Статті в журналах з теми "Security attacks detection"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Security attacks detection.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 статей у журналах для дослідження на тему "Security attacks detection".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте статті в журналах для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Jimmy, FNU. "Cyber security Vulnerabilities and Remediation Through Cloud Security Tools." Journal of Artificial Intelligence General science (JAIGS) ISSN:3006-4023 3, no. 1 (April 12, 2024): 196–233. http://dx.doi.org/10.60087/jaigs.vol03.issue01.p233.
Анотація:
The proliferation of internet usage has surged dramatically, prompting individuals and businesses to conduct myriad transactions online rather than in physical spaces. The onset of the COVID-19 pandemic has further propelled this trend. Consequently, traditional forms of crime have migrated to the digital realm alongside the widespread adoption of digital technologies such as cloud computing, the Internet of Things (IoT), social media, wireless communication, and crypto currencies, amplifying security concerns in cyberspace. Notably, cybercriminals have begun offering cyber attacks as a service, automating attacks to magnify their impact. These attackers exploit vulnerabilities across hardware, software, and communication layers, perpetrating various forms of cyber attacks including distributed denial of service (DDoS), phishing, man-in-the-middle, password, remote, privilege escalation, and malware attacks. The sophistication of these attacks renders conventional protection systems, such as firewalls, intrusion detection systems, antivirus software, and access control lists, ineffective in detection. Consequently, there is an urgent imperative to devise innovative and pragmatic solutions to thwart cyber attacks. This paper elucidates the primary drivers behind cyber attacks, surveys recent attack instances, patterns, and detection methodologies, and explores contemporary technical and non-technical strategies for preemptively identifying and mitigating attacks. Leveraging cutting-edge technologies like machine learning, deep learning, cloud platforms, big data analytics, and blockchain holds promise in combating present and future cyber threats. These technological interventions can aid in malware detection, intrusion detection, spam filtering, DNS attack classification, fraud detection, identification of covert channels, and discernment of advanced persistent threats. Nonetheless, it's crucial to acknowledge that some promising solutions, notably machine learning and deep learning, are susceptible to evasion techniques, necessitating careful consideration when formulating defenses against sophisticated cyber attacks.
2
Jimmy, Fnu. "Cyber security Vulnerabilities and Remediation Through Cloud Security Tools." Journal of Artificial Intelligence General science (JAIGS) ISSN:3006-4023 3, no. 1 (April 12, 2024): 196–233. http://dx.doi.org/10.60087/jaigs.vol03.issue01.p234.
Анотація:
The proliferation of internet usage has surged dramatically, prompting individuals and businesses to conduct myriad transactions online rather than in physical spaces. The onset of the COVID-19 pandemic has further propelled this trend. Consequently, traditional forms of crime have migrated to the digital realm alongside the widespread adoption of digital technologies such as cloud computing, the Internet of Things (IoT), social media, wireless communication, and crypto currencies, amplifying security concerns in cyberspace. Notably, cybercriminals have begun offering cyber attacks as a service, automating attacks to magnify their impact. These attackers exploit vulnerabilities across hardware, software, and communication layers, perpetrating various forms of cyber attacks including distributed denial of service (DDoS), phishing, man-in-the-middle, password, remote, privilege escalation, and malware attacks. The sophistication of these attacks renders conventional protection systems, such as firewalls, intrusion detection systems, antivirus software, and access control lists, ineffective in detection. Consequently, there is an urgent imperative to devise innovative and pragmatic solutions to thwart cyber attacks. This paper elucidates the primary drivers behind cyber attacks, surveys recent attack instances, patterns, and detection methodologies, and explores contemporary technical and non-technical strategies for preemptively identifying and mitigating attacks. Leveraging cutting-edge technologies like machine learning, deep learning, cloud platforms, big data analytics, and blockchain holds promise in combating present and future cyber threats. These technological interventions can aid in malware detection, intrusion detection, spam filtering, DNS attack classification, fraud detection, identification of covert channels, and discernment of advanced persistent threats. Nonetheless, it's crucial to acknowledge that some promising solutions, notably machine learning and deep learning, are susceptible to evasion techniques, necessitating careful consideration when formulating defenses against sophisticated cyber attacks.
3
Kumavat, Kavita S., and Joanne Gomes. "Common Mechanism for Detecting Multiple DDoS Attacks." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 4 (May 4, 2023): 81–90. http://dx.doi.org/10.17762/ijritcc.v11i4.6390.
Анотація:
An important principle of an internet-based system is information security. Information security is a very important aspect of distributed systems and IoT (Internet of Things) based wireless systems. The attack which is more harmful to the distributed system and IoT-based wireless system is a DDoS (Distributed Denial of Service) attack since in this attack, an attacker can stop the work of all other connected devices or users to the network. For securing distributed applications, various intrusion detection mechanisms are used. But most existing mechanisms are only concentrated on one kind of DDoS attack. This paper focuses on the basic architecture of IoT systems and an overview of single intrusion detection systems. This paper presents a single detection method for different DDoS attacks on distributed systems with an IoT interface. In the future, the system will provide support for detecting and preventing different DDoS attacks in IoT-based systems.
4
Kareem, Mohammed Ibrahim, Mohammad Jawad Kadhim Abood, and Karrar Ibrahim. "Machine learning-based PortScan attacks detection using OneR classifier." Bulletin of Electrical Engineering and Informatics 12, no. 6 (December 1, 2023): 3690–96. http://dx.doi.org/10.11591/eei.v12i6.4142.
Анотація:
PortScan attacks are a common security threat in computer networks, where an attacker systematically scans a range of network ports on a target system to identify potential vulnerabilities. Detecting such attacks in a timely and accurate manner is crucial to ensure network security. Attackers can determine whether a port is open by sending a detective message to it, which helps them find potential vulnerabilities. However, the best methods for spotting and identifying port scanner attacks are those that use machine learning. One of the most dangerous online threats is PortScan attack, according to experts. The research is work on detection while improving detection accuracy. Dataset containing tags from network traffic is used to train machine learning techniques for classification. The JRip algorithm is trained and tested using the CICIDS2017 dataset. As a consequence, the best performance results for JRip-based detection schemes were 99.84%, 99.80%, 99.80%, and 0.09 ms for accuracy, precision, recall, F-score, and detection overhead, respectively. Finally, the comparison with current models demonstrated our model's proficiency and advantage with increased attack discovery speed.
5
Du, Dajun, Rui Chen, Xue Li, Lei Wu, Peng Zhou, and Minrui Fei. "Malicious data deception attacks against power systems: A new case and its detection method." Transactions of the Institute of Measurement and Control 41, no. 6 (January 8, 2018): 1590–99. http://dx.doi.org/10.1177/0142331217740622.
Анотація:
Power systems usually employ bad data detection (BDD) to avoid faulty measurements caused by their anomalies, and hence can ensure the security of the state estimation of power systems. However, recently BDD has been found vulnerable to malicious data deception attacks submerged in big data. Such attacks can purposely craft sparse measurement values (i.e. attack vectors) to mislead power estimates, while not posing any anomalies to the BDD. Some related work has been proposed to emphasize this attack. In this paper, a new malicious data deception attack by considering a practical attacking situation is investigated, where the attacker has limited resources for corrupting measurements. In this case, attackers generate attack vectors with less sparsity to evade conventional BDD, while using a convex optimization method to balance the sparsity and magnitude of attack vectors. Accordingly, the effects of such an attack on operational costs and the risks of power systems are analysed in detail. Moreover, according to security evaluation for individual measurements, such attacks can be detected with high probability by just securing one critical measurement. Numerical simulations illustrate the effectiveness of the proposed new attack case and its detection method.
6
Kumar, Sunil, and Maninder Singh. "Detection and Isolation of Zombie Attack under Cloud Environment." Oriental journal of computer science and technology 10, no. 2 (April 12, 2017): 338–44. http://dx.doi.org/10.13005/ojcst/10.02.12.
Анотація:
Network security, data security and several other security types such as the computer security collectively compose the word “Cloud Security”. Cloud computing posses a new challenge because traditional security mechanism is being followed are insufficient to safeguard the cloud resources. Cloud computing can easily be targeted by the attackers. A group of malicious users or illegitimate users can attack on system which may lead to denial the services of legitimate users. Such kinds of attacks are performed by the malicious (zombie) attackers. The zombie attack will degrade the network performance to large extend. Traditional techniques are not easily capable to detect the zombie attacker in the cloud network. So in this paper we have proposed a technique which is the enhancement of the mutual authentication scheme in order to detect and isolate zombie attack for the efficient performance of the network.
7
Farane Shradha, Gotane Rutuja, Chandanshive Sakshi, Agrawal Khushi, and Khandekar Srushti. "Detection of cyber-attacks and network attacks using Machine Learning." World Journal of Advanced Engineering Technology and Sciences 12, no. 1 (May 30, 2024): 128–32. http://dx.doi.org/10.30574/wjaets.2024.12.1.0184.
Анотація:
The Internet and computer networks have become an important part of organizations and everyday life. New threats and challenges have emerged to wireless communication systems especially in cyber security and network attacks. The network traffic must be monitored and analysed to detect malicious activities and attacks. Recently, machine learning techniques have been applied toward the detection of network attacks. In cyber security, machine learning approaches have been utilized to handle important concerns such as intrusion detection, malware classification and detection, spam detection, and phishing detection. As a result, effective adaptive methods, such as machine learning techniques, can yield higher detection rates, lower false alarm rates and cheaper computing and transmission costs. Our key goal is detection of cyber security and network attacks such as IDS, phishing and XSS, SQL injection, respectively. The proposed strategy in this study is to employ the structure of deep neural networks for the detection phase, which should tell the system of the attack's existence in the early stages of the attack.
8
Aslan, Ömer, Semih Serkant Aktuğ, Merve Ozkan-Okay, Abdullah Asim Yilmaz, and Erdal Akin. "A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions." Electronics 12, no. 6 (March 11, 2023): 1333. http://dx.doi.org/10.3390/electronics12061333.
Анотація:
Internet usage has grown exponentially, with individuals and companies performing multiple daily transactions in cyberspace rather than in the real world. The coronavirus (COVID-19) pandemic has accelerated this process. As a result of the widespread usage of the digital environment, traditional crimes have also shifted to the digital space. Emerging technologies such as cloud computing, the Internet of Things (IoT), social media, wireless communication, and cryptocurrencies are raising security concerns in cyberspace. Recently, cyber criminals have started to use cyber attacks as a service to automate attacks and leverage their impact. Attackers exploit vulnerabilities that exist in hardware, software, and communication layers. Various types of cyber attacks include distributed denial of service (DDoS), phishing, man-in-the-middle, password, remote, privilege escalation, and malware. Due to new-generation attacks and evasion techniques, traditional protection systems such as firewalls, intrusion detection systems, antivirus software, access control lists, etc., are no longer effective in detecting these sophisticated attacks. Therefore, there is an urgent need to find innovative and more feasible solutions to prevent cyber attacks. The paper first extensively explains the main reasons for cyber attacks. Then, it reviews the most recent attacks, attack patterns, and detection techniques. Thirdly, the article discusses contemporary technical and nontechnical solutions for recognizing attacks in advance. Using trending technologies such as machine learning, deep learning, cloud platforms, big data, and blockchain can be a promising solution for current and future cyber attacks. These technological solutions may assist in detecting malware, intrusion detection, spam identification, DNS attack classification, fraud detection, recognizing hidden channels, and distinguishing advanced persistent threats. However, some promising solutions, especially machine learning and deep learning, are not resistant to evasion techniques, which must be considered when proposing solutions against intelligent cyber attacks.
9
Alamsyah, Hendri, Riska, and Abdussalam Al Akbar. "Analisa Keamanan Jaringan Menggunakan Network Intrusion Detection and Prevention System." JOINTECS (Journal of Information Technology and Computer Science) 5, no. 1 (January 25, 2020): 17. http://dx.doi.org/10.31328/jointecs.v5i1.1240.
Анотація:
Security is an important aspect to be considered in computer networks. This security system can be a detection and prevention of attacks that are being done by the attacker (intruders). The problem of attacks that occur in computer networks is that intruders can do port scanning, enter the system using open ports such as telnet, ftp and others.. The purpose of this study is the implementation of IDPS, can be from. To do network security from various attack threats, a system that can detect and prevent it directly is needed. The method that can be used is Intrusion Detection and Prevention System (NIDPS). NIDPS can exchange and block the attacks. This security system is collaborated with IP Tables. IP Tables is used to filter incoming data packets and drop packets of data that are indicated by attack. With the Intrusion Detection and Prevention system, it can detect attacks and prevent them by blocking data packets sent by intruders through port scanning, FTP attacks, and telnets.
10
Salih, Azar Abid, and Maiwan Bahjat Abdulrazzaq. "Cyber security: performance analysis and challenges for cyber attacks detection." Indonesian Journal of Electrical Engineering and Computer Science 31, no. 3 (September 1, 2023): 1763. http://dx.doi.org/10.11591/ijeecs.v31.i3.pp1763-1775.
Анотація:
Nowadays, with the occurrence of new attacks and raised challenges have been facing the security of computer systems. Cyber security techniques have become essential for information technology services to detect and react against cyber-attacks. The strategy of cyber security enables visibility of various types of attacks and vulnerabilities throughout computer networks, whilst also provides detecting cyber-attacks and effective ways of identifying and preventing them. This study mainly focuses on the performance analysis and challenges faced by cyber security using the latest techniques. It also provides a review of the attack detection process including the robust effectiveness of intelligent techniques. Finally, summarize and discuss some methods to increase attack detection performance utilizing deep learning (DL) architectures.
11
Neelaveni, Dr R., Abhinav ., and Sahas . "Analysis of Efficient Intrusion Detection System using Ensemble Learning." International Journal for Research in Applied Science and Engineering Technology 11, no. 5 (May 31, 2023): 1521–30. http://dx.doi.org/10.22214/ijraset.2023.51858.
Анотація:
Abstract: Our increasingly connected world continues to face an ever-growing amount of network-based attacks. Intrusion detection systems (IDS) are essential security technology for detecting these attacks. Although numerous machine learningbased IDS have been proposed for detecting malicious network traffic, most have difficulty properly detecting and classifying the more uncommon attack types. The research in Cyber Security has raised the need to address the cybercrimes that have caused the requisition of intellectual properties such as the breakdown of computer systems and impairment of important data compromising the confidentiality authenticity and integrity of the user. Considering these scenarios, securing the computer systems and the user using an Intrusion Detection System (IDS) is essential. The performance of IDS was studied by developing an IDS dataset consisting of network traffic features to learn the attack patterns. Intrusion detection is a classification problem wherein various Ensemble Learning (ML) and Data Mining (DM) techniques are applied to classify the network data into normal and attack traffic. Moreover, the types of network attacks changed over the years, so updating the datasets used for evaluating IDS is necessary.
12
Sheikh, Zakir Ahmad, Yashwant Singh, Pradeep Kumar Singh, and Paulo J. Sequeira Gonçalves. "Defending the Defender: Adversarial Learning Based Defending Strategy for Learning Based Security Methods in Cyber-Physical Systems (CPS)." Sensors 23, no. 12 (June 9, 2023): 5459. http://dx.doi.org/10.3390/s23125459.
Анотація:
Cyber-Physical Systems (CPS) are prone to many security exploitations due to a greater attack surface being introduced by their cyber component by the nature of their remote accessibility or non-isolated capability. Security exploitations, on the other hand, rise in complexities, aiming for more powerful attacks and evasion from detections. The real-world applicability of CPS thus poses a question mark due to security infringements. Researchers have been developing new and robust techniques to enhance the security of these systems. Many techniques and security aspects are being considered to build robust security systems; these include attack prevention, attack detection, and attack mitigation as security development techniques with consideration of confidentiality, integrity, and availability as some of the important security aspects. In this paper, we have proposed machine learning-based intelligent attack detection strategies which have evolved as a result of failures in traditional signature-based techniques to detect zero-day attacks and attacks of a complex nature. Many researchers have evaluated the feasibility of learning models in the security domain and pointed out their capability to detect known as well as unknown attacks (zero-day attacks). However, these learning models are also vulnerable to adversarial attacks like poisoning attacks, evasion attacks, and exploration attacks. To make use of a robust-cum-intelligent security mechanism, we have proposed an adversarial learning-based defense strategy for the security of CPS to ensure CPS security and invoke resilience against adversarial attacks. We have evaluated the proposed strategy through the implementation of Random Forest (RF), Artificial Neural Network (ANN), and Long Short-Term Memory (LSTM) on the ToN_IoT Network dataset and an adversarial dataset generated through the Generative Adversarial Network (GAN) model.
13
Soe, Yan Naung, Yaokai Feng, Paulus Insap Santosa, Rudy Hartanto, and Kouichi Sakurai. "Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture." Sensors 20, no. 16 (August 5, 2020): 4372. http://dx.doi.org/10.3390/s20164372.
Анотація:
With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.
14
Qiu, Ling, and Cai Ming Liu. "An Intelligent Detection Method for Network Security." Applied Mechanics and Materials 530-531 (February 2014): 646–49. http://dx.doi.org/10.4028/www.scientific.net/amm.530-531.646.
Анотація:
To dynamically discover network attacks hidden in network data, an intelligent detection method for network security is proposed. Biological immune principles and mechanisms are adopted to judge whether network data contain illegal network packets. Signature library of network attacks and section library of attack signatures are constructed. They store attack signatures and signature sections, respectively. They are used to make the initial detection ability of proposed method. Detectors are defined to simulate immune cells. They evolve dynamically to adapt the network security. Signatures of network data are extracted from IP packets. Detectors match network data's signatures which mean some attacks. Warning information is formed and sent to network administrators according to recognized attacks.
15
Rohit Khedkar et al. "Detection of Cyber Attacks and Network Attacks Using Machine Learning Algorithms." Proceeding International Conference on Science and Engineering 11, no. 1 (February 18, 2023): 241–52. http://dx.doi.org/10.52783/cienceng.v11i1.120.
Анотація:
Now a days cyber crime growing and has a big effect everywhere globally. ethical hackers are normally involved in identifying flaws and recommending mitigation measures. the cyber safety international, there's a pressing need for the improvement of powerful techniques. Because of the effectiveness of machine learning in cyber security issues, machine learning for cyber security has recently become a hot topic. In cyber security, machine learning approaches have been utilized to handle important concerns such as intrusion detection, malware classification and detection, spam detection, and phishing detection. Although ML cannot fully automate a cyber-security system, it can identify cyber-security threats more efficiently than other software-oriented approaches, relieving security analysts of their burden. As a result, effective adaptive methods, such as machine learning techniques, can yield higher detection rates, lower false alarm rates, and cheaper computing and transmission costs. Our key goal is that the challenge of detecting attacks is fundamentally different from those of these other applications, making it substantially more difficult for the intrusion detection community to apply machine learning effectively. In this study, the CPS is modeled as a network of agents that move in unison with one another, with one agent acting as a leader and commanding the other agents. The proposed strategy in this study is to employ the structure of deep neural networks for the detection phase, which should tell the system of the attack's existence in the early stages of the attack. The use of robust control algorithms in the network to isolate the misbehaving agent in the leader-follower mechanism has been researched. Following the attack detection phase with a deep neural network, the control system uses the reputation algorithm to isolate the misbehaving agent in the presented control method. Experiment results show that deep learning algorithms can detect attacks more effectively than traditional methods, making cyber security simpler, more proactive, and less expensive and more expensive.
16
Gavrić, Nikola, and Živko Bojović. "Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat." Sensors 22, no. 20 (October 14, 2022): 7791. http://dx.doi.org/10.3390/s22207791.
Анотація:
The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer Protocols oriented while observing individual users’ actions independently from one another. In this paper, we present and analyze a novel application-layer DDoS attack in massively multiplayer online games that utilize the cooperative efforts of the attackers to deplete the server’s or players’ bandwidth. The attack exploits in-game dependencies between players to cause a massive spike in bandwidth while the attackers’ traffic remains legitimate. We introduce a multiplayer-relations graph to model user behavior on a game server. Additionally, we demonstrate the attack’s devastating capabilities on an emulated World of Warcraft server. Lastly, we discuss flaws of the existing defense mechanisms and possible approaches for the detection of these attacks using graph theory and multiplayer-relations graphs.
17
Cho, Youngho. "Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms." Electronics 8, no. 11 (November 13, 2019): 1338. http://dx.doi.org/10.3390/electronics8111338.
Анотація:
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA).
18
Panduardi, Farizqi, Herman Yuliandoko, and Agus Priyo Utomo. "Network Security Using Honeypot and Attack Detection with Android Application." Indonesian Journal of Engineering Research 2, no. 2 (November 27, 2021): 53–60. http://dx.doi.org/10.11594/10.11594/ijer.02.02.04.
Анотація:
Network security is now increasingly needed in the era of the industrial revolution 4.0. As technology grows, cybercrimes are becoming more and more common, including attacks on a resource. At this time, honeypots are also widely used by large industries for network security, besides that honeypots are also useful for them in developing intrusion and preventing systems. Honeypots are usually used in a virtual environment, they will stimulate a fake system to capture data packets on the network and be analysed offline later for all threats and attacks.
This propose of this paper is to detect and prevent building attacks from computer network attackers using an android application. This application can monitor an attack on the server by installing a honeypot tool into the server as an attack detector, then the honeypot log is used as a Rest API using Django framework with MongoDB database. this application can find out if there is an attack on the server, and can block the attacker's IP address.
19
Sachdev, Rithik, Shreya Mishra, and Shekhar Sharma. "Comparison of Supervised Learning Algorithms for DDOS Attack Detection." International Journal for Research in Applied Science and Engineering Technology 10, no. 8 (August 31, 2022): 1766–72. http://dx.doi.org/10.22214/ijraset.2022.46506.
Анотація:
Abstract: In today’s world, when ubiquitous computing has become quite prevalent, there has been an upsurge in the number of users on the internet. The Distributed Denial of Service attack is the most widespread attack that disrupts the functioning of websites, servers, and services. In such attacks, the resources are exhausted by overwhelming requests from multiple attackers and thus become unavailable to users. Hence, it is essential to detect these attacks and prevent network security breaches. This work presents a supervised learning-based DDoS detection comparison developed using the CIC-IDS 2017 dataset [7]. Various models have been compared on different performance metrics to analyze efficiency in detecting DDoS attacks.
20
Vinod Kumar, Boddupally, K. Pranaya Vardhan, Kurceti Subba Rao, and Thipparthy Navya Sree. "IDENTIFICATION OF UNSATURATED ATTACKS IN VIRTUALIZED INFRASTRUCTURES WITH BIG DATA ANALYTICS IN CLOUD COMPUTING." Journal of Nonlinear Analysis and Optimization 14, no. 02 (2023): 286–92. http://dx.doi.org/10.36893/jnao.2023.v14i2.286-292.
Анотація:
Security systems to protect virtualized cloud architecture typically include two types of malware detection and security analysis. Detecting malware typically involves two steps, monitoring the hotspots at various points in the virtualized infrastructure, and then using a regularly updated attack signature database to detect the presence of malware. 'Attack. It allows real-time detection of attacks, the use of special signature databases that are vulnerable to zero- day attacks that do not have attack signatures, and therefore traditional infrastructure. cannot detect complex attacks on virtualized infrastructure. Similarly, security analysis eliminates the need for signature databases using event correlation to detect previously undetected attacks, which are often unmanaged, and the current implementation is scalable in nature. In this article, we recommend BDSA's approach to establish a three-tier system for the continuous detection of future attacks. Initially, network logs from the visiting virtual machine and client application logsare sometimes collected from the visiting virtual machines and stored in HDFS. At this point, the strengths of the attack are removed with a connection scheme and a Map Reduce analyzer. Our BDSA approach uses HDFS distribution management and Spark's map-reduction display capability to address security and speed and volume issues.
21
Ghugar, Umashankar, Jayaram Pradhan, Sourav Kumar Bhoi, and Rashmi Ranjan Sahoo. "LB-IDS: Securing Wireless Sensor Network Using Protocol Layer Trust-Based Intrusion Detection System." Journal of Computer Networks and Communications 2019 (January 6, 2019): 1–13. http://dx.doi.org/10.1155/2019/2054298.
Анотація:
Wireless sensor network (WSN) faces severe security problems due to wireless communication between the nodes and open deployment of the nodes. The attacker disrupts the security parameters by launching attacks at different layers of the WSN. In this paper, a protocol layer trust-based intrusion detection system (LB-IDS) is proposed to secure the WSN by detecting the attackers at different layers. The trust value of a sensor node is calculated using the deviation of trust metrics at each layer with respect to the attacks. Mainly, we consider trustworthiness in the three layers such as physical layer trust, media access control (MAC) layer trust, and network layer trust. The trust of a sensor node at a particular layer is calculated by taking key trust metrics of that layer. Finally, the overall trust value of the sensor node is estimated by combining the individual trust values of each layer. By applying the trust threshold, a sensor node is detected as trusted or malicious. The performance of LB-IDS is evaluated by comparing the results of the three performance parameters such as detection accuracy, false-positive rate, and false-negative rate, with the results of Wang’s scheme. We have implemented jamming attack at the physical layer, back-off manipulation attack at the MAC layer, and sinkhole attack at the network layer using simulations. We have also implemented a cross-layer attack using the simulation where an attacker simultaneously attacks the MAC layer and network layer. Simulation results show that the proposed LB-IDS performs better as compared with Wang’s scheme.
22
Patil, Shruti, Vijayakumar Varadarajan, Devika Walimbe, Siddharth Gulechha, Sushant Shenoy, Aditya Raina, and Ketan Kotecha. "Improving the Robustness of AI-Based Malware Detection Using Adversarial Machine Learning." Algorithms 14, no. 10 (October 15, 2021): 297. http://dx.doi.org/10.3390/a14100297.
Анотація:
Cyber security is used to protect and safeguard computers and various networks from ill-intended digital threats and attacks. It is getting more difficult in the information age due to the explosion of data and technology. There is a drastic rise in the new types of attacks where the conventional signature-based systems cannot keep up with these attacks. Machine learning seems to be a solution to solve many problems, including problems in cyber security. It is proven to be a very useful tool in the evolution of malware detection systems. However, the security of AI-based malware detection models is fragile. With advancements in machine learning, attackers have found a way to work around such detection systems using an adversarial attack technique. Such attacks are targeted at the data level, at classifier models, and during the testing phase. These attacks tend to cause the classifier to misclassify the given input, which can be very harmful in real-time AI-based malware detection. This paper proposes a framework for generating the adversarial malware images and retraining the classification models to improve malware detection robustness. Different classification models were implemented for malware detection, and attacks were established using adversarial images to analyze the model’s behavior. The robustness of the models was improved by means of adversarial training, and better attack resistance is observed.
23
Gupta, Punit, and Pallavi Kaliyar. "History Aware Anomaly Based IDS for Cloud IaaS." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 10, no. 6 (August 30, 2013): 1779–84. http://dx.doi.org/10.24297/ijct.v10i6.3205.
Анотація:
Cloud Computing provides different types of services such as SaaS, PaaS, IaaS. Each of them have their own security challenges, but IaaS undertakes all types of challenges viz., network attack ,behaviour based attack, request based attacks i.e handling the requests from untrusted users, XSS (cross site scripting attack), DDOS and many more. These attacks are independent of each other and consequently the QoS provided by cloud is compromised. This paper proposes a History aware Behaviour based IDS (Intrusion Detection System) BIDS. BIDS provides detection of untrusted users, false requests that may lead to spoofing, XSS or DOS attack and many more such attacks. In addition, certain cases where user login or password is compromised. History aware BIDs can be helpful in detecting such attacks and maintaining the QoS provided to the user in cloud IaaS ( Infrastructure as a service).
24
Rajan, Del. "Entropic DDoS Detection for Quantum Networks." Quantum Reports 4, no. 4 (December 13, 2022): 604–15. http://dx.doi.org/10.3390/quantum4040044.
Анотація:
Distributed Denial-of-Service (DDoS) attacks are a significant issue in classical networks. These attacks have been shown to impact the critical infrastructure of a nation, such as its major financial institutions. The possibility of DDoS attacks has also been identified for quantum networks. In this theoretical work, we introduce a quantum analogue of classical entropic DDoS detection systems and apply it in the context of detecting an attack on a quantum network. In particular, we examine DDoS attacks on a quantum repeater and harness the associated entanglement entropy for the detection system. Our results extend the applicability of quantum information from the domain of data security to the area of network security.
25
Al-Zewairi, Malek, Sufyan Almajali, and Moussa Ayyash. "Unknown Security Attack Detection Using Shallow and Deep ANN Classifiers." Electronics 9, no. 12 (November 26, 2020): 2006. http://dx.doi.org/10.3390/electronics9122006.
Анотація:
Advancements in machine learning and artificial intelligence have been widely utilised in the security domain, including but not limited to intrusion detection techniques. With the large training datasets of modern traffic, intelligent algorithms and powerful machine learning tools, security researchers have been able to greatly improve on the intrusion detection models and enhance their ability to detect malicious traffic more accurately. Nonetheless, the problem of detecting completely unknown security attacks is still an open area of research. The enormous number of newly developed attacks constitutes an eccentric challenge for all types of intrusion detection systems. Additionally, the lack of a standard definition of what constitutes an unknown security attack in the literature and the industry alike adds to the problem. In this paper, the researchers reviewed the studies on detecting unknown attacks over the past 10 years and found that they tended to use inconsistent definitions. This formulates the need for a standard consistent definition to have comparable results. The researchers proposed a new categorisation of two types of unknown attacks, namely Type-A, which represents a completely new category of unknown attacks, and Type-B, which represents unknown attacks within already known categories of attacks. The researchers conducted several experiments and evaluated modern intrusion detection systems based on shallow and deep artificial neural network models and their ability to detect Type-A and Type-B attacks using two well-known benchmark datasets for network intrusion detection. The research problem was studied as both a binary and multi-class classification problem. The results showed that the evaluated models had poor overall generalisation error measures, where the classification error rate in detecting several types of unknown attacks from 92 experiments was 50.09%, which highlights the need for new approaches and techniques to address this problem.
26
Fang, Xing, Wenhui Zhang, Jiming Lin, and Yuming Liu. "Research on SDN Fingerprint Attack Defense Mechanism Based on Dynamic Disturbance and Information Entropy Detection." Security and Communication Networks 2022 (August 13, 2022): 1–14. http://dx.doi.org/10.1155/2022/1957497.
Анотація:
As an emerging type of network architecture, SDN is widespread used and security issues have also received more and more attention. Fingerprint attacks represent one of the most significant threats to network security. Attackers obtain key fingerprint information of the target network, which lays the foundation for subsequent more threatening attacks. Currently, research on domestic and international SDN fingerprint attacks focuses on how to attack, and less research is being done on how to defend against fingerprinting attacks. This paper proposes a mechanism for defending fingerprint attacks that combines dynamic disturbance and information entropy detection. This mechanism adopts the principle of fingerprint attack, combined with a moving average algorithm, Bloom Filter, and packet delay tool, to confuse opponents by disturbing a small number of packets, simultaneously, combined with the information entropy detection to make real-time processing feedback to the network. The experimental results show that this mechanism works effectively to defend SDNs against fingerprint attacks without affecting the normal network communication.
27
Silva, Rui Filipe, Raul Barbosa, and Jorge Bernardino. "Intrusion Detection Systems for Mitigating SQL Injection Attacks." International Journal of Information Security and Privacy 14, no. 2 (April 2020): 20–40. http://dx.doi.org/10.4018/ijisp.2020040102.
Анотація:
Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.
28
Muhammad, Hafsat, Olumide B. Longe, Abimbola Baale,, and U.-O. Ekpo Antai. "Towards the Development of a Machine Learning Enhanceed Framework for Honeypot and CAPTCHA Intrusion Detection Systems." Advances in Multidisciplinary and scientific Research Journal Publication 34 (December 30, 2022): 43–50. http://dx.doi.org/10.22624/aims/accrabespoke2022/v34p4.
Анотація:
With the continuous prevalence of cyber-attacks, information safety has become very important to governments and organizations all over the world. Individuals, organizations and government suffers from financial and reputational damages consequent to cyber-attacks. Hence development of good cyber security technique became very important in the literature. Generally, traditional IDS are passive in such a way that they detect and report attacks based on predefined rules. Traditional IDS focus on how to detect attacks base on a given rule, i.e. either assigned or abnormality (Muhammad 2010). Other traditional securityy detection strategies such as firewall and CAPTCHA intrusion detection systems (IDS) have been invented to protect the system’s security, but there are still many critical issues which are reported every day (Salem et al 2008; Hauwa 2020). The situation worsens with the development of Internet technologies (Huang et al., 2019). Hence, cyber criminals continue to develop attack techniques against every cyber defense policy (Bukhari, S.et al,.2020). Therefore developed different cyber-attack methods such as phishing, image forgery, identity theft etc. On the other hand, academics and practitioners of cyber security are also developing cyber security measures. Hence, there is need for development of advanced security measures to curtail issues of cyber-attacks. This work proposes a framework that leverages on machine learning for same Key words: Machine Learning, Enhanceed Framework, Honeypot, CAPTCHA Intrusion Detection
29
O, Belej, Spas N, Artyshchuk I, and Fedastsou M. "Construction of a multi-agent attack detection system based on artificial intelligence models." Artificial Intelligence 26, jai2021.26(1) (June 30, 2021): 22–30. http://dx.doi.org/10.15407/jai2021.01.022.
Анотація:
Statistics of recent years on attacking actions on information systems show both the growth of known attackers and the growth of new models and directions of attacks. In this regard, the task of collecting information about events occurring in the information system and related to the main objects of the information system, and conducting their effective analysis is relevant. The main requirements for the tools of analysis are: speed and ability to adapt to new circumstances - adaptability. Means that meet these requirements are artificial intelligence systems. In particular, there are a number of research that use neural networks as a means of analysis. There are different types of neural networks, which differ depending on the tasks to be solved and are more suitable for different input data. The proposed multi-agent attack detection system collects and analyzes the collected information about the events of the information system using two types of neural networks. A multilayer perceptron is used to analyze various logs of information system objects. The Jordan network is used to analyze directly collected information about the events of information system objects. The use of a multi-agent attack detection system can increase the security of the information system. Features of modern attacks are considered. The urgency of the task of detecting attacks is substantiated. The peculiarities of the attack process were considered. The actions of attackers of different types at different stages of the attack are analyzed. It was shown which methods of detecting attacks should be used at different stages of the attack by an attacker. A model of a multi-agent attack detection system is proposed. An interpretation of the results of the analysis of information system events by the method of detecting attacks was proposed, as well as an algorithm for joint decision-making by agents based on several sources of information about their status. A model of an attack detection system that takes into account these features is proposed. This attack detection system collects information at several levels of the information system and uses it to analyze the artificial intelligence system
30
Hairab, Belal Ibrahim, Heba K. Aslan, Mahmoud Said Elsayed, Anca D. Jurcut, and Marianne A. Azer. "Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques." Electronics 12, no. 3 (January 23, 2023): 573. http://dx.doi.org/10.3390/electronics12030573.
Анотація:
The rapid development of cyberattacks in the field of the Internet of things (IoT) introduces new security challenges regarding zero-day attacks. Intrusion-detection systems (IDS) are usually trained on specific attacks to protect the IoT application, but the attacks that are yet unknown for IDS (i.e., zero-day attacks) still represent challenges and concerns regarding users’ data privacy and security in those applications. Anomaly-detection methods usually depend on machine learning (ML)-based methods. Under the ML umbrella are classical ML-based methods, which are known to have low prediction quality and detection rates with regard to data that it has not yet been trained on. DL-based methods, especially convolutional neural networks (CNNs) with regularization methods, address this issue and give a better prediction quality with unknown data and avoid overfitting. In this paper, we evaluate and prove that the CNNs have a better ability to detect zero-day attacks, which are generated from nonbot attackers, compared to classical ML. We use classical ML, normal, and regularized CNN classifiers (L1, and L2 regularized). The training data consists of normal traffic data, and DDoS attack data, as it is the most common attack in the IoT. In order to give the full picture of this evaluation, the testing phase of those classifiers will include two scenarios, each having data with different attack distribution. One of these is the backdoor attack, and the other is the scanning attack. The results of the testing proves that the regularized CNN classifiers still perform better than the classical ML-based methods in detecting zero-day IoT attacks.
31
Haseeb-ur-rehman, Rana M. Abdul, Azana Hafizah Mohd Aman, Mohammad Kamrul Hasan, Khairul Akram Zainol Ariffin, Abdallah Namoun, Ali Tufail, and Ki-Hyung Kim. "High-Speed Network DDoS Attack Detection: A Survey." Sensors 23, no. 15 (August 1, 2023): 6850. http://dx.doi.org/10.3390/s23156850.
Анотація:
Having a large number of device connections provides attackers with multiple ways to attack a network. This situation can lead to distributed denial-of-service (DDoS) attacks, which can cause fiscal harm and corrupt data. Thus, irregularity detection in traffic data is crucial in detecting malicious behavior in a network, which is essential for network security and the integrity of modern Cyber–Physical Systems (CPS). Nevertheless, studies have shown that current techniques are ineffective at detecting DDoS attacks on networks, especially in the case of high-speed networks (HSN), as detecting attacks on the latter is very complex due to their fast packet processing. This review aims to study and compare different approaches to detecting DDoS attacks, using machine learning (ML) techniques such as k-means, K-Nearest Neighbors (KNN), and Naive Bayes (NB) used in intrusion detection systems (IDSs) and flow-based IDSs, and expresses data paths for packet filtering for HSN performance. This review highlights the high-speed network accuracy evaluation factors, provides a detailed DDoS attack taxonomy, and classifies detection techniques. Moreover, the existing literature is inspected through a qualitative analysis, with respect to the factors extracted from the presented taxonomy of irregular traffic pattern detection. Different research directions are suggested to support researchers in identifying and designing the optimal solution by highlighting the issues and challenges of DDoS attacks on high-speed networks.
32
Tolіupa, Serhii, Oleksandr Pliushch, and Ivan Parkhomenko. "CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES." Cybersecurity: Education, Science, Technique 2, no. 10 (2020): 169–83. http://dx.doi.org/10.28925/2663-4023.2020.10.169183.
Анотація:
Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.
33
Bdair Alghuraibawi, Adnan Hasan, Rosni Abdullah, Selvakumar Manickam, and Zaid Abdi Alkareem Alyasseri. "Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detection system: A comprehensive review." International Journal of Electrical and Computer Engineering (IJECE) 11, no. 6 (December 1, 2021): 5216. http://dx.doi.org/10.11591/ijece.v11i6.pp5216-5228.
Анотація:
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
34
Abuabid, Ali, and Abdulrahman Aldeij. "Cyber Security Incident Response." Journal of Information Security and Cybercrimes Research 7, no. 1 (June 2, 2024): 29–50. http://dx.doi.org/10.26735/pnob5534.
Анотація:
In response to the growing cyber-attack threat, incident response teams have become a critical component of an organization's cybersecurity strategy. These teams are responsible for detecting, analyzing, and responding to security incidents promptly and effectively. However, detecting code injection attacks can be particularly challenging, as they can be difficult to detect and often go unnoticed until it is too late. Cybersecurity professionals use detection tools to detect and respond to DLL injection attacks that monitor system activity and detect unusual behavior. A large portion of the related literature focuses on the use of commercial DLL injection tools. In contrast, little attention has been paid to the effectiveness of using open-source DLL injection detection tools. Thus, this research project aims to evaluate the effectiveness of three widely used open-source tools, VirusTotal, Sysinternals, and Yara, in detecting DLL injection incidents. This study's findings highlight each tool's strengths and limitations, which in turn enables cybersecurity professionals to make informed decisions when selecting the most suitable tool for DLL injection detection. Furthermore, the study emphasizes the importance of continuous tool development and updates to keep pace with evolving malware techniques and emerging threats. By highlighting the effectiveness of the tools, this research enhances the overall security posture of organizations and individuals, empowering them to mitigate the risks associated with DLL injection attacks proactively. The outcomes of this research project also underscore the significance of leveraging advanced tools to fortify cybersecurity defenses and safeguard critical systems and data.
35
Lin, Hsiao-Chung, Ping Wang, and Wen-Hui Lin. "Implementation of a PSO-Based Security Defense Mechanism for Tracing the Sources of DDoS Attacks." Computers 8, no. 4 (December 4, 2019): 88. http://dx.doi.org/10.3390/computers8040088.
Анотація:
Most existing approaches for solving the distributed denial-of-service (DDoS) problem focus on specific security mechanisms, for example, network intrusion detection system (NIDS) detection and firewall configuration, rather than on the packet routing approaches to defend DDoS threats by new flow management techniques. To defend against DDoS attacks, the present study proposes a modified particle swarm optimization (PSO) scheme based on an IP traceback (IPTBK) technique, designated as PSO-IPTBK, to solve the IP traceback problem. Specifically, this work focuses on analyzing the detection of DDoS attacks to predict the possible attack routes in a distributed network. In the proposed approach, the PSO-IPTBK identifies the source of DDoS attacks by reconstructing the probable attack routes from collected network packets. The performance of the PSO-IPTBK algorithm in reconstructing the attack route was investigated through a series of simulations using OMNeT++ 5.5.1 and the INET 4 Framework. The results show that the proposed scheme can determine the most possible route between the attackers and the victim to defend DDoS attacks.
36
Gara, Fatma, Leila Ben Saad, and Rahma Ben Ayed. "An Efficient Intrusion Detection System for Selective Forwarding and Clone Attackers in IPv6-based Wireless Sensor Networks under Mobility." International Journal on Semantic Web and Information Systems 13, no. 3 (July 2017): 22–47. http://dx.doi.org/10.4018/ijswis.2017070102.
Анотація:
Security in mobile wireless sensor networks is a big challenge because it adds more complexity to the network in addition to the problems of mobility and the limited sensor node resources. Even with authentication and encryption mechanisms, an attacker can compromise nodes and get all the keying materials. Therefore, an intrusion detection system is necessary to detect and defend against the insider attackers. Currently, there is no intrusion detection system applied to IPv6-based mobile wireless sensor networks. This paper is mainly interested in detecting the selective forwarding and clone attacks because they are considered among the most dangerous attackers. In this work, the authors design, implement, and evaluate a novel intrusion detection system for mobile wireless sensor networks based on IPv6 routing protocol for low power and lossy networks. The new intrusion detection system can be extended to other attacks such as wormhole and sybil attacks. The simulations results show that the detection probability is 100% for selective attackers under some cases.
37
Yan, Guanghua, Qiang Li, Dong Guo, and Bing Li. "AULD: Large Scale Suspicious DNS Activities Detection via Unsupervised Learning in Advanced Persistent Threats." Sensors 19, no. 14 (July 19, 2019): 3180. http://dx.doi.org/10.3390/s19143180.
Анотація:
In recent years, sensors in the Internet of things have been commonly used in Human’s life. APT (Advanced Persistent Threats) has caused serious damage to network security and the sensors play an important role in the attack process. For a long time, attackers infiltrate, attack, conceal, spread, and steal information of target groups through the compound use of various attacking means, while existing security measures based on single-time nodes cannot defend against such attacks. Attackers often exploit the sensors’ vulnerabilities to attack targets because the security level of the sensors is relatively low when compared with that of the host. We can find APT attacks by checking the suspicious domains generated at different APT attack stages, since every APT attack has to use DNS to communicate. Although this method works, two challenges still exist: (1) the detection method needs to check a large scale of log data; (2) the small number of attacking samples limits conventional supervised learning. This paper proposes an APT detection framework AULD (Advanced Persistent Threats Unsupervised Learning Detection) to detect suspicious domains in APT attacks by using unsupervised learning. We extract ten important features from the host, domain name, and time from a large number of DNS log data. Later, we get the suspicious cluster by performing unsupervised learning. We put all of the domains in the cluster into the list of malicious domains. We collected 1,584,225,274 DNS records from our university network. The experiments show that AULD detected all of the attacking samples and that AULD can effectively detect the suspicious domain names in APT attacks.
38
Xuan, Cho Do, Duc Duong, and Hoang Xuan Dau. "A multi-layer approach for advanced persistent threat detection using machine learning based on network traffic." Journal of Intelligent & Fuzzy Systems 40, no. 6 (June 21, 2021): 11311–29. http://dx.doi.org/10.3233/jifs-202465.
Анотація:
Advanced Persistent Threat (APT) is a dangerous network attack method that is widely used by attackers nowadays. During the APT attack process, attackers often use advanced techniques and tools, thus, causing many difficulties for information security systems. In fact, to detect the APT attacks, intrusion detection systems cannot rely on one technique or method but often combine multiple techniques and methods. In addition, the approach for APT attack detection using behavior analysis and evaluation techniques is facing many difficulties due to the lack of characteristic data of attack campaigns. For the above reasons, in this paper, we propose a method for APT attack detection based on a multi-layer analysis. The multi-layer analysis technique in our proposal computes and analyzes various events in Network Traffic to detect and synthesize abnormal signs and behaviors in order to make conclusions about the existence of APT in the system. Specifically, in our proposal, we will use serial 3 main layers for the APT attack detection process including i) Detecting APT attacks based on analyzing abnormal connection; ii) Detecting APT attacks based on analyzing and evaluating Suricata log; iii) Detecting APT attacks based on analyzing behavior profiles that are compiled from layers (i) and (ii). To achieve these goals, the multi-layer analysis technique for APT attack detection will perform 2 main tasks: i) Analyzing and evaluating components of Network Traffic based on abnormal signs and behaviors. ii) building and classifying behavior profile based on each component of network traffic. In the experimental section, we will compare and evaluate the effectiveness of the APT attack detection process of each layer in the multi-layer analysis model using machine learning. Experimental results have shown that the APT attack detection method based on analyzing behavior profile has yielded better results than individual detection methods on all metrics. The research results shown in the paper not only demonstrate the effectiveness of the multilayer analysis model for APT attack detection but also provide a novel approach for detecting several other cyber-attack techniques.
39
Alashhab, Abdussalam Ahmed, Mohd Soperi Mohd Zahid, Mohamed A. Azim, Muhammad Yunis Daha, Babangida Isyaku, and Shimhaz Ali. "A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks." Symmetry 14, no. 8 (July 29, 2022): 1563. http://dx.doi.org/10.3390/sym14081563.
Анотація:
Software-defined networking (SDN) is a new networking paradigm that provides centralized control, programmability, and a global view of topology in the controller. SDN is becoming more popular due to its high audibility, which also raises security and privacy concerns. SDN must be outfitted with the best security scheme to counter the evolving security attacks. A Distributed Denial-of-Service (DDoS) attack is a network attack that floods network links with illegitimate data using high-rate packet transmission. Illegitimate data traffic can overload network links, causing legitimate data to be dropped and network services to be unavailable. Low-rate Distributed Denial-of-Service (LDDoS) is a recent evolution of DDoS attack that has been emerged as one of the most serious vulnerabilities for the Internet, cloud computing platforms, the Internet of Things (IoT), and large data centers. Moreover, LDDoS attacks are more challenging to detect because this attack sends a large amount of illegitimate data that are disguised as legitimate traffic. Thus, traditional security mechanisms such as symmetric/asymmetric detection schemes that have been proposed to protect SDN from DDoS attacks may not be suitable or inefficient for detecting LDDoS attacks. Therefore, more research studies are needed in this domain. There are several survey papers addressing the detection mechanisms of DDoS attacks in SDN, but these studies have focused mainly on high-rate DDoS attacks. Alternatively, in this paper, we present an extensive survey of different detection mechanisms proposed to protect the SDN from LDDoS attacks using machine learning approaches. Our survey describes vulnerability issues in all layers of the SDN architecture that LDDoS attacks can exploit. Current challenges and future directions are also discussed. The survey can be used by researchers to explore and develop innovative and efficient techniques to enhance SDN’s protection against LDDoS attacks.
40
Shang, Fute, Buhong Wang, Fuhu Yan, and Tengyao Li. "Multidevice False Data Injection Attack Models of ADS-B Multilateration Systems." Security and Communication Networks 2019 (March 3, 2019): 1–11. http://dx.doi.org/10.1155/2019/8936784.
Анотація:
Location verification is a promising approach among various ADS-B security mechanisms, which can monitor announced positions in ADS-B messages with estimated positions. Based on common assumption that the attacker is equipped with only a single device, this mechanism can estimate the position state through analysis of time measurements of messages using multilateration algorithm. In this paper, we propose the formal model of multidevice false data injection attacks in the ATC system against the location verification. Assuming that attackers equipped with multiple devices can manipulate the ADS-B messages in distributed receivers without any mutual interference, such attacker can efficiently construct attack vectors to change the results of multilateration. The feasibility of a multidevice false data injection attack is demonstrated experimentally. Compared with previous multidevice attacks, the multidevice false data injection attacks can offer lower cost and more covert attacks. The simulation results show that the proposed attack can reduce the attackers’ cost by half and achieve better time synchronization to bypass the existing anomaly detection. Finally, we discuss the real-world constraints that limit their effectiveness and the countermeasures of these attacks.
41
Vermani, Kunal, Amandeep Noliya, Sunil Kumar, and Kamlesh Dutta. "Ensemble Learning Based Malicious Node Detection in SDN-Based VANETs." Journal of Information Systems Engineering and Business Intelligence 9, no. 2 (November 1, 2023): 136–46. http://dx.doi.org/10.20473/jisebi.9.2.136-146.
Анотація:
Background: The architecture of Software Defined Networking (SDN) integrated with Vehicular Ad-hoc Networks (VANETs) is considered a practical method for handling large-scale, dynamic, heterogeneous vehicular networks, since it offers flexibility, programmability, scalability, and a global understanding. However, the integration with VANETs introduces additional security vulnerabilities due to the deployment of a logically centralized control mechanism. These security attacks are classified as internal and external based on the nature of the attacker. The method adopted in this work facilitated the detection of internal position falsification attacks. Objective: This study aimed to investigate the performance of k-NN, SVM, Naïve Bayes, Logistic Regression, and Random Forest machine learning (ML) algorithms in detecting position falsification attacks using the Vehicular Reference Misbehavior (VeReMi) dataset. It also aimed to conduct a comparative analysis of two ensemble classification models, namely voting and stacking for final decision-making. These ensemble classification methods used the ML algorithms cooperatively to achieve improved classification. Methods: The simulations and evaluations were conducted using the Python programming language. VeReMi dataset was selected since it was an application-specific dataset for VANETs environment. Performance evaluation metrics, such as accuracy, precision, recall, F-measure, and prediction time were also used in the comparative studies. Results: This experimental study showed that Random Forest ML algorithm provided the best performance in detecting attacks among the ML algorithms. Voting and stacking were both used to enhance classification accuracy and reduce time required to identify an attack through predictions generated by k-NN, SVM, Naïve Bayes, Logistic Regression, and Random Forest classifiers. Conclusion: In terms of attack detection accuracy, both methods (voting and stacking) achieved the same level of accuracy as Random Forest. However, the detection of attack using stacking could be achieved in roughly less than half the time required by voting ensemble. Keywords: Machine learning methods, Majority voting ensemble, SDN-based VANETs, Security attacks, Stacking ensemble classifiers, VANETs,
42
Liu, Likun, Hongli Zhang, Xiangzhan Yu, Yi Xin, Muhammad Shafiq, and Mengmeng Ge. "An Efficient Security System for Mobile Data Monitoring." Wireless Communications and Mobile Computing 2018 (June 11, 2018): 1–10. http://dx.doi.org/10.1155/2018/9809345.
Анотація:
During the last decade, rapid development of mobile devices and applications has produced a large number of mobile data which hide numerous cyber-attacks. To monitor the mobile data and detect the attacks, NIDS/NIPS plays important role for ISP and enterprise, but now it still faces two challenges, high performance for super large patterns and detection of the latest attacks. High performance is dominated by Deep Packet Inspection (DPI) mechanism, which is the core of security devices. A new TTL attack is just put forward to escape detecting, such that the adversary inserts packet with short TTL to escape from NIDS/NIPS. To address the above-mentioned problems, in this paper, we design a security system to handle the two aspects. For efficient DPI, a new two-step partition of pattern set is demonstrated and discussed, which includes first set-partition and second set-partition. For resisting TTL attacks, we set reasonable TTL threshold and patch TCP protocol stack to detect the attack. Compared with recent produced algorithm, our experiments show better performance and the throughput increased 27% when the number of patterns is 106. Moreover, the success rate of detection is 100%, and while attack intensity increased, the throughput decreased.
43
Desai, Vinod, and Dinesha Hagare Annappaiah. "Reputation-based Security model for detecting biased attacks in BigData." Indonesian Journal of Electrical Engineering and Computer Science 29, no. 3 (March 1, 2023): 1567. http://dx.doi.org/10.11591/ijeecs.v29.i3.pp1567-1576.
Анотація:
As internet of things (IoT) devices are increasing since the emergence of these devices in 2010, the data stored by these devices should have a proper security measure so that it can be stored without getting in hands of an attacker. The data stored has to be analyzed whether the data is safe or malicious, as the malicious data can corrupt the whole information. The security model in BigData has many challenges such as vulnerability to fake data generation, troubles with cryptographic protection, and absent security audits. As cyberattacks are increasing the main objective of each organization is to secure the data efficiently. This paper presents a model of reputation security for the detection of biased attacks on BigData. The proposed model provides various evaluation models to identify biased attack in malicious IoT devices and provide a secure communication metric for BigData. The results show better rates in terms of attack detection rate, attack detection failure rata, system throughput and number of dead nodes when the attack rate is increased when compared with the existing reputation-based security (ERS) model. Moreover, this model reputation-based biased attack detection (RBAD) increases the security of the IoT devices in the BigData and reduces the biased attack coming from various malicious nodes.
44
ALAzzawi, Abdulbasit. "SQL Injection Detection Using RNN Deep Learning Model." Journal of Applied Engineering and Technological Science (JAETS) 5, no. 1 (December 10, 2023): 531–41. http://dx.doi.org/10.37385/jaets.v5i1.2864.
Анотація:
SQL injection attacks are a common type of cyber-attack that exploit vulnerabilities in web applications to access databases through malicious SQL queries. These attacks pose a serious threat to the security and integrity of web applications and their data. The existing methods for detecting SQL injection attacks are based on predefined rules that can be easily circumvented by sophisticated attackers. Therefore, there is a need for a more robust and effective method for detecting SQL injection attacks. In this research, we propose a novel method for detecting SQL injection attacks using recurrent neural networks (RNN), which are a type of deep learning model that can capture the syntax and semantic features of SQL queries. We train an RNN model on a dataset of benign and malicious SQL queries, and use it to classify queries as either benign or malicious. We evaluate our method on a benchmark dataset and compare it with the existing rule-based methods. Our experimental results show that our method achieved high accuracy and outperformed the rule-based methods for detecting SQL injection attacks. Our research contributes to the field of web application security by providing a new and effective solution for protecting web applications from SQL injection attacks using deep learning. Our method has both practical and theoretical implications, as it can be easily integrated into existing web application security frameworks to provide an additional layer of protection against SQL injection attacks, and it can also advance the understanding of how deep learning models can be applied to natural language processing tasks such as SQL query analysis.
45
Dasari, Kishore Babu, and Nagaraju Devarakonda. "Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms." Ingénierie des systèmes d information 26, no. 5 (October 31, 2021): 461–68. http://dx.doi.org/10.18280/isi.260505.
Анотація:
Cyber attacks are one of the world's most serious challenges nowadays. A Distributed Denial of Service (DDoS) attack is one of the most common cyberattacks that has affected availability, which is one of the most important principles of information security. It leads to so many negative consequences in terms of business, production, reputation, data theft, etc. It shows the importance of effective DDoS detection mechanisms to reduce losses. In order to detect DDoS attacks, statistical and data mining methods have not been given good accuracy values. Researchers get good accuracy values while detecting DDoS attacks by using classification algorithms. But researchers, use individual classification algorithms on generalized DDoS attacks. This study used six machine learning classification algorithms to detect eleven different DDoS attacks on different DDoS attack datasets. We used the CICDDoS2019 dataset which is collected from the Canadian Institute of Cyber security in this study. It contains eleven different DDoS attack datasets in CSV file format. On each DDoS attack, we evaluated the effectiveness of the classification methods Logistic regression, Decision tree, Random Forest, Ada boost, KNN, and Naive Bayes, and determined the best classification algorithms for detection.
46
Al-Rajeh, Noura S., and Amal A. Al-Shargabi. "Dual Spectral Attention Model for Iris Presentation Attack Detection." International Journal of Interactive Mobile Technologies (iJIM) 18, no. 10 (May 22, 2024): 71–89. http://dx.doi.org/10.3991/ijim.v18i10.46981.
Анотація:
The widespread use of iris recognition systems has led to a growing demand for enhanced security measures to counter potential iris presentation attacks, also known as anti-spoofing. To enhance the security and reliability of iris recognition systems, researchers have developed numerous methods for detecting presentation attacks. Most of these methods lack precision in detecting unknown attacks compared to known attacks. In addition, most literature on iris presentation attack detection (PAD) systems utilizes near-infrared (NIR) samples as inputs. These samples produce superior-quality and robust images with less reflection in the cornea of the eye. Despite this, due to the widespread use of smartphones and the necessity for unsupervised identity verification, visible-light samples play a crucial role in detecting presentation attacks. These samples can be easily captured using smartphone cameras. In this paper, a dual-spectral attention model has been developed to train a unified model for multiple real-world attack scenarios. Two different scenarios were tested. In the first scenario, the model was trained as a one-class anomaly detection (AD) approach, while in the second scenario, it was trained as a normal two-class detection approach. This model achieved the best result for the attack presentation classification error rate (APCER) of 4.87% in a one-class AD scenario when tested on the attack dataset, outperforming most studies on the same test dataset. These experimental results suggest that future research opportunities in areas such as working with visible light images, using an AD approach, and focusing on uncontrolled environment samples and synthetic iris images may improve iris detection accuracy.
47
Xia, Kui Liang. "Modeling and Simulation of Low Rate of Denial of Service Attacks." Applied Mechanics and Materials 484-485 (January 2014): 1063–66. http://dx.doi.org/10.4028/www.scientific.net/amm.484-485.1063.
Анотація:
The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.
48
Skaruz, Jarosław. "Database security: combining neural networks and classification approach." Studia Informatica, no. 23 (December 22, 2020): 95–115. http://dx.doi.org/10.34739/si.2019.23.06.
Анотація:
In the paper we present a new approach based on application of neural networks to detect SQL attacks. SQL attacks are those attacks that take the advantage of using SQL statements to be performed. The problem of detection of this class of attacks is transformed to time series prediction problem. SQL queries are used as a source of events in a protected environment. To differentiate between normal SQL queries and those sent by an attacker, we divide SQL statements into tokens and pass them to our detection system, which predicts the next token, taking into account previously seen tokens. In the learning phase tokens are passed to a recurrent neural network (RNN) trained by backpropagation through time (BPTT) algorithm. Then, two coefficients of the rule are evaluated. The rule is used to interpret RNN output. In the testing phase RNN with the rule is examined against attacks and legal data to find out how evaluated rule affects efficiency of detecting attacks. All experiments were conducted on Jordan network. Experimental results show the relationship between the rule and a length of SQL queries.
49
Khan, Zulfiqar Ali, and Akbar Siami Namin. "A Survey of DDOS Attack Detection Techniques for IoT Systems Using BlockChain Technology." Electronics 11, no. 23 (November 24, 2022): 3892. http://dx.doi.org/10.3390/electronics11233892.
Анотація:
The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate attention because hackers access vital personal and financial information and then misuse it. These security issues can allow hackers to hijack IoT devices and then use them to establish a Botnet to launch a Distributed Denial of Service (DDoS) attack. Blockchain technology can provide security to IoT devices by providing secure authentication using public keys. Similarly, Smart Contracts (SCs) can improve the performance of the IoT–blockchain network through automation. However, surveyed work shows that the blockchain and SCs do not provide foolproof security; sometimes, attackers defeat these security mechanisms and initiate DDoS attacks. Thus, developers and security software engineers must be aware of different techniques to detect DDoS attacks. In this survey paper, we highlight different techniques to detect DDoS attacks. The novelty of our work is to classify the DDoS detection techniques according to blockchain technology. As a result, researchers can enhance their systems by using blockchain-based support for detecting threats. In addition, we provide general information about the studied systems and their workings. However, we cannot neglect the recent surveys. To that end, we compare the state-of-the-art DDoS surveys based on their data collection techniques and the discussed DDoS attacks on the IoT subsystems. The study of different IoT subsystems tells us that DDoS attacks also impact other computing systems, such as SCs, networking devices, and power grids. Hence, our work briefly describes DDoS attacks and their impacts on the above subsystems and IoT. For instance, due to DDoS attacks, the targeted computing systems suffer delays which cause tremendous financial and utility losses to the subscribers. Hence, we discuss the impacts of DDoS attacks in the context of associated systems. Finally, we discuss Machine-Learning algorithms, performance metrics, and the underlying technology of IoT systems so that the readers can grasp the detection techniques and the attack vectors. Moreover, associated systems such as Software-Defined Networking (SDN) and Field-Programmable Gate Arrays (FPGA) are a source of good security enhancement for IoT Networks. Thus, we include a detailed discussion of future development encompassing all major IoT subsystems.
50
Barabanov, Alexander, Denis Dergunov, Denis Makrushin, and Aleksey Teplov. "AUTOMATIC DETECTION OF ACCESS CONTROL VULNERABILITIES VIA API SPECIFICATION PROCESSING." Voprosy kiberbezopasnosti, no. 1(47) (2022): 49–65. http://dx.doi.org/10.21681/2311-3456-2022-1-49-65.
Анотація:
Objective. Insecure Direct Object Reference (IDOR) or Broken Object Level Authorization (BOLA) are one of the critical type of access control vulnerabilities for modern applications. As a result, an attacker can bypass authorization checks leading to information leakage, account takeover. Our main research goal was to help an application security architect to optimize security design and testing process by giving an algorithm and tool that allows to automatically analyze system API specifications and generate list of possible vulnerabilities and attack vector ready to be used as security non-functional requirements. Method. We conducted a multivocal review of research and conference papers, bug bounty program reports and other grey sources of literature to outline patterns of attacks against IDOR vulnerability. These attacks are collected in groups proceeding with further analysis common attributes between these groups and what features compose the group. Endpoint properties and attack techniques comprise a group of attacks. Mapping between group features and existing OpenAPI specifications is performed to implement a tool for automatic discovery of potentially vulnerable endpoints. Results and practical relevance. In this work, we provide systematization of IDOR/BOLA attack techniques based on literature review, real cases analysis and derive IDOR/BOLA attack groups. We proposed an approach to describe IDOR/BOLA attacks based on OpenAPI specifications properties. We develop an algorithm of potential IDOR/BOLA vulnerabilities detection based on OpenAPI specification processing. We implemented our novel algorithm using Python and evaluated it. The results show that algorithm is resilient and can be used in practice to detect potential IDOR/BOLA vulnerabilities.