010010.
Full textAbstract:
In this Internet age, there are increasingly many threats to the security and safety of users daily. One of such threats is malicious software otherwise known as malware (ransomware, Trojans, viruses, etc.). The effect of this threat can lead to loss or malicious replacement of important information (such as bank account details, etc.). Malware creators have been able to bypass traditional methods of malware detection, which can be time-consuming and unreliable for unknown malware. This motivates the need for intelligent ways to detect malware, especially new malware which have not been evaluated or studied before. Machine learning provides an intelligent way to detect malware and comprises two stages: feature extraction and classification. This study suggests an ensemble learning-based method for malware detection. The base stage classification is done by a stacked ensemble of fully-connected and one-dimensional convolutional neural networks (CNNs), whereas the end-stage classification is done by a machine learning algorithm. For a meta-learner, we analyzed and compared 15 machine learning classifiers. For comparison, five machine learning algorithms were used: naïve Bayes, decision tree, random forest, gradient boosting, and AdaBoosting. The results of experiments made on the Windows Portable Executable (PE) malware dataset are presented. The best results were obtained by an ensemble of seven neural networks and the ExtraTrees classifier as a final-stage classifier.
43
Guo, You, Hector Marco-Gisbert, and Paul Keir. "Mitigating Webshell Attacks through Machine Learning Techniques." Future Internet 12, no. 1 (January 14, 2020): 12. http://dx.doi.org/10.3390/fi12010012.
Full textAbstract:
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods—matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naïve Bayes and opcode sequence) model, which is a combination of naïve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.
44
Gumaste, Shweta, Narayan D. G., Sumedha Shinde, and Amit K. "Detection of DDoS Attacks in OpenStack-based Private Cloud Using Apache Spark." Journal of Telecommunications and Information Technology 4 (December 30, 2020): 62–71. http://dx.doi.org/10.26636/jtit.2020.146120.
Full textAbstract:
Security is a critical concern for cloud service providers. Distributed denial of service (DDoS) attacks are the most frequent of all cloud security threats, and the consequences of damage caused by DDoS are very serious. Thus, the design of an efficient DDoS detection system plays an important role in monitoring suspicious activity in the cloud. Real-time detection mechanisms operating in cloud environments and relying on machine learning algorithms and distributed processing are an important research issue. In this work, we propose a real-time detection of DDoS attacks using machine learning classifiers on a distributed processing platform. We evaluate the DDoS detection mechanism in an OpenStack-based cloud testbed using the Apache Spark framework. We compare the classification performance using benchmark and real-time cloud datasets. Results of the experiments reveal that the random forest method offers better classifier accuracy. Furthermore, we demonstrate the effectiveness of the proposed distributed approach in terms of training and detection time.
45
Bagui, Sikha, Dustin Mink, Subhash Bagui, Tirthankar Ghosh, Tom McElroy, Esteban Paredes, Nithisha Khasnavis, and Russell Plenkers. "Detecting Reconnaissance and Discovery Tactics from the MITRE ATT&CK Framework in Zeek Conn Logs Using Spark’s Machine Learning in the Big Data Framework." Sensors 22, no. 20 (October 20, 2022): 7999. http://dx.doi.org/10.3390/s22207999.
Full textAbstract:
While computer networks and the massive amount of communication taking place on these networks grow, the amount of damage that can be done by network intrusions grows in tandem. The need is for an effective and scalable intrusion detection system (IDS) to address these potential damages that come with the growth of these networks. A great deal of contemporary research on near real-time IDS focuses on applying machine learning classifiers to labeled network intrusion datasets, but these datasets need be relevant pertaining to the currency of the network intrusions. This paper focuses on a newly created dataset, UWF-ZeekData22, that analyzes data from Zeek’s Connection Logs collected using Security Onion 2 network security monitor and labelled using the MITRE ATT&CK framework TTPs. Due to the volume of data, Spark, in the big data framework, was used to run many of the well-known classifiers (naïve Bayes, random forest, decision tree, support vector classifier, gradient boosted trees, and logistic regression) to classify the reconnaissance and discovery tactics from this dataset. In addition to looking at the performance of these classifiers using Spark, scalability and response time were also analyzed.
46
Essa, Hasanain Ali Al, and Wesam S. Bhaya. "Network Attacks Detection Depend on Majority Voting – Weighted Average for Feature Selection and Various Machine Learning Approaches." Webology 19, no. 1 (January 20, 2022): 2054–66. http://dx.doi.org/10.14704/web/v19i1/web19139.
Full textAbstract:
Due to the enormous growth in Internet usage and computer networks in recent years, new risks and challenges have arisen to network security. Among lots of security problems, network attack is a significant one. For instance, Distributed Denial of Service (DDoS) attacks have become appealing to intruders, and these have presented destructive threats to network infrastructures. Thus, Intrusion Detection Systems (IDSs) and Machine Learning (ML) approaches play a key role to detect such attacks effectively and efficiently. An essential part of several classification issues is the feature selection phase because to detect DDoS attacks depends on how one selects the minimal and relevant features in the network traffics. Unlike recent studies, in this work, a real-life SNMP-MIB dataset is used, as well as, we suggest an Ensemble-Weighted average approach (EnWaFS) that excludes the irrelevant features. An EnWaFS approach consists of two methods, first, Ensemble features by using a majority-voting method that mixed the outcomes of three feature selection approaches, second, a weighted average method that gives one weight for each feature and diminishes also the number of attributes. To evaluate an EnWaFS approach, we have performed four Machine Learning classifiers Neural network (Multi-Layer Perceptron), Vector Support Machine (SVM), Naïve Bayes (NB), and Random Forest (RF) utilizing the optimal set of attributes. The results reveal that our EnWaFS approach can efficiently decrease the number of attributes from 34 to 12 and also, from four ML classifiers were used, the RF technique achieved better performance due to the accuracy, sensitivity (recall), F-1 measure, precision, true-positive-rate, and the false-positive-rate which is decreased.
47
Yang, Hao, Qin He, Zhenyan Liu, and Qian Zhang. "Malicious Encryption Traffic Detection Based on NLP." Security and Communication Networks 2021 (August 3, 2021): 1–10. http://dx.doi.org/10.1155/2021/9960822.
Full textAbstract:
The development of Internet and network applications has brought the development of encrypted communication technology. But on this basis, malicious traffic also uses encryption to avoid traditional security protection and detection. Traditional security protection and detection methods cannot accurately detect encrypted malicious traffic. In recent years, the rise of artificial intelligence allows us to use machine learning and deep learning methods to detect encrypted malicious traffic without decryption, and the detection results are very accurate. At present, the research on malicious encrypted traffic detection mainly focuses on the characteristics’ analysis of encrypted traffic and the selection of machine learning algorithms. In this paper, a method combining natural language processing and machine learning is proposed; that is, a detection method based on TF-IDF is proposed to build a detection model. In the process of data preprocessing, this method introduces the natural language processing method, namely, the TF-IDF model, to extract data information, obtain the importance of keywords, and then reconstruct the characteristics of data. The detection method based on the TF-IDF model does not need to analyze each field of the data set. Compared with the general machine learning data preprocessing method, that is, data encoding processing, the experimental results show that using natural language processing technology to preprocess data can effectively improve the accuracy of detection. Gradient boosting classifier, random forest classifier, AdaBoost classifier, and the ensemble model based on these three classifiers are, respectively, used in the construction of the later models. At the same time, CNN neural network in deep learning is also used for training, and CNN can effectively extract data information. Under the condition that the input data of the classifier and neural network are consistent, through the comparison and analysis of various methods, the accuracy of the one-dimensional convolutional network based on CNN is slightly higher than that of the classifier based on machine learning.
48
Cho, Jaeik, Seonghyeon Gong, and Ken Choi. "A Study on High-Speed Outlier Detection Method of Network Abnormal Behavior Data Using Heterogeneous Multiple Classifiers." Applied Sciences 12, no. 3 (January 19, 2022): 1011. http://dx.doi.org/10.3390/app12031011.
Full textAbstract:
As the complexity and scale of the network environment increase continuously, various methods to detect attacks and intrusions from network traffic by classifying normal and abnormal network behaviors show their limitations. The number of network traffic signatures is increasing exponentially to the extent that semi-realtime detection is not possible. However, machine learning-based intrusion detection only gives simple guidelines as simple contents of security events. This is why security data for a specific environment cannot be configured due to data noise, diversification, and continuous alteration of a system and network environments. Although machine learning is performed and evaluated using a generalized data set, its performance is expected to be similar in that specific network environment only. In this study, we propose a high-speed outlier detection method for a network dataset to customize the dataset in real-time for a continuously changing network environment. The proposed method uses an ensemble-based noise data filtering model using the voting results of 6 classifiers (decision tree, random forest, support vector machine, naive Bayes, k-nearest neighbors, and logistic regression) to reflect the distribution and various environmental characteristics of datasets. Moreover, to prove the performance of the proposed method, we experimented with the accuracy of attack detection by gradually reducing the noise data in the time series dataset. As a result of the experiment, the proposed method maintains a training dataset of a size capable of semi-real-time learning, which is 10% of the total training dataset, and at the same time, shows the same level of accuracy as a detection model using a large training dataset. The improved research results would be the basis for automatic tuning of network datasets and machine learning that can be applied to special-purpose environments and devices such as ICS environments.
49
Aslam, Muhammad, Dengpan Ye, Aqil Tariq, Muhammad Asad, Muhammad Hanif, David Ndzi, Samia Allaoua Chelloug, Mohamed Abd Elaziz, Mohammed A. A. Al-Qaness, and Syeda Fizzah Jilani. "Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT." Sensors 22, no. 7 (March 31, 2022): 2697. http://dx.doi.org/10.3390/s22072697.
Full textAbstract:
The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.
50
Hicham, Benradi, Chater Ahmed, and Lasfar Abdelali. "Face recognition method combining SVM machine learning and scale invariant feature transform." E3S Web of Conferences 351 (2022): 01033. http://dx.doi.org/10.1051/e3sconf/202235101033.
Full textAbstract:
Facial recognition is a method to identify an individual from his image. It has attracted the intention of a large number of researchers in the field of computer vision in recent years due to its wide scope of application in several areas (health, security, robotics, biometrics...). The operation of this technology, so much in demand in today's market, is based on the extraction of features from an input image using techniques such as SIFT, SURF, LBP... and comparing them with others from another image to confirm or assert the identity of an individual. In this paper, we have performed a comparative study of a machine learning-based approach using several classification methods, applied on two face databases, which will be divided into two groups. The first one is the Train database used for the training stage of our model and the second one is the Test database, which will be used in the test phase of the model. The results of this comparison showed that the SIFT technique merged with the SVM classifier outperforms the other classifiers in terms of identification accuracy rate.