A self‐learning stream classifier for flow‐based botnet detection

Botnets have been recently recognized as one of the most formidable threats on the Internet. Different approaches have been designed to detect these types of attacks. However, as botnets evolve their behavior to mislead the signature‐based detection systems, learning‐based methods may be deployed to provide a generalization capacity in identifying unknown botnets. Developing an adaptable botnet detection system, which incrementally evolves with the incoming flow stream, remains as a challenge. In this paper, a self‐learning botnet detection system is proposed, which uses an adaptable classification model. The system uses an ensemble classifier and, in order to enhance its generalization capacity, updates its model continuously on receiving new unlabeled traffic flows. The system is evaluated with a comprehensive data set, which contains a wide variety of botnets. The experiments demonstrate that the proposed system can successfully adapt in a dynamic environment where new botnet types are observed during the system operation. We also compare the system performance with other methods.     

A distributed adaptive landmark clustering algorithm based on mOverlay and learning automata for topology mismatch problem in unstructured peer‐to‐peer networks

Peer‐to‐peer networks are overlay networks that are built on top of communication networks that are called underlay networks. In these networks, peers are unaware of the underlying networks, so the peers choose their neighbors without considering the underlay positions, and therefore, the resultant overlay network may have mismatches with its underlying network, causing redundant end‐to‐end delay. Landmark clustering algorithms, such as mOverlay , are used to solve topology mismatch problem. In the mOverlay algorithm, the overlay network is formed by clusters in which each cluster has a landmark peer. One of the drawbacks of mOverlay is that the selected landmark peer for each cluster is fixed during the operation of the network. Because of the dynamic nature of peer‐to‐peer networks, using a non‐adaptive landmark selection algorithm may not be appropriate. In this paper, an adaptive landmark clustering algorithm obtained from the combination of mOverlay and learning automata is proposed. Learning automata are used to adaptively select appropriate landmark peers for the clusters in such a way that the total communication delay will be minimized. Simulation results have shown that the proposed algorithm outperforms the existing algorithms with respect to communication delay and average round‐trip time between peers within clusters. Copyright © 2015 John Wiley & Sons, Ltd.     

FD-DBN: Flow directed deep belief network for accurate anomaly detection in cloud computing

Security becomes the key concern in a cloud environment, as the servers are distributed throughout the globe and involve the circulation of highly sensitive data. Intrusions in the cloud are common because of the huge network traffic that paves the way for intruders to breach traditional security systems with sophisticated software. To avoid such problems, intrusion detection systems (IDSs) have been introduced by various researchers. Each IDS was developed to achieve a particular objective, that is, providing security by detecting intrusions. Most of the available IDS are inefficient and are unable to provide accurate classification. Also, some of them are computationally expensive to be implemented in practical scenarios. This article proposes a new and efficient IDS framework that can accurately classify the intrusion type through effective training to address the existing drawbacks. The proposed framework, named flow directed deep belief network (FD-DBN), involves three main phases: pre-processing, clustering, and classification. In pre-processing, certain data mining operations are carried out to clean the data. The clustering phase is carried out using the game-based k-means (GBKM) clustering algorithm. The clustered data is then provided as input to the FD-DBN classification framework, where the training process is carried out. The deep belief network (DBN) training is performed with dataset features, and the flow direction algorithm is adopted for tuning the weight parameters of DBN. Through tuning, the model yielded accurate classification outcomes. The simulations are done in Python 3.6, and the results proved that the proposed framework is much more effective than the existing IDS frameworks.     

Distributed radio access technology selection for adaptive networks in high‐speed,B3G infrastructures

Wireless systems migrate towards the era of ‘Beyond the 3rd Generation’ (B3G). A fundamental facilitator of this vision is the evolution of high speed, adaptive networks, needed for better handling the offered demand and improving resource utilization. Adaptive networks dynamically select their configuration, in order to optimally adapt to the changing environment requirements and conditions. This paper presents optimization functionality that can be used to support network adaptability (cognition‐reconfigurability) in a B3G context. The paper starts from the business case that justifies the need for placing research onto adaptive networks and then continues with the management functionality for (re)configuration decisions, which is targeted to the dynamic selection of the appropriate radio access technologies (RATs). RAT selection is modelled through an optimization problem called (RAT, Demand and QoS‐Assignment problem—RDQ‐A), the solution of which assigns in a distributed manner the available RATs to adaptive Base Station transceivers and the demand (users) to these transceivers and to QoS levels, respectively. The RDQ‐A optimization problem is decoupled in several sub‐problems and is implemented in phases corresponding to the aforementioned assignments, while efficient custom greedy algorithms are mobilized in each phase for obtaining the optimum assignment. Finally, indicative results from the application of the proposed functionality to a simulated network are presented. Copyright © 2006 John Wiley & Sons, Ltd.