An anomaly intrusion detection method using fourier transform

A set of discrete points obtained from audit records on a behavior session is processed with Fourier transform. The criterion of selecting Fourier transform coefficients is introduced, and is used to find a unified value from the set of coefficients. This unified value is compared with a threshold to determine whether the session is abnormal. Finally simple test results are reported.     

Artificial intelligence based ensemble approach for intrusion detection systems

Internet attacks pose a severe threat to most of the online resources and are a prime concern of security administrators these days. In spite of many efforts, the security techniques are unable to detect the intrusions accurately. Most of the methods suffer from the limitations of a high false positive rate, low detection rate and provide one solution which lacks the classification trade-offs. In this work, an effective two-stage method is proposed to produce a pool of non-dominating solutions or Pareto optimal solutions as base models and their ensembles for detecting the intrusions accurately. It generates Pareto optimal solutions to a chromosome structure in stage 1 formulating Pareto front. Whereas, another approximation to the Pareto front of optimal solutions is made to obtain non-dominating ensembles in the second stage. The final prediction ensemble solutions are computed from individual predictions using majority voting approach. Applicability of the suggested method is validated using benchmark dataset NSL-KDD dataset. The experimental results show that the recommended method provides better results than conventional ensemble techniques. The recommended method is also adequate to generate Pareto optimal solutions that address the issue of improving detection accuracy for minority as well as majority attack classes along with handling classification tradeoff problem. The proposed method resulted detection accuracy of 97% with FPR of 2% for KDD dataset respectively. The most attractive feature of the proposed method is that both generation of base classifier and their ensemble thereof are multi-objective in nature addressing the issue of low detection accuracy and classification tradeoffs.     

Design and analysis of intrusion detection systems for wireless mesh networks

Intrusion is any unwanted activity that can disrupt the normal functions of wired or wireless networks. Wireless mesh networking technology has been pivotal in providing an affordable means to deploy a network and allow omnipresent access to users on the Internet. A multitude of emerging public services rely on the widespread, high-speed, and inexpensive connectivity provided by such networks. The absence of a centralized network infrastructure and open shared medium makes WMNs particularly susceptible to malevolent attacks, especially in multihop networks. Hence, it is becoming increasingly important to ensure privacy, security, and resilience when designing such networks. An effective method to detect possible internal and external attack vectors is to use an intrusion detection system. Although many Intrusion Detection Systems (IDSs) were proposed for Wireless Mesh Networks (WMNs), they can only detect intrusions in a particular layer. Because WMNs are vulnerable to multilayer security attacks, a cross-layer IDS are required to detect and respond to such attacks. In this study, we analyzed cross-layer IDS options in WMN environments. The main objective was to understand how such schemes detect security attacks at several OSI layers. The suggested IDS is verified in many scenarios, and the experimental results show its efficiency.     

A lightweight intrusion detection framework for wireless sensor networks

In recent years, Wireless Sensor Networks (WSNs) have demonstrated successful applications for both civil and military tasks. However, sensor networks are susceptible to multiple types of attacks because they are randomly deployed in open and unprotected environments. It is necessary to utilize effective mechanisms to protect sensor networks against multiple types of attacks on routing protocols. In this paper, we propose a lightweight intrusion detection framework integrated for clustered sensor networks. Furthermore, we provide algorithms to minimize the triggered intrusion modules in clustered WSNs by using an over‐hearing mechanism to reduce the sending alert packets. Our scheme can prevent most routing attacks on sensor networks. In in‐depth simulation, the proposed scheme shows less energy consumption in intrusion detection than other schemes. Copyright © 2009 John Wiley & Sons, Ltd.     

Image inpainting using scene constraints

Recent deep learning-based inpainting methods have shown significant improvements and generate plausible images. However, most of these methods may either synthesis unrealistic and blurry texture details or fail to capture object semantics. Furthermore, they employ huge models with inefficient mechanisms such as attention. Motivated by these observations, we propose a new end-to-end generative-based multi-stage architecture for image inpainting. Specifically, our model exploits the segmentation labels predictions to robustly reconstruct the object boundaries and avoid blurry or semantically incorrect images. Meanwhile, it employs edges predictions to recover the image structure. Different than previous approaches, we do not predict the segmentation labels/edges from the corrupted image. Instead, we employ a coarse image that contains more valuable global structure data. We conduct a set of extensive experiments to investigate the impact of merging these auxiliary pieces of information. Experiments show that our computationally efficient model achieves competitive qualitative and quantitative results compared to the state-of-the-art methods on multiple datasets.     

A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder

The attacks on in-vehicle Controller Area Network (CAN) bus messages severely disrupt normal communication between vehicles. Therefore, researches on intrusion detection models for CAN have positive business value for vehicle security, and the intrusion detection technology for CAN bus messages can effectively protect the in-vehicle network from unlawful attacks. Previous machine learning-based models are unable to effectively identify intrusive abnormal messages due to their inherent shortcomings. Hence, to address the shortcomings of the previous machine learning-based intrusion detection technique, we propose a novel method using Attention Mechanism and AutoEncoder for Intrusion Detection (AMAEID). The AMAEID model first converts the raw hexadecimal message data into binary format to obtain better input. Then the AMAEID model encodes and decodes the binary message data using a multi-layer denoising autoencoder model to obtain a hidden feature representation that can represent the potential features behind the message data at a deeper level. Finally, the AMAEID model uses the attention mechanism and the fully connected layer network to infer whether the message is an abnormal message or not. The experimental results with three evaluation metrics on a real in-vehicle CAN bus message dataset outperform some traditional machine learning algorithms, demonstrating the effectiveness of the AMAEID model.     

SVELTE: Real-time intrusion detection in the Internet of Things

In the Internet of Things (IoT), resource-constrained things are connected to the unreliable and untrusted Internet via IPv6 and 6LoWPAN networks. Even when they are secured with encryption and authentication, these things are exposed both to wireless attacks from inside the 6LoWPAN network and from the Internet. Since these attacks may succeed, Intrusion Detection Systems (IDS) are necessary. Currently, there are no IDSs that meet the requirements of the IPv6-connected IoT since the available approaches are either customized for Wireless Sensor Networks (WSN) or for the conventional Internet.In this paper we design, implement, and evaluate a novel intrusion detection system for the IoT that we call SVELTE. In our implementation and evaluation we primarily target routing attacks such as spoofed or altered information, sinkhole, and selective-forwarding. However, our approach can be extended to detect other attacks. We implement SVELTE in the Contiki OS and thoroughly evaluate it. Our evaluation shows that in the simulated scenarios, SVELTE detects all malicious nodes that launch our implemented sinkhole and/or selective forwarding attacks. However, the true positive rate is not 100%, i.e., we have some false alarms during the detection of malicious nodes. Also, SVELTE’s overhead is small enough to deploy it on constrained nodes with limited energy and memory capacity.     

Generative detect for occlusion object based on occlusion generation and feature completing

Detecting the object with external occlusion has always been a hot topic in computer version, while its accuracy is always limited due to the loss of original object information and increase of new occlusion noise. In this paper, we propose a occluded object detection algorithm named GC-FRCN (Generative feature completing Faster RCNN), which consists of the OSGM (Occlusion Sample Generation Module) and OSIM (Occlusion Sample Inpainting Module). Specifically, the OSGM mines and discards the feature points with high category response on the feature map to enhance the richness of occlusion scenes in the training data set. OSIM learns an implicit mapping relationship from occluded feature map to real feature map adversarially, which aims at improving feature quality by repair the noisy object feature. Extensive experiments and ablation studies have been conducted on four different datasets. All the experiments demonstrate the GC-FRCN can effectively detect objects with local external occlusion and has good robustness for occlusion at different scales.     

Threshold-based intrusion detection in ad hoc networks and secure AODV

Mobile ad hoc networks (MANETs) play an important role in connecting devices in pervasive environments. MANETs provide inexpensive and versatile communication, yet several challenges remain in addressing their security. So far, numerous schemes have been proposed for secure routing and intrusion detection, with only simulations to validate them; little work exists, in implementing such schemes on small handheld devices. In this paper, we present our approach of securing a MANET using a threshold-based intrusion detection system and a secure routing protocol. We present a proof-of-concept implementation of our IDS deployed on handheld devices and in a MANET testbed connected by a secure version of AODV over IPv6 – SecAODV. While the IDS helps detect attacks on data traffic, SecAODV incorporates security features of non-repudiation and authentication, without relying on the availability of a Certificate Authority (CA) or a Key Distribution Center (KDC). We present the design and implementation details of our system, the practical considerations involved, and how these mechanisms can be used to detect and thwart malicious attacks.     

Detection of GAN generated image using color gradient representation

With the development of generative adversarial network (GANs) technology, the technology of GAN generates images has evolved dramatically. Distinguishing these GAN generated images is challenging for the human eye. Moreover, the GAN generated fake images may cause some behaviors that endanger society and bring great security problems to society. Research on GAN generated image detection is still in the exploratory stage and many challenges remain. Motivated by the above problem, we propose a novel GAN image detection method based on color gradient analysis. We consider the difference in color information between real images and GAN generated images in multiple color spaces, and combined the gradient information and the directional texture information of the generated images to extract the gradient texture features for GAN generated images detection. Experimental results on PGGAN and StyleGAN2 datasets demonstrate that the proposed method achieves good performance, and is robust to other various perturbation attacks.     

Joint image-to-image translation with denoising using enhanced generative adversarial networks

Impressive progress has been made recently in image-to-image translation using generative adversarial networks (GANs). However, existing methods often fail in translating source images with noise to target domain. To address this problem, we joint image-to-image translation with image denoising and propose an enhanced generative adversarial network (EGAN). In particular, built upon pix2pix, we introduce residual blocks in the generator network to capture deeper multi-level information between source and target image distribution. Moreover, a perceptual loss is proposed to enhance the performance of image-to-image translation. As demonstrated through extensive experiments, our proposed EGAN can alleviate effects of noise in source images, and outperform other state-of-the-art methods significantly. Furthermore, we experimentally indicate that the proposed EGAN is also effective when applied to image denoising.     

Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.     

Detecting spatiotemporal irregularities in videos via a 3D convolutional autoencoder

Spatiotemporal irregularities (i.e., the uncommon appearance and motion patterns) in videos are difficult to detect, as they are usually not well defined and appear rarely in videos. We tackle this problem by learning normal patterns from regular videos, while treating irregularities as deviations from normal patterns. To this end, we introduce a 3D fully convolutional autoencoder (3D-FCAE) that is trainable in an end-to-end manner to detect both temporal and spatiotemporal irregularities in videos using limited training data. Subsequently, temporal irregularities can be detected as frames with high reconstruction errors, and irregular spatiotemporal patterns can be detected as blurry regions that are not well reconstructed. Our approach can accurately locate temporal and spatiotemporal irregularities thanks to the 3D fully convolutional autoencoder and the explored effective architecture. We evaluate the proposed autoencoder for detecting irregular patterns on benchmark video datasets with weak supervision. Comparisons with state-of-the-art approaches demonstrate the effectiveness of our approach. Moreover, the learned autoencoder shows good generalizability across multiple datasets.     

An FPGA-based network intrusion detection system with on-chip network interfaces

Network intrusion detection systems (NIDS) are critical network security tools that help protect computer installations from malicious users. Traditional software-based NIDS architectures are becoming strained as network data rates increase and attacks intensify in volume and complexity. In recent years, researchers have proposed using FPGAs to perform the computationally-intensive components of intrusion detection analysis. In this work, we present a new NIDS architecture that integrates the network interface hardware and packet analysis hardware into a single FPGA chip. This integration enables a higher performance and more flexible NIDS platform. To demonstrate the benefits of this technique, we have implemented a complete and functional NIDS in a Xilinx Virtex II Pro FPGA that performs in-line packet analysis and filtering on multiple Gigabit Ethernet links using rules from the open-source Snort attack database.     

Collaborative techniques for intrusion detection in mobile ad-hoc networks

In this paper, we present two intrusion detection techniques for mobile ad-hoc networks, which use collaborative efforts of nodes in a neighborhood to detect a malicious node in that neighborhood. The first technique is designed for detection of malicious nodes in a neighborhood of nodes in which each pair of nodes in the neighborhood are within radio range of each other. Such a neighborhood of nodes is known as a clique [12]. The second technique is designed for detection of malicious nodes in a neighborhood of nodes, in which each pair of nodes may not be in radio range of each other but where there is a node among them which has all the other nodes in its one-hop vicinity. This neighborhood is identical to a cluster as mentioned in [12]. Both techniques use message passing between the nodes. A node called the monitor node initiates the detection process. Based on the messages that it receives during the detection process, each node determines the nodes it suspects to be malicious and send votes to the monitor node. The monitor node upon inspecting the votes determines the malicious nodes from among the suspected nodes. Our intrusion detection system is independent of any routing protocol. We give the proof of correctness of the first algorithm, which shows that it correctly detects the malicious nodes always when there is no message loss. We also show with the help of simulations that both the algorithms give good performance even when there are message losses arising due to unreliable channel.     

Video anomaly detection using CycleGan based on skeleton features

Anomaly detection is a challenging task in the field of intelligent video surveillance. It aims to identify anomalous events by monitoring the video captured by visual sensors. The main difficulty of this task is that the definition of anomalies is ambiguous. In recent years, most anomaly detection methods use a two-stage learning strategy, i.e., feature extraction and model building. In this paper, with the idea of refactoring, we propose an end-to-end anomaly detection framework using cyclic consistent adversarial networks (CycleGAN). Dynamic skeleton features are used as network constraints to alleviate the inaccuracy of feature extraction algorithms of a single generative adversarial network. In the training phase, only normal video frames and the corresponding skeleton features are used to train the generator and discriminator. In the testing phase, anomalous behaviors with high reconstruction errors can be filtered out by manually set thresholds. To the best of our knowledge, this is the first time CycleGAN has been used for video anomaly detection. Experimental results on challenging datasets show that our method can accurately detect anomalous behaviors in videos collected by video surveillance systems and is comparable to the current state-of-the-art methods.     

NETWORK INTRUSION DETECTION METHOD BASED ON RS-MSVM

A new method called RS-MSVM （Rough Set and Multi-class Support Vector Machine） is proposed for network intrusion detection. This method is based on rough set followed by MSVM for attribute reduction and classification respectively, The number of attributes of the network data used in this paper is reduced from 41 to 30 using rough set theory. The kernel function of HVDM-RBF （Heterogeneous Value Difference Metric Radial Basis Function）, based on the heterogeneous value difference metric of heterogeneous datasets, is constructed for the heterogeneous network data. HVDM-RBF and one-against-one method are applied to build MSVM. DARPA （Defense Advanced Research Projects Agency） intrusion detection evaluating data were used in the experiment. The testing results show that our method outperforms other methods mentioned in this paper on six aspects： detection accuracy, number of support vectors, false positive rate, falsc negative rate, training time and testing time.     

基于Dempster-Shafer理论的GHSOM入侵检测方法

结合证据推理DS理论,提出了基于Dempster-Shafer理论的GHSOM神经网络入侵检测方法,一方面处理数据不确定性中的随机性和模糊性问题,可以在噪音环境下保持良好的检测率,此外通过证据融合理论缩小数据集,有效控制网络的动态增长。实验结果表明,基于Dempster-Shafer理论的GHSOM入侵检测方法实现了对子网拓展规模在检测中的动态控制,提升了在网络规模不断扩展时的动态适应性,在噪音环境下具有良好的检测准确率,提升了GHSOM入侵检测方法的扩展性。     

基于特征的入侵检测系统的评估新方法

为了提高评估的准确性，对基于特征的IDS的检测原理进行分析，提出分别评估规则库质量和IDS系统能力的原则。给出评估IDS系统能力的方法，该方法把人工知识视为评估参数，因此结论反映IDS实现的质量。重点讨论系统能力的测度定义，并简单介绍测度计算的总体思路。实验结果表明该方法更能反映基于特征的IDS的真实质量。