共查询到20条相似文献,搜索用时 15 毫秒
1.
2.
Recently, the Erebus attack has proved to be a security threat to the blockchain network layer, and the existing research has faced challenges in detecting the Erebus attack on the blockchain network layer. The cloud-based active defense and one-sidedness detection strategies are the hindrances in detecting Erebus attacks. This study designs a detection approach by establishing a ReliefF_WMRmR-based two-stage feature selection algorithm and a deep learning-based multimodal classification detection model for Erebus attacks and responding to security threats to the blockchain network layer. The goal is to improve the performance of Erebus attack detection methods, by combining the traffic behavior with the routing status based on multimodal deep feature learning. The traffic behavior and routing status were first defined and used to describe the attack characteristics at diverse stages of s leak monitoring, hidden traffic overlay, and transaction identity forgery. The goal is to clarify how an Erebus attack affects the routing transfer and traffic state on the blockchain network layer. Consequently, detecting objects is expected to become more relevant and sensitive. A two-stage feature selection algorithm was designed based on ReliefF and weighted maximum relevance minimum redundancy (ReliefF_WMRmR) to alleviate the overfitting of the training model caused by redundant information and noise in multiple source features of the routing status and traffic behavior. The ReliefF algorithm was introduced to select strong correlations and highly informative features of the labeled data. According to WMRmR, a feature selection framework was defined to eliminate weakly correlated features, eliminate redundant information, and reduce the detection overhead of the model. A multimodal deep learning model was constructed based on the multilayer perceptron (MLP) to settle the high false alarm rates incurred by multisource data. Using this model, isolated inputs and deep learning were conducted on the selected routing status and traffic behavior. Redundant intermodal information was removed because of the complementarity of the multimodal network, which was followed by feature fusion and output feature representation to boost classification detection precision. The experimental results demonstrate that the proposed method can detect features, such as traffic data, at key link nodes and route messages in a real blockchain network environment. Additionally, the model can detect Erebus attacks effectively. This study provides novelty to the existing Erebus attack detection by increasing the accuracy detection by 1.05%, the recall rate by 2.01%, and the F1-score by 2.43%. 相似文献
3.
Muhammad Sajid Farooq Sagheer Abbas Atta-ur-Rahman Kiran Sultan Muhammad Adnan Khan Amir Mosavi 《计算机、材料和连续体(英文)》2023,74(2):2607-2623
The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection. 相似文献
4.
Amir Haider Muhammad Adnan Khan Abdur Rehman Muhib Ur Rahman Hyung Seok Kim 《计算机、材料和连续体(英文)》2021,66(2):1785-1805
In recent years, cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things (IoT) and the widespread development of computer infrastructure and systems. It is thus becoming particularly necessary to identify cyber-attacks or irregularities in the system and develop an efficient intrusion detection framework that is integral to security. Researchers have worked on developing intrusion detection models that depend on machine learning (ML) methods to address these security problems. An intelligent intrusion detection device powered by data can exploit artificial intelligence (AI), and especially ML, techniques. Accordingly, we propose in this article an intrusion detection model based on a Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System (RTS-DELM-CSIDS) security model. The proposed model initially determines the rating of security aspects contributing to their significance and then develops a comprehensive intrusion detection framework focused on the essential characteristics. Furthermore, we investigated the feasibility of our proposed RTS-DELM-CSIDS framework by performing dataset evaluations and calculating accuracy parameters to validate. The experimental findings demonstrate that the RTS-DELM-CSIDS framework outperforms conventional algorithms. Furthermore, the proposed approach has not only research significance but also practical significance. 相似文献
5.
Currently, the Internet of Things (IoT) is revolutionizing communication technology by facilitating the sharing of information between different physical devices connected to a network. To improve control, customization, flexibility, and reduce network maintenance costs, a new Software-Defined Network (SDN) technology must be used in this infrastructure. Despite the various advantages of combining SDN and IoT, this environment is more vulnerable to various attacks due to the centralization of control. Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service (DDoS) attacks, but they often lack mechanisms to mitigate their severity. This paper proposes a Multi-Attack Intrusion Detection System (MAIDS) for Software-Defined IoT Networks (SDN-IoT). The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms. First, a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets: the Network Security Laboratory Knowledge Discovery in Databases (NSL-KDD) and the Canadian Institute for Cybersecurity Intrusion Detection Systems (CICIDS2017), to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems. The algorithms evaluated include Extreme Gradient Boosting (XGBoost), K-Nearest Neighbor (KNN), Random Forest (RF), Support Vector Machine (SVM), and Logistic Regression (LR). Second, an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems (IDS) was developed to enable effective comparison between the datasets used in the development of the security scheme. The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system, with average accuracies of 99.88% and 99.89%, respectively. Furthermore, the proposed security scheme reduced the false alarm rate by 33.23%, which is a significant improvement over prevalent schemes. Finally, tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset, making it the best for IDS compared to the NSL-KDD dataset. 相似文献
6.
7.
Mavra Mehmood Talha Javed Jamel Nebhen Sidra Abbas Rabia Abid Giridhar Reddy Bojja Muhammad Rizwan 《计算机、材料和连续体(英文)》2022,70(1):91-107
Due to the widespread use of the internet and smart devices, various attacks like intrusion, zero-day, Malware, and security breaches are a constant threat to any organization's network infrastructure. Thus, a Network Intrusion Detection System (NIDS) is required to detect attacks in network traffic. This paper proposes a new hybrid method for intrusion detection and attack categorization. The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization. In the first step, the dataset is preprocessed through the data transformation technique and min-max method. Secondly, the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model's performance. Next, we use various Support Vector Machine (SVM) types to detect intrusion and the Adaptive Neuro-Fuzzy System (ANFIS) to categorize probe, U2R, R2U, and DDOS attacks. The validation of the proposed method is calculated through Fine Gaussian SVM (FGSVM), which is 99.3% for the binary class. Mean Square Error (MSE) is reported as 0.084964 for training data, 0.0855203 for testing, and 0.084964 to validate multiclass categorization. 相似文献
8.
Muhammad Adnan Khan Abdur Rehman Khalid Masood Khan Mohammed A. Al Ghamdi Sultan H. Almotiri 《计算机、材料和连续体(英文)》2021,66(1):467-480
Networks provide a significant function in everyday life, and cybersecurity therefore developed a critical field of study. The Intrusion detection system(IDS) becoming an essential information protection strategy that tracks the situation of the software and hardware operating on the network. Notwithstandingadvancements of growth, current intrusion detection systems also experience dif-ficulties in enhancing detection precision, growing false alarm levels and identifying suspicious activities. In order to address above mentioned issues, severalresearchers concentrated on designing intrusion detection systems that rely onmachine learning approaches. Machine learning models will accurately identifythe underlying variations among regular information and irregular informationwith incredible efficiency. Artificial intelligence, particularly machine learningmethods can be used to develop an intelligent intrusion detection framework.There in this article in order to achieve this objective, we propose an intrusiondetection system focused on a Deep extreme learning machine (DELM) whichfirst establishes the assessment of safety features that lead to their prominenceand then constructs an adaptive intrusion detection system focusing on the important features. In the moment, we researched the viability of our suggested DELMbased intrusion detection system by conducting dataset assessments and evaluating the performance factors to validate the system reliability. The experimentalresults illustrate that the suggested framework outclasses traditional algorithms.In fact, the suggested framework is not only of interest to scientific researchbut also of functional importance. 相似文献
9.
Pongsakorn Tatongjai Tossapon Boongoen Natthakan Iam-On Nitin Naik Longzhi Yang 《计算机、材料和连续体(英文)》2023,74(2):2479-2490
As more business transactions and information services have been implemented via communication networks, both personal and organization assets encounter a higher risk of attacks. To safeguard these, a perimeter defence like NIDS (network-based intrusion detection system) can be effective for known intrusions. There has been a great deal of attention within the joint community of security and data science to improve machine-learning based NIDS such that it becomes more accurate for adversarial attacks, where obfuscation techniques are applied to disguise patterns of intrusive traffics. The current research focuses on non-payload connections at the TCP (transmission control protocol) stack level that is applicable to different network applications. In contrary to the wrapper method introduced with the benchmark dataset, three new filter models are proposed to transform the feature space without knowledge of class labels. These ECT (ensemble clustering based transformation) techniques, i.e., ECT-Subspace, ECT-Noise and ECT-Combined, are developed using the concept of ensemble clustering and three different ensemble generation strategies, i.e., random feature subspace, feature noise injection and their combinations. Based on the empirical study with published dataset and four classification algorithms, new models usually outperform that original wrapper and other filter alternatives found in the literature. This is similarly summarized from the first experiment with basic classification of legitimate and direct attacks, and the second that focuses on recognizing obfuscated intrusions. In addition, analysis of algorithmic parameters, i.e., ensemble size and level of noise, is provided as a guideline for a practical use. 相似文献
10.
In network-based intrusion detection practices, there are more regular instances than intrusion instances. Because there is always a statistical imbalance in the instances, it is difficult to train the intrusion detection system effectively. In this work, we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances. Our technique mitigates the statistical imbalance in these instances. We also carried out an experiment on the training model by increasing the instances, thereby increasing the attack instances step by step up to 13 levels. The experiments included not only known attacks, but also unknown new intrusions. The results are compared with the existing studies from the literature, and show an improvement in accuracy, sensitivity, and specificity over previous studies. The detection rates for the remote-to-user (R2L) and user-to-root (U2L) categories are improved significantly by adding fewer instances. The detection of many intrusions is increased from a very low to a very high detection rate. The detection of newer attacks that had not been used in training improved from 9% to 12%. This study has practical applications in network administration to protect from known and unknown attacks. If network administrators are running out of instances for some attacks, they can increase the number of instances with rarely appearing instances, thereby improving the detection of both known and unknown new attacks. 相似文献
11.
Mohammed Altaf Ahmed Sara A Althubiti Dronamraju Nageswara Rao E. Laxmi Lydia Woong Cho Gyanendra Prasad Joshi Sung Won Kim 《计算机、材料和连续体(英文)》2022,73(3):4695-4711
Cyberattacks are developing gradually sophisticated, requiring effective intrusion detection systems (IDSs) for monitoring computer resources and creating reports on anomalous or suspicious actions. With the popularity of Internet of Things (IoT) technology, the security of IoT networks is developing a vital problem. Because of the huge number and varied kinds of IoT devices, it can be challenging task for protecting the IoT framework utilizing a typical IDS. The typical IDSs have their restrictions once executed to IoT networks because of resource constraints and complexity. Therefore, this paper presents a new Blockchain Assisted Intrusion Detection System using Differential Flower Pollination with Deep Learning (BAIDS-DFPDL) model in IoT Environment. The presented BAIDS-DFPDL model mainly focuses on the identification and classification of intrusions in the IoT environment. To accomplish this, the presented BAIDS-DFPDL model follows blockchain (BC) technology for effective and secure data transmission among the agents. Besides, the presented BAIDS-DFPDL model designs Differential Flower Pollination based feature selection (DFPFS) technique to elect features. Finally, sailfish optimization (SFO) with Restricted Boltzmann Machine (RBM) model is applied for effectual recognition of intrusions. The simulation results on benchmark dataset exhibit the enhanced performance of the BAIDS-DFPDL model over other models on the recognition of intrusions. 相似文献
12.
Mohammad Hafiz Mohd Yusof Abdullah Mohd Zin Nurhizam Safie Mohd Satar 《计算机、材料和连续体(英文)》2022,72(2):2445-2466
Due to polymorphic nature of malware attack, a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature of malware attacks. On the other hand, state-of-the-art methods like deep learning require labelled dataset as a target to train a supervised model. This is unlikely to be the case in production network as the dataset is unstructured and has no label. Hence an unsupervised learning is recommended. Behavioral study is one of the techniques to elicit traffic pattern. However, studies have shown that existing behavioral intrusion detection model had a few issues which had been parameterized into its common characteristics, namely lack of prior information (p (θ)), and reduced parameters (θ). Therefore, this study aims to utilize the previously built Feature Selection Model subsequently to design a Predictive Analytics Model based on Bayesian Network used to improve the analysis prediction. Feature Selection Model is used to learn significant label as a target and Bayesian Network is a sophisticated probabilistic approach to predict intrusion. Finally, the results are extended to evaluate detection, accuracy and false alarm rate of the model against the subject matter expert model, Support Vector Machine (SVM), k nearest neighbor (k-NN) using simulated and ground-truth dataset. The ground-truth dataset from the production traffic of one of the largest healthcare provider in Malaysia is used to promote realism on the real use case scenario. Results have shown that the proposed model consistently outperformed other models. 相似文献
13.
The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet. Bot detection using machine learning (ML) with flow-based features has been extensively studied in the literature. Existing flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features of malicious hosts. Recently, Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations, as graphs provide a real representation of network communications. The purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and ML. We propose BotSward, a graph-based bot detection system that is based on ML. We apply the efficient centrality measures, which are Closeness Centrality (CC), Degree Centrality (CC), and PageRank (PR), and compare them with others used in the state-of-the-art. The efficiency of the proposed method is verified on the available Czech Technical University 13 dataset (CTU-13). The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control (C&C) channel and that cause malicious actions such as phishing, distributed denial-of-service (DDoS) attacks, spam attacks, etc. BotSward is robust to zero-day attacks, suitable for large-scale datasets, and is intended to produce better accuracy than state-of-the-art techniques. The proposed BotSward solution achieved 99% accuracy in botnet attack detection with a false positive rate as low as 0.0001%. 相似文献
14.
The IT security of automotive systems is an evolving area of research. To analyse the current situation and the potentially growing tendency of arising threats we performed several practical tests on recent automotive technology. With a focus on automotive systems based on CAN bus technology, this article summarises the results of four selected tests performed on the control systems for the window lift, warning light and airbag control system as well as the central gateway. These results are supplemented in this article by a classification of these four attack scenarios using the established CERT taxonomy and an analysis of underlying security vulnerabilities, and especially, potential safety implications.With respect to the results of these tests, in this article we further discuss two selected countermeasures to address basic weaknesses exploited in our tests. These are adaptations of intrusion detection (discussing three exemplary detection patterns) and IT-forensic measures (proposing proactive measures based on a forensic model). This article discusses both looking at the four attack scenarios introduced before, covering their capabilities and restrictions. While these reactive approaches are short-term measures, which could already be added to today’s automotive IT architecture, long-term concepts also are shortly introduced, which are mainly preventive but will require a major redesign. Beneath a short overview on respective research approaches, we discuss their individual requirements, potential and restrictions. 相似文献
15.
为了在有限算法复杂度的基础上提高无线传感器网络的攻击检测率,提出了一种改进的支持向量机多类分类算法.该算法综合了稀疏型随机编码和Hadamard编码的特点,以汉明距离为评判依据,对节点采集的流量数据进行分类.结果表明,与单独的一对一、一对多及Hadamard算法相比,此改进型分类算法在五种攻击的正确率检测方面有较明显的优势,运算时间上比Hadamard算法减少了22%. 相似文献
16.
提出了一种基于CBAMTL-MobileNet V3的车载网络入侵检测方法。该方法使用轻量级模型MobileNet V3,减少其层数加快模型的训练和检测速度;将模型中的SE模块置换为注意力模块(CBAM)使模型更聚焦于特定特征,提高特征提取能力,进而提高检测攻击的精确度;引入迁移学习对模型权重进行微调,减少参数和内存资源的消耗,缩短了训练时间,使模型表现出更快的运算速度。仿真结果表明:所提模型的各项检测指标都优于MobileNet V3模型。与其他模型相比,所提模型既具备轻量级模型的高效性,同时又高于其他复杂模型的检测精度,识别各类别攻击的性能最优。 相似文献
17.
Jiyuan Liu Yingzhi Zeng Jiangyong Shi Yuexiang Yang Rui Wang Liangzhong He 《计算机、材料和连续体(英文)》2019,60(2):721-739
Recently, TLS protocol has been widely used to secure the application data carried in network traffic. It becomes more difficult for attackers to decipher messages through capturing the traffic generated from communications of hosts. On the other hand, malwares adopt TLS protocol when accessing to internet, which makes most malware traffic detection methods, such as DPI (Deep Packet Inspection), ineffective. Some literatures use statistical method with extracting the observable data fields exposed in TLS connections to train machine learning classifiers so as to infer whether a traffic flow is malware or not. However, most of them adopt the features based on the complete flow, such as flow duration, but seldom consider that the detection result should be given out as soon as possible. In this paper, we propose MalDetect, a structure of encrypted malware traffic detection. MalDetect only extracts features from approximately 8 packets (the number varies in different flows) at the beginning of traffic flows, which makes it capable of detecting malware traffic before the malware behaviors take practical impacts. In addition, observing that it is inefficient and time-consuming to re-train the offline classifier when new flow samples arrive, we deploy Online Random Forest in MalDetect. This enables the classifier to update its parameters in online mode and gets rid of the re-training process. MalDetect is coded in C++ language and open in Github. Furthermore, MalDetect is thoroughly evaluated from three aspects: effectiveness, timeliness and performance. 相似文献
18.
Raniyah Wazirali 《计算机、材料和连续体(英文)》2021,67(2):1429-1445
Intrusion detection system (IDS) techniques are used in cybersecurity to protect and safeguard sensitive assets. The increasing network security risks can be mitigated by implementing effective IDS methods as a defense mechanism. The proposed research presents an IDS model based on the methodology of the adaptive fuzzy k-nearest neighbor (FKNN) algorithm. Using this method, two parameters, i.e., the neighborhood size (k) and fuzzy strength parameter (m) were characterized by implementing the particle swarm optimization (PSO). In addition to being used for FKNN parametric optimization, PSO is also used for selecting the conditional feature subsets for detection. To proficiently regulate the indigenous and comprehensive search skill of the PSO approach, two control parameters containing the time-varying inertia weight (TVIW) and time-varying acceleration coefficients (TVAC) were applied to the system. In addition, continuous and binary PSO algorithms were both executed on a multi-core platform. The proposed IDS model was compared with other state-of-the-art classifiers. The results of the proposed methodology are superior to the rest of the techniques in terms of the classification accuracy, precision, recall, and f-score. The results showed that the proposed methods gave the highest performance scores compared to the other conventional algorithms in detecting all the attack types in two datasets. Moreover, the proposed method was able to obtain a large number of true positives and negatives, with minimal number of false positives and negatives. 相似文献
19.
Mohammed Maray Hamed Alqahtani Saud S. Alotaibi Fatma S. Alrayes Nuha Alshuqayran Mrim M. Alnfiai Amal S. Mehanna Mesfer Al Duhayyim 《计算机、材料和连续体(英文)》2023,74(2):3101-3115
Cloud Computing (CC) is the most promising and advanced technology to store data and offer online services in an effective manner. When such fast evolving technologies are used in the protection of computer-based systems from cyberattacks, it brings several advantages compared to conventional data protection methods. Some of the computer-based systems that effectively protect the data include Cyber-Physical Systems (CPS), Internet of Things (IoT), mobile devices, desktop and laptop computer, and critical systems. Malicious software (malware) is nothing but a type of software that targets the computer-based systems so as to launch cyber-attacks and threaten the integrity, secrecy, and accessibility of the information. The current study focuses on design of Optimal Bottleneck driven Deep Belief Network-enabled Cybersecurity Malware Classification (OBDDBN-CMC) model. The presented OBDDBN-CMC model intends to recognize and classify the malware that exists in IoT-based cloud platform. To attain this, Z-score data normalization is utilized to scale the data into a uniform format. In addition, BDDBN model is also exploited for recognition and categorization of malware. To effectually fine-tune the hyperparameters related to BDDBN model, Grasshopper Optimization Algorithm (GOA) is applied. This scenario enhances the classification results and also shows the novelty of current study. The experimental analysis was conducted upon OBDDBN-CMC model for validation and the results confirmed the enhanced performance of OBDDBN-CMC model over recent approaches. 相似文献
20.
Detection of unknown attacks like a zero-day attack is a research field that has long been studied. Recently, advances in Machine Learning (ML) and Artificial Intelligence (AI) have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully. Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks. Although anomaly detection is adequate for detecting unknown attacks, its disadvantage is the possibility of high false alarms. Misuse detection has low false alarms; its limitation is that it can detect only known attacks. To overcome such limitations, many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques. This method can overcome the limitations of conventional methods and works better in detecting unknown attacks. However, this method does not accurately classify attacks like similar to normal or known attacks. Therefore, we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks. In anomaly detection, the model was designed to perform normal detection using Fuzzy c-means (FCM) and identify attacks hidden in normal predicted data using relabeling. In misuse detection, the model was designed to detect previously known attacks using Classification and Regression Trees (CART) and apply Isolation Forest (iForest) to classify unknown attacks hidden in known attacks. As an experiment result, the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11% and enhanced the performance of unknown attack detection in misuse detection by approximately 10%. 相似文献