Semi-supervised machine learning approach for DDoS detection

Even though advanced Machine Learning (ML) techniques have been adopted for DDoS detection, the attack remains a major threat of the Internet. Most of the existing ML-based DDoS detection approaches are under two categories: supervised and unsupervised. Supervised ML approaches for DDoS detection rely on availability of labeled network traffic datasets. Whereas, unsupervised ML approaches detect attacks by analyzing the incoming network traffic. Both approaches are challenged by large amount of network traffic data, low detection accuracy and high false positive rates. In this paper we present an online sequential semi-supervised ML approach for DDoS detection based on network Entropy estimation, Co-clustering, Information Gain Ratio and Exra-Trees algorithm. The unsupervised part of the approach allows to reduce the irrelevant normal traffic data for DDoS detection which allows to reduce false positive rates and increase accuracy. Whereas, the supervised part allows to reduce the false positive rates of the unsupervised part and to accurately classify the DDoS traffic. Various experiments were performed to evaluate the proposed approach using three public datasets namely NSL-KDD, UNB ISCX 12 and UNSW-NB15. An accuracy of 98.23%, 99.88% and 93.71% is achieved for respectively NSL-KDD, UNB ISCX 12 and UNSW-NB15 datasets, with respectively the false positive rates 0.33%, 0.35% and 0.46%.     

A hybrid machine learning approach for detecting unprecedented DDoS attacks

Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attacks. However, they are almost incapable of detecting unknown malicious traffic. This paper proposes a novel method combining both supervised and unsupervised algorithms. First, a clustering algorithm separates the anomalous traffic from the normal data using several flow-based features. Then, using certain statistical measures, a classification algorithm is used to label the clusters. Employing a big data processing framework, we evaluate the proposed method by training on the CICIDS2017 dataset and testing on a different set of attacks provided in the more up-to-date CICDDoS2019. The results demonstrate that the Positive Likelihood Ratio (LR+) of our method is approximately 198% higher than the ML classification algorithms.

     

A new machine learning-based method for android malware detection on imbalanced dataset

Nowadays, malware applications are dangerous threats to Android devices, users, developers, and application stores. Researchers are trying to discover new methods for malware detection because the complexity of malwares, their continuous changes, and damages caused by their attacks have increased. One of the most important challenges in detecting malware is to have a balanced dataset. In this paper, a detection method is proposed to identify malware to improve accuracy and reduce error rates by preprocessing the used dataset and balancing it. To attain these purposes, the static analysis is used to extract features of the applications. The ranking methods of features are used to preprocess the feature set and the low-effective features are removed. The proposed method also balances the dataset by using the techniques of undersampling, the Synthetic Minority Oversampling Technique (SMOTE), and a combination of both methods, which have not yet been studied among detection methods. Then, the classifiers of K-Nearest Neighbor (KNN), Support Vector Machine, and Iterative Dichotomiser 3 are used to create the detection model. The performance of KNN with SMOTE is better than the performance of the other classifiers. The obtained results indicate that the criteria of precision, recall, accuracy, F-measure, and Matthews Correlation Coefficient are over 97%. The proposed method is effective in detecting 99.49% of the malware’s existing in the used dataset and new malware.

     

The DDoS attacks detection through machine learning and statistical methods in SDN

The Journal of Supercomputing - The distributed denial-of-service (DDoS) attack is a security challenge for the software-defined network (SDN). The different limitations of the existing DDoS...     

Empirical assessment of machine learning-based malware detectors for Android

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild—raises one important question: How do state-of-the-art approaches perform in the wild?     

An integrated perturbation analysis and Sequential Quadratic Programming approach for Model Predictive Control

Computationally efficient algorithms are critical in making Model Predictive Control (MPC) applicable to broader classes of systems with fast dynamics and limited computational resources. In this paper, we propose an integrated formulation of Perturbation Analysis and Sequential Quadratic Programming (InPA-SQP) to address the constrained optimal control problems. The proposed algorithm combines the complementary features of perturbation analysis and SQP in a single unified framework, thereby leading to improved computational efficiency and convergence property. A numerical example is reported to illustrate the proposed method and its computational effectiveness.     

Automated steel surface defect detection and classification using a new deep learning-based approach

Neural Computing and Applications - In this study, a new deep learning-based approach has been developed that detects and classifies surface defects that occur in the steel production process. The...     

A study of machine learning-based models for detection,control, and mitigation of cyberbullying in online social media

International Journal of Information Security - Online social media (OSM) is an integral part of human life these days. Significantly, the young generation spends most of their time on social media...     

Machine learning-based novelty detection for faulty wafer detection in semiconductor manufacturing

Since semiconductor manufacturing consists of hundreds of processes, a faulty wafer detection system, which allows for earlier detection of faulty wafers, is required. statistical process control (SPC) and virtual metrology (VM) have been used to detect faulty wafers. However, there are some limitations in that SPC requires linear, unimodal and single variable data and VM underestimates the deviations of predictors. In this paper, seven different machine learning-based novelty detection methods were employed to detect faulty wafers. The models were trained with Fault Detection and Classification (FDC) data to detect wafers having faulty metrology values. The real world semiconductor manufacturing data collected from a semiconductor fab were tested. Since the real world data have more than 150 input variables, we employed three different dimensionality reduction methods. The experimental results showed a high True Positive Rate (TPR). These results are promising enough to warrant further study.     

Machine learning-based framework for saliency detection in distorted images

Multimedia Tools and Applications - Visual saliency detection is useful in carrying out image compression, image segmentation, image retrieval, and other image processing applications. Majority of...     

Denoised P300 and machine learning-based concealed information test method

In this paper, a novel P300-based concealed information test (CIT) method was proposed to improve the efficiency of differentiating deception and truth-telling. Thirty subjects including the guilty and innocent performed the paradigm based on three types of stimuli. In order to reduce the influence from the occasional variability of cognitive states on the CIT, several single-trials from Pz in probe stimuli within each subject were first averaged. Then the three groups of features were extracted from these averaged single-trials. Finally, two classes of feature samples were used to train a support vector machine (SVM) classifier. Meanwhile, the optimal number of averaged Pz waveforms and some other parameter values in the classifiers were determined by the cross validation procedures. Results show that if choosing accuracy of 90% as a detecting standard of P3 component to classify a subject's status (guilty or innocent), our method can achieve individual diagnostic rate of 100%. The individual diagnostic rate of our method was higher than the results of the other related reports. The presented method improves efficiency of CIT, and is more practical, lower fatigue and less countermeasure behavior in comparison with previous report methods, which could extend the laboratory study to the practical application.     

An approach for detecting and preventing DDoS attacks in campus

Nowadays, Denial of Service (DoS) attacks have become a major security threat to networks and the Internet. Therefore, even a naive hacker can launch a large-scale DoS attack to the victim from providing Internet services. This article deals with the evaluation of the Snort IDS in terms of packet processing performance and detection. This work describes the aspect involved in building campus network security system and then evaluates the campus network security risks and threats, mainly analyses the attacks DoS and DDoS, and puts forward new approach for Snort campus network security solutions. The objective is to analyze the functional advantages of the solution, deployment and configuration of the open source based on Snort intrusion detection system. The evaluation metrics are defined using Snort namely comparison between basic rules with new ones, available bandwidth, CPU loading and memory usage.     

Benchmarking performance of machine and deep learning-based methodologies for Urdu text document classification

Neural Computing and Applications - In order to provide benchmark performance for Urdu text document classification, the contribution of this paper is manifold. First, it provides a publicly...     

An integrated approach for remote manipulation of a high-performance reconfigurable parallel kinematic machine

Flexible and effective manipulation is important and meaningful for the further development and applications of parallel manipulators in the industrial fields, especially for high-performance manufacturing. Web-based manufacturing has emerged as an alternative manufacturing technology in a distributed environment. In this paper, an integrated approach is proposed for remote manipulation of the reconfigurable parallel kinematic machine (RPKM) based on sensor-driven Wise-ShopFloor framework. The concept of Wise-ShopFloor integrates the modules of detailed architecture design, module interactions, sensor data utilization and model predictive control. In order to demonstrate the efficiency of this novel methodology, an example of a five degrees-of-freedom (DOF) RPKM is developed for surface finishing. The reconfigurability, the necessary kinematic analysis, and the performance mapping of the 5-DOF RPKM are conducted so as to implement the proposed approach.     

A novel transfer learning-based short-term solar forecasting approach for India

Neural Computing and Applications - Deep learning models in recent times have shown promising results for solar energy forecasting. Solar energy depends heavily on local weather conditions, and as...     

Reinforcement learning-based group navigation approach for multiple autonomous robotic systems

In several complex applications, the use of multiple autonomous robotic systems (ARS) becomes necessary to achieve different tasks, such as foraging and transport of heavy and large objects, with less cost and more efficiency. They have to achieve a high level of flexibility, adaptability and efficiency in real environments. In this paper, a reinforcement learning (RL)-based group navigation approach for multiple ARS is suggested. Indeed, the robots must have the ability to form geometric figures and navigate without collisions while maintaining the formation. Thus, each robot must learn how to take its place in the formation, and avoid obstacles and other ARS from its interaction with the environment. This approach must provide ARS with the capability to acquire the group navigation approach among several ARS from elementary behaviors by learning with trialand-error search. Then, simulation results display the ability of the suggested approach to provide ARS with capability to navigate in a group formation in dynamic environments. With its cooperative behavior, this approach makes ARS able to work together to successfully fulfill the desired task.     

Deep learning-based algorithm for vehicle detection in intelligent transportation systems

The Journal of Supercomputing - Object detection is an essential technology in the computer vision domain and plays a vital role in intelligent transportation. Intelligent vehicles utilize object...     

Evaluation of machine learning-based information extraction algorithms: criticisms and recommendations

We survey the evaluation methodology adopted in information extraction (IE), as defined in a few different efforts applying machine learning (ML) to IE. We identify a number of critical issues that hamper comparison of the results obtained by different researchers. Some of these issues are common to other NLP-related tasks: e.g., the difficulty of exactly identifying the effects on performance of the data (sample selection and sample size), of the domain theory (features selected), and of algorithm parameter settings. Some issues are specific to IE: how leniently to assess inexact identification of filler boundaries, the possibility of multiple fillers for a slot, and how the counting is performed. We argue that, when specifying an IE task, these issues should be explicitly addressed, and a number of methodological characteristics should be clearly defined. To empirically verify the practical impact of the issues mentioned above, we perform a survey of the results of different algorithms when applied to a few standard datasets. The survey shows a serious lack of consensus on these issues, which makes it difficult to draw firm conclusions on a comparative evaluation of the algorithms. Our aim is to elaborate a clear and detailed experimental methodology and propose it to the IE community. Widespread agreement on this proposal should lead to future IE comparative evaluations that are fair and reliable. To demonstrate the way the methodology is to be applied we have organized and run a comparative evaluation of ML-based IE systems (the Pascal Challenge on ML-based IE) where the principles described in this article are put into practice. In this article we describe the proposed methodology and its motivations. The Pascal evaluation is then described and its results presented.