基于深度学习的僵尸网络检测技术研究

入侵检测系统通过分析网络流量来学习正常和异常行为,并能够检测到未知的攻击。一个入侵检测系统的性能高度依赖于特征的设计,而针对不同入侵的特征设计则是一个很复杂的问题。因此,提出了一种基于深度学习检测僵尸网络的系统。该系统利用卷积神经网络(Convolutional Neural Network,CNN)和长短期记忆网络(Long Short-Term Memory,LSTM)分别学习网络流量的空间特征和时序特征,而特征学习的整个过程由深度神经网络自动完成,不依赖于人工设计特征。实验结果表明,该系统在僵尸网络检测方面具有良好的表现。     

Anomaly based intrusion detection for 802.11 networks with optimal features using SVM classifier

The Wireless Fidelity (WiFi) is a widely used wireless technology due to its flexibility and mobility in the presence of vulnerable security features. Several attempts to secure 802.11 standard ends up with the inadequate security mechanisms that are vulnerable to various attacks and intrusions. Thus, integration of external defense mechanism like intrusion detection system (IDS) is inevitable. An anomaly-based IDS employs machine learning algorithms to detect attacks. Selecting the best set of features is central to ensure the performance of the classifier in terms of speed of learning, accuracy, and reliability. This paper proposes a normalized gain based IDS for MAC Intrusions (NMI) to improve the IDS performance significantly. The proposed NMI includes two primary components OFSNP and DCMI. The first component is optimal feature selection using NG and PSO (OFSNP) and the second component is Detecting and Categorizing MAC 802.11 Intrusions (DCMI) using SVM classifier. The OFSNP ranks the features using an independent measure as normalized gain (NG) and selects the optimal set of features using semi-supervised clustering (SSC). The SSC is based on particle swarm optimization (PSO) that uses labeled and unlabeled features simultaneously to find a group of optimal features. Using the optimal set of features, the proposed DCMI utilizes a rapid and straightforward support vector machine (SVM) learning that classifies the attacks under the appropriate classes. Thus, the proposed NMI achieves a better trade-off between detection accuracy and learning time. The experimental results show that the NMI accurately detects and classifies the 802.11 specific intrusions and also, it reduces the false positives and computation complexity by decreasing the number of features.     

Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN

Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. Thus, it is essential to create an Intrusion Detection System (IDS) to detect both insider and outsider attacks with high detection accuracy in cloud environment. This work proposes an anomaly detection system at the hypervisor layer named Hypervisor Detector that uses a hybrid algorithm which is a mixture of Fuzzy C-Means clustering algorithm and Artificial Neural Network (FCM-ANN) to improve the accuracy of the detection system. The proposed system is implemented and compared with Naïve Bayes classifier and Classic ANN algorithm. The DARPA’s KDD cup dataset 1999 is used for experiments. Based on extensive theoretical and performance analysis, it is evident that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate even for low frequent attacks thereby outperforming Naïve Bayes classifier and Classic ANN.     

Design and analysis of intrusion detection systems for wireless mesh networks

Intrusion is any unwanted activity that can disrupt the normal functions of wired or wireless networks. Wireless mesh networking technology has been pivotal in providing an affordable means to deploy a network and allow omnipresent access to users on the Internet. A multitude of emerging public services rely on the widespread, high-speed, and inexpensive connectivity provided by such networks. The absence of a centralized network infrastructure and open shared medium makes WMNs particularly susceptible to malevolent attacks, especially in multihop networks. Hence, it is becoming increasingly important to ensure privacy, security, and resilience when designing such networks. An effective method to detect possible internal and external attack vectors is to use an intrusion detection system. Although many Intrusion Detection Systems (IDSs) were proposed for Wireless Mesh Networks (WMNs), they can only detect intrusions in a particular layer. Because WMNs are vulnerable to multilayer security attacks, a cross-layer IDS are required to detect and respond to such attacks. In this study, we analyzed cross-layer IDS options in WMN environments. The main objective was to understand how such schemes detect security attacks at several OSI layers. The suggested IDS is verified in many scenarios, and the experimental results show its efficiency.     

A Hybrid Feature Selection Method for Improved Detection of Wired/Wireless Network Intrusions

Internet has become an essential aspect of communication in the day to day life of everyone around the world. With the increased usage of Internet, attacks have also increased and the need for various levels of security is on the rise, both in wired and wireless environments. Intrusion detection system (IDS) has become a mandatory level of security for organizations to protect themselves from intruders. Improving the accuracy of IDS is crucial and it is the present focus of researchers. Feature selection has its role in enhancing accuracy by extracting the most relevant features. This study proposes a hybrid method for feature selection that picks and combines the best features from different feature selection methods. This method can be applied for feature reduction in any application domain. In this work, the proposed hybrid method is employed for intrusion detection and six predominant features are picked from NSL-KDD dataset. An exhaustive performance investigation has proved that the proposed feature selection method increases the detection rate by 5% thereby improving the accuracy of intrusion detection system by 3%.     

近场毫米波三维成像与异物检测方法

主动式毫米波阵列3维成像系统是人体安检成像系统的研究热点,该文对主动式毫米波阵列3维系统工作模式、信号模型和成像算法进行了介绍,并将深度学习中的卷积神经网络(CNN)热图检测方法和边框回归检测技术应用于人体安检成像异物检测。研究表明,基于热图的检测方法和基于YOLO的检测方法均可实现异物检测。基于热图的检测方法网络结构简单、易训练,但由于需要遍历整幅待检测图像,运算时间长,且生成的检测框尺寸固定,无法适应异物尺寸变化。基于YOLO的检测算法网络结构复杂、训练耗时长,但该方法在检测速度与检测框精度上优势明显,更利于机场安检等对实时性要求较高的检测应用。      

ID-based proxy re-signature without pairing

Several new attacks have been identified in CRNs such as primary user emulation, dynamic spectrum access (DSA), and jamming attacks. Such types of attacks can severely impact network performance, specially in terms of the over all achieved network throughput. In response to that, intrusion detection system (IDS) based on anomaly and signature detection is recognized as an effective candidate solution to handle and mitigate these types of attacks. In this paper, we present an intrusion detection system for CRNs (CR-IDS) using the anomaly-based detection (ABD) approach. The proposed ABD algorithm provides the ability to effectively detect the different types of CRNs security attacks. CR-IDS contains different cooperative components to accomplish its desired functionalities which are monitoring, feature generation and selection, rule generation, rule based system, detection module, action module, impact analysis and learning module. Our simulation results show that CR-IDS can detect DSA attacks with high detection rate and very low false negative and false positive probabilities.     

基于深度学习的探地雷达二维剖面图像结构特征检测方法

该文针对探地雷达(GPR) 2维剖面图像中目标特征提取困难及其识别精度较低等问题,采用深度学习方法来提取2维剖面图像中目标的特征双曲线。根据GPR工作的物理机制,设计了一种级联结构的卷积神经网络(CNN),先检测并去除回波数据中的直达波干扰信号,再利用CNN得到B扫描(B-SCAN)图像的特征图,并对特征信号进行分类识别以提取目标的特征双曲线。同时,为处理各种干扰信号影响目标特征双曲线结构完整性的问题,提出了一种基于方向引导的特征数据补全方法,提高了目标特征双曲线识别的准确率。与方向梯度直方图(HOG)算法、单级式目标检测(YOLOV3)算法和更快速的区域卷积神经网络(Faster RCNN)算法相比,在综合评价指标F上该文方法的检测结果是最优的。     

音频标记一致性约束CRNN声音事件检测

级联卷积神经网络(CNN)结构和循环神经网络(RNN)结构的卷积循环神经网络(CRNN)及其改进是当前主流的声音事件检测模型.然而,以端到端方式训练的CRNN声音事件检测模型无法从功能上约束CNN和RNN结构的作用.针对这一问题,该文提出了音频标记一致性约束CRNN声音事件检测方法(ATCC-CRNN).该方法在CRN...     

基于CNN的金属疲劳裂纹超声红外热像检测与识别方法研究

传统超声红外热像检测与识别金属疲劳裂纹主要是通过图像处理算法提取红外热图像的相关热特征,并与裂纹特征进行匹配,其过程过于繁琐,识别率较低且需要人工筛选有效特征。结合主动红外热成像技术以及卷积神经网络（Convolutional Neural Network,CNN）在金属结构无损检测与缺陷自动识别中的优势,提出了一种基于CNN的金属疲劳裂纹超声红外热像检测与识别方法。通过超声红外热成像装置对实验对象（文中为金属平板试件）进行检测,获取红外热图像并制作图像数据集。运用设计的卷积神经网络对不同尺寸裂纹的超声红外热图像进行特征提取与识别分类。此外,对所提出的方法与两种常见图像分类网络模型以及支持向量机的分类结果进行对比。实验结果表明,设计的卷积神经网络在该数据集上识别分类准确率为100%,优于其他网络模型和支持向量机的识别分类,可以有效检测与识别金属疲劳裂纹。     

基于密集连接卷积神经网络的入侵检测技术研究

卷积神经网络在入侵检测技术领域中已得到广泛应用，一般地认为层次越深的网络结构其在特征提取、检测准确率等方面就越精确。但也伴随着梯度弥散、泛化能力不足且参数量大准确率不高等问题。针对上述问题，该文提出将密集连接卷积神经网络(DCCNet)应用到入侵检测技术中，并通过使用混合损失函数达到提升检测准确率的目的。用KDD 99数据集进行实验，将实验结果与常用的LeNet神经网络、VggNet神经网络结构相比。分析显示在检测的准确率上有一定的提高，而且缓解了在训练过程中梯度弥散问题。     

分离通道联合卷积神经网络的自动调制识别

针对通信信号的自动调制识别需要大量特征提取的问题,提出了一种分离通道卷积神经网络自动调制识别算法。该算法通过结合深度学习中卷积神经网络(CNN),分别提取时域信号的多通道和分离通道调制特征,再利用融合特征实现不同信号的分类。仿真结果表明,相比基于CNN的算法,所提算法在高信噪比下针对两个数据集的识别率分别提升7%和18%;此外,相比于基于特征提取的传统识别算法,其高阶调制识别性能平均提升3 dB。     

基于遗传神经网络的入侵检测模型

这篇文章提出了一种基于遗传神经网络的入侵检测模型-进化神经网络入侵检测系统(ENNIDS),模型的核心模块利用遗传算法优化神经网络来实现,结合了误用检测和异常检测技术,并从理论上分析了该模型各个模块的功能和实现技术.我们在UCI机器学习数据库的入侵检测数据集上进行了实验,实验结果表明:该模型在检测正确率、误警率等方面能获得校好的性能。     

基于改进遗传算法的入侵检测技术的设计与实现

天地一体化网络处在开放的电磁环境中,会时常遭受恶意网络入侵。为解决网络中绕过安全机制的非授权行为对系统进行攻击的问题,提出一种改进的遗传算法。该算法以决策树算法为适应度函数,通过删除数据集中的冗余特征,显著提高了对网络攻击的拦截率。通过机器学习进行异常分类,并利用遗传算法的特征选择功能,增强机器学习方法的分类效率。为验证算法的有效性,选用UNSW_NB15和UGRansome1819数据集进行训练和检测。使用随机森林、人工神经网络、K近邻和支持向量机等4种机器学习分类器进行评估,采用准确性、F1分数、召回率和混淆矩阵等指标评估算法的性能。实验证明,遗传算法作为特征选择工具能够显著提高分类准确性,并在算法性能上取得显著改善。同时,为解决弱分类器的不稳定性,提出一种集成学习优化技术,将弱分类器和强分类器集成进行优化。实验证实了该优化算法在提高弱分类器稳定性方面性能卓越。     

A new ontology‐based multi agent framework for intrusion detection

Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology‐based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents.     

Compressive Sensing Node Localization Method Using Autonomous Underwater Vehicle Network

This framework attempts to introduce a new Distributed denial-of-service (DDoS) attack detection and mitigation model. It is comprised of two stages, namely DDoS attack detection and mitigation. The first stage consists of three important phases like feature extraction, optimal feature selection, and classification. In order to optimally select the features of obtained feature sets, a new improved algorithm is implanted named Improved Update oriented Rider Optimization Algorithm (IU-ROA), which is the modification of the Rider Optimization Algorithm (ROA) algorithm. The optimal features are subjected to classification using the Deep Convolutional Neural Network (CNN) model, in which the presence of network attacks can be detected. The second stage is the mitigation of the attacker node. For this, a bait detection mechanism is launched, which provides the effective mitigation of malicious nodes having Distributed Denial-of-Service (DDoS) attacks. The experimentation is done on the KDD cup 99 dataset and the experimental analysis proves that the proposed model generates a better result which is 90.06% in mitigation analysis and the overall performance analysis of the proposed model on DDoS Attack Detection is 96% better than conventional methods.

     

基于循环神经网络的无线网络入侵检测分类模型构建与优化研究

为提高无线网络入侵检测模型的综合性能,该文将循环神经网络(RNN)算法用于构建无线网络入侵检测分类模型。针对无线网络入侵检测训练数据样本分布不均衡导致分类模型出现过拟合的问题,在对原始数据进行清洗、转换、特征选择等预处理基础上,提出基于窗口的实例选择算法精简训练数据集。对攻击分类模型的网络结构、激活函数和可复用性进行综合优化实验,得到最终优化模型,分类准确率达到98.6699%,综合优化后的运行时间为9.13 s。与其他机器学习算法结果比较,该优化方法在分类准确率和执行效率两个方面取得了很好的效果,综合性能优于传统的入侵检测分类模型。     

WSN中数据融合阶段的自适应入侵检测方案

针对基于无线传感网络(WSN)的关键基础设施安全监测问题,提出一种基于数据融合阶段的自适应入侵检测算法。该算法以基于权重的簇化网络结构为基础,利用异常检测子系统和误用检测子系统分别检测已知攻击和未知攻击,然后通过跟踪2个子系统接收操作特征(ROC)和奖惩机制,自动调整转发至2个子系统的融合数据比例,即可实现在数据融合阶段对关键基础设施的自适应入侵检测。仿真分析表明：该算法的准确率和检测率高达99.6%和94.9%以上,与其他经典入侵检测系统相比,可分别至少提高0.5%和10.2%左右。     

Intrusion Detection System in Wireless Sensor Network Using Conditional Generative Adversarial Network

Wireless communication networks have much data to sense, process, and transmit. It tends to develop a security mechanism to care for these needs for such modern-day systems. An intrusion detection system (IDS) is a solution that has recently gained the researcher’s attention with the application of deep learning techniques in IDS. In this paper, we propose an IDS model that uses a deep learning algorithm, conditional generative adversarial network (CGAN), enabling unsupervised learning in the model and adding an eXtreme gradient boosting (XGBoost) classifier for faster comparison and visualization of results. The proposed method can reduce the need to deploy extra sensors to generate fake data to fool the intruder 1.2–2.6%, as the proposed system generates this fake data. The parameters were selected to give optimal results to our model without significant alterations and complications. The model learns from its dataset samples with the multiple-layer network for a refined training process. We aimed that the proposed model could improve the accuracy and thus, decrease the false detection rate and obtain good precision in the cases of both the datasets, NSL-KDD and the CICIDS2017, which can be used as a detector for cyber intrusions. The false alarm rate of the proposed model decreases by about 1.827%.

     

基于CNN的键盘电磁信息泄漏识别检测方法

针对键盘电磁信息安全问题,分析了PS/2键盘的工作原理以及信号特征,提出一种基于深度学习的检测方法。该方法针对键盘设备的电磁泄漏信号特征,对卷积神经网络(CNN)结构进行了适应性调整;结合改进的梯度加权类激活映射方法,实现了对键盘电磁信息的智能识别和精准定位。对4个按键的电磁信号进行测试,分类准确率达到了98%;在噪声环境下的分类准确率也达到了81%。将梯度加权类激活映射方法及其改进方法对键盘电磁信息的定位效果进行了对比,实验结果证明改进后的方法定位效果更佳。