Performance Anomaly Detection in Web Services: An RNN- Based Approach Using Dynamic Quality of Service Features

Performance anomaly detection is the process of identifying occurrences that do not conform to expected behavior or correlate with other incidents or events in time series data. Anomaly detection has been applied to areas such as fraud detection, intrusion detection systems, and network systems. In this paper, we propose an anomaly detection framework that uses dynamic features of quality of service that are collected in a simulated setup. Three variants of recurrent neural networks-SimpleRNN, long short term memory, and gated recurrent unit are evaluated. The results reveal that the proposed method effectively detects anomalies in web services with high accuracy. The performance of the proposed anomaly detection framework is superior to that of existing approaches using maximum accuracy and detection rate metrics.     

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works     

Internet of Things Based Solutions for Transport Network Vulnerability Assessment in Intelligent Transportation Systems

Intelligent Transportation System (ITS) is essential for effective identification of vulnerable units in the transport network and its stable operation. Also, it is necessary to establish an urban transport network vulnerability assessment model with solutions based on Internet of Things (IoT). Previous research on vulnerability has no congestion effect on the peak time of urban road network. The cascading failure of links or nodes is presented by IoT monitoring system, which can collect data from a wireless sensor network in the transport environment. The IoT monitoring system collects wireless data via Vehicle-to-Infrastructure (V2I) channels to simulate key segments and their failure probability. Finally, the topological structure vulnerability index and the traffic function vulnerability index of road network are extracted from the vulnerability factors. The two indices are standardized by calculating the relative change rate, and the comprehensive index of the consequence after road network unit is in a failure state. Therefore, by calculating the failure probability of road network unit and comprehensive index of road network unit in failure state, the comprehensive vulnerability of road network can be evaluated by a risk calculation formula. In short, the IoT-based solutions to the new vulnerability assessment can help road network planning and traffic management departments to achieve the ITS goals.     

Intrusion Detection Based on Bidirectional Long Short-Term Memory with Attention Mechanism

With the recent developments in the Internet of Things (IoT), the amount of data collected has expanded tremendously, resulting in a higher demand for data storage, computational capacity, and real-time processing capabilities. Cloud computing has traditionally played an important role in establishing IoT. However, fog computing has recently emerged as a new field complementing cloud computing due to its enhanced mobility, location awareness, heterogeneity, scalability, low latency, and geographic distribution. However, IoT networks are vulnerable to unwanted assaults because of their open and shared nature. As a result, various fog computing-based security models that protect IoT networks have been developed. A distributed architecture based on an intrusion detection system (IDS) ensures that a dynamic, scalable IoT environment with the ability to disperse centralized tasks to local fog nodes and which successfully detects advanced malicious threats is available. In this study, we examined the time-related aspects of network traffic data. We presented an intrusion detection model based on a two-layered bidirectional long short-term memory (Bi-LSTM) with an attention mechanism for traffic data classification verified on the UNSW-NB15 benchmark dataset. We showed that the suggested model outperformed numerous leading-edge Network IDS that used machine learning models in terms of accuracy, precision, recall and F1 score.     

Robust Attack Detection Approach for IIoT Using Ensemble Classifier

Generally, the risks associated with malicious threats are increasing for the Internet of Things (IoT) and its related applications due to dependency on the Internet and the minimal resource availability of IoT devices. Thus, anomaly-based intrusion detection models for IoT networks are vital. Distinct detection methodologies need to be developed for the Industrial Internet of Things (IIoT) network as threat detection is a significant expectation of stakeholders. Machine learning approaches are considered to be evolving techniques that learn with experience, and such approaches have resulted in superior performance in various applications, such as pattern recognition, outlier analysis, and speech recognition. Traditional techniques and tools are not adequate to secure IIoT networks due to the use of various protocols in industrial systems and restricted possibilities of upgradation. In this paper, the objective is to develop a two-phase anomaly detection model to enhance the reliability of an IIoT network. In the first phase, SVM and Naïve Bayes, are integrated using an ensemble blending technique. K-fold cross-validation is performed while training the data with different training and testing ratios to obtain optimized training and test sets. Ensemble blending uses a random forest technique to predict class labels. An Artificial Neural Network (ANN) classifier that uses the Adam optimizer to achieve better accuracy is also used for prediction. In the second phase, both the ANN and random forest results are fed to the model’s classification unit, and the highest accuracy value is considered the final result. The proposed model is tested on standard IoT attack datasets, such as WUSTL_IIOT-2018, N_BaIoT, and Bot_IoT. The highest accuracy obtained is 99%. A comparative analysis of the proposed model using state-of-the-art ensemble techniques is performed to demonstrate the superiority of the results. The results also demonstrate that the proposed model outperforms traditional techniques and thus improves the reliability of an IIoT network.     

基于逻辑回归模型的流量异常检测方法研究

网络流量作为异常检测的基本数据源,其行为特征的准确描述,是网络异常行为实时检测的重要依据.本文针对流量异常检测问题,提出了一种基于逻辑回归模型的网络流量异常检测方法.通过分析源IP、目的 IP等多个网络流量基本特征,构造了网络异常行为和正常行为的训练机,并且在此基础上采用逻辑回归建立起网络异常流量挖掘模型.利用实验室所采集的真实网络流量对所构建的模型进行检测,以验证该模型的有效性.实验结果表明本文所建立的网络模型在异常流量挖掘方面准确度高、实时性好.     

Optimized Energy Efficient Strategy for Data Reduction Between Edge Devices in Cloud-IoT

Numerous Internet of Things (IoT) systems produce massive volumes of information that must be handled and answered in a quite short period. The growing energy usage related to the migration of data into the cloud is one of the biggest problems. Edge computation helps users unload the workload again from cloud near the source of the information that must be handled to save time, increase security, and reduce the congestion of networks. Therefore, in this paper, Optimized Energy Efficient Strategy (OEES) has been proposed for extracting, distributing, evaluating the data on the edge devices. In the initial stage of OEES, before the transmission state, the data gathered from edge devices are supported by a fast error like reduction that is regarded as the largest energy user of an IoT system. The initial stage is followed by the reconstructing and the processing state. The processed data is transmitted to the nodes through controlled deep learning techniques. The entire stage of data collection, transmission and data reduction between edge devices uses less energy. The experimental results indicate that the volume of data transferred decreases and does not impact the professional data performance and predictive accuracy. Energy consumption of 7.38 KJ and energy conservation of 55.57 kJ was found in the proposed OEES scheme. Predictive accuracy is 97.5 percent, data performance rate was 97.65 percent, and execution time is 14.49 ms.     

Anomaly Detection for Internet of Things Cyberattacks

The Internet of Things (IoT) has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives. The IoT revolution has redefined digital services in different domains by improving efficiency, productivity, and cost-effectiveness. Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’ operation; however, IoT security issues remain a significant challenge. To minimize the risk of cyberattacks on IoT networks, anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks. Although various detection techniques have been proposed in the literature, existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations. In this paper, we propose an intelligent, effective, and lightweight detection approach to detect several IoT attacks. Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model. In the detection phase, we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks. The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%, a precision rate of 99.982%, a recall rate of 99.984%, and an F1-score of 99.983%.     

Hybrid Grey Wolf and Dipper Throated Optimization in Network Intrusion Detection Systems

The Internet of Things (IoT) is a modern approach that enables connection with a wide variety of devices remotely. Due to the resource constraints and open nature of IoT nodes, the routing protocol for low power and lossy (RPL) networks may be vulnerable to several routing attacks. That’s why a network intrusion detection system (NIDS) is needed to guard against routing assaults on RPL-based IoT networks. The imbalance between the false and valid attacks in the training set degrades the performance of machine learning employed to detect network attacks. Therefore, we propose in this paper a novel approach to balance the dataset classes based on metaheuristic optimization applied to locality-sensitive hashing and synthetic minority oversampling technique (LSH-SMOTE). The proposed optimization approach is based on a new hybrid between the grey wolf and dipper throated optimization algorithms. To prove the effectiveness of the proposed approach, a set of experiments were conducted to evaluate the performance of NIDS for three cases, namely, detection without dataset balancing, detection with SMOTE balancing, and detection with the proposed optimized LSH-SOMTE balancing. Experimental results showed that the proposed approach outperforms the other approaches and could boost the detection accuracy. In addition, a statistical analysis is performed to study the significance and stability of the proposed approach. The conducted experiments include seven different types of attack cases in the RPL-NIDS17 dataset. Based on the proposed approach, the achieved accuracy is (98.1%), sensitivity is (97.8%), and specificity is (98.8%).     

Identification of Anomaly Scenes in Videos Using Graph Neural Networks

Generally, conventional methods for anomaly detection rely on clustering, proximity, or classification. With the massive growth in surveillance videos, outliers or anomalies find ingenious ways to obscure themselves in the network and make conventional techniques inefficient. This research explores the structure of Graph neural networks (GNNs) that generalize deep learning frameworks to graph-structured data. Every node in the graph structure is labeled and anomalies, represented by unlabeled nodes, are predicted by performing random walks on the node-based graph structures. Due to their strong learning abilities, GNNs gained popularity in various domains such as natural language processing, social network analytics and healthcare. Anomaly detection is a challenging task in computer vision but the proposed algorithm using GNNs efficiently performs the identification of anomalies. The Graph-based deep learning networks are designed to predict unknown objects and outliers. In our case, they detect unusual objects in the form of malicious nodes. The edges between nodes represent a relationship of nodes among each other. In case of anomaly, such as the bike rider in Pedestrians data, the rider node has a negative value for the edge and it is identified as an anomaly. The encoding and decoding layers are crucial for determining how statistical measurements affect anomaly identification and for correcting the graph path to the best possible outcome. Results show that the proposed framework is a step ahead of the traditional approaches in detecting unusual activities, which shows a huge potential in automatically monitoring surveillance videos. Performing autonomous monitoring of CCTV, crime control and damage or destruction by a group of people or crowd can be identified and alarms may be triggered in unusual activities in streets or public places. The suggested GNN model improves accuracy by 4% for the Pedestrian 2 dataset and 12% for the Pedestrian 1 dataset compared to a few state-of-the-art techniques.     

Diagnosing Anomalies and Identifying Faulty Nodes in Sensor Networks

In this paper, an anomaly detection approach that fuses data gathered from different nodes in a distributed sensor network is proposed and evaluated. The emphasis of this work is placed on the data integrity and accuracy problem caused by compromised or malfunctioning nodes. The proposed approach utilizes and applies Principal Component Analysis simultaneously on multiple metrics received from various sensors. One of the key features of the proposed approach is that it provides an integrated methodology of taking into consideration and combining effectively correlated sensor data, in a distributed fashion, in order to reveal anomalies that span through a number of neighboring sensors. Furthermore, it allows the integration of results from neighboring network areas to detect correlated anomalies/attacks that involve multiple groups of nodes. The efficiency and effectiveness of the proposed approach is demonstrated for a real use case that utilizes meteorological data collected from a distributed set of sensor nodes     

Improving network anomaly detection via selective flow-based sampling

Sampling has become an essential component of scalable Internet traffic monitoring and anomaly detection. A new flow-based sampling technique that focuses on the selection of small flows, which are usually the source of malicious traffic, is introduced and analysed. The proposed approach provides a flexible framework for preferential flow sampling that can effectively balance the tradeoff between the volume of the processed information and the anomaly detection accuracy. The performance evaluation of the impact of selective flow-based sampling on the anomaly detection process is achieved through the adoption and application of a sequential non-parametric change-point anomaly detection method on realistic data that have been collected from a real operational university campus network. The corresponding numerical results demonstrate that the proposed approach achieves to improve anomaly detection effectiveness and at the same time reduces the number of selected flows.     

Behavioral Feature and Correlative Detection of Multiple Types of Node in the Internet of Vehicles

Undoubtedly, uncooperative or malicious nodes threaten the safety of Internet of Vehicles (IoV) by destroying routing or data. To this end, some researchers have designed some node detection mechanisms and trust calculating algorithms based on some different feature parameters of IoV such as communication, data, energy, etc., to detect and evaluate vehicle nodes. However, it is difficult to effectively assess the trust level of a vehicle node only by message forwarding, data consistency, and energy sufficiency. In order to resolve these problems, a novel mechanism and a new trust calculating model is proposed in this paper. First, the four tuple method is adopted, to qualitatively describing various types of nodes of IoV; Second, analyzing the behavioral features and correlation of various nodes based on route forwarding rate, data forwarding rate and physical location; third, designing double layer detection feature parameters with the ability to detect uncooperative nodes and malicious nodes; fourth, establishing a node correlative detection model with a double layer structure by combining the network layer and the perception layer. Accordingly, we conducted simulation experiments to verify the accuracy and time of this detection method under different speed-rate topological conditions of IoV. The results show that comparing with methods which only considers energy or communication parameters, the method proposed in this paper has obvious advantages in the detection of uncooperative and malicious nodes of IoV; especially, with the double detection feature parameters and node correlative detection model combined, detection accuracy is effectively improved, and the calculation time of node detection is largely reduced.     

An Efficient Internet Traffic Classification System Using Deep Learning for IoT

Internet of Things (IoT) defines a network of devices connected to the internet and sharing a massive amount of data between each other and a central location. These IoT devices are connected to a network therefore prone to attacks. Various management tasks and network operations such as security, intrusion detection, Quality-of-Service provisioning, performance monitoring, resource provisioning, and traffic engineering require traffic classification. Due to the ineffectiveness of traditional classification schemes, such as port-based and payload-based methods, researchers proposed machine learning-based traffic classification systems based on shallow neural networks. Furthermore, machine learning-based models incline to misclassify internet traffic due to improper feature selection. In this research, an efficient multilayer deep learning based classification system is presented to overcome these challenges that can classify internet traffic. To examine the performance of the proposed technique, Moore-dataset is used for training the classifier. The proposed scheme takes the pre-processed data and extracts the flow features using a deep neural network (DNN). In particular, the maximum entropy classifier is used to classify the internet traffic. The experimental results show that the proposed hybrid deep learning algorithm is effective and achieved high accuracy for internet traffic classification, i.e., 99.23%. Furthermore, the proposed algorithm achieved the highest accuracy compared to the support vector machine (SVM) based classification technique and k-nearest neighbours (KNNs) based classification technique.     

An IoT Environment Based Framework for Intelligent Intrusion Detection

Software-defined networking (SDN) represents a paradigm shift in network traffic management. It distinguishes between the data and control planes. APIs are then used to communicate between these planes. The controller is central to the management of an SDN network and is subject to security concerns. This research shows how a deep learning algorithm can detect intrusions in SDN-based IoT networks. Overfitting, low accuracy, and efficient feature selection is all discussed. We propose a hybrid machine learning-based approach based on Random Forest and Long Short-Term Memory (LSTM). In this study, a new dataset based specifically on Software Defined Networks is used in SDN. To obtain the best and most relevant features, a feature selection technique is used. Several experiments have revealed that the proposed solution is a superior method for detecting flow-based anomalies. The performance of our proposed model is also measured in terms of accuracy, recall, and precision. F1 rating and detection time Furthermore, a lightweight model for training is proposed, which selects fewer features while maintaining the model’s performance. Experiments show that the adopted methodology outperforms existing models.     

Continuous Mobile User Authentication Using a Hybrid CNN-Bi-LSTM Approach

Internet of Things (IoT) devices incorporate a large amount of data in several fields, including those of medicine, business, and engineering. User authentication is paramount in the IoT era to assure connected devices’ security. However, traditional authentication methods and conventional biometrics-based authentication approaches such as face recognition, fingerprints, and password are vulnerable to various attacks, including smudge attacks, heat attacks, and shoulder surfing attacks. Behavioral biometrics is introduced by the powerful sensing capabilities of IoT devices such as smart wearables and smartphones, enabling continuous authentication. Artificial Intelligence (AI)-based approaches introduce a bright future in refining large amounts of homogeneous biometric data to provide innovative user authentication solutions. This paper presents a new continuous passive authentication approach capable of learning the signatures of IoT users utilizing smartphone sensors such as a gyroscope, magnetometer, and accelerometer to recognize users by their physical activities. This approach integrates the convolutional neural network (CNN) and recurrent neural network (RNN) models to learn signatures of human activities from different users. A series of experiments are conducted using the MotionSense dataset to validate the effectiveness of the proposed method. Our technique offers a competitive verification accuracy equal to 98.4%. We compared the proposed method with several conventional machine learning and CNN models and found that our proposed model achieves higher identification accuracy than the recently developed verification systems. The high accuracy achieved by the proposed method proves its effectiveness in recognizing IoT users passively through their physical activity patterns.     

Black Hole and Sink Hole Attack Detection in Wireless Body Area Networks

In Wireless Body Area Networks (WBANs) with respect to health care, sensors are positioned inside the body of an individual to transfer sensed data to a central station periodically. The great challenges posed to healthcare WBANs are the black hole and sink hole attacks. Data from deployed sensor nodes are attracted by sink hole or black hole nodes while grabbing the shortest path. Identifying this issue is quite a challenging task as a small variation in medicine intake may result in a severe illness. This work proposes a hybrid detection framework for attacks by applying a Proportional Coinciding Score (PCS) and an MK-Means algorithm, which is a well-known machine learning technique used to raise attack detection accuracy and decrease computational difficulties while giving treatments for heartache and respiratory issues. First, the gathered training data feature count is reduced through data pre-processing in the PCS. Second, the pre-processed features are sent to the MK-Means algorithm for training the data and promoting classification. Third, certain attack detection measures given by the intrusion detection system, such as the number of data packages trans-received, are identified by the MK-Means algorithm. This study demonstrates that the MK-Means framework yields a high detection accuracy with a low packet loss rate, low communication overhead, and reduced end-to-end delay in the network and improves the accuracy of biomedical data.     

An Intelligent Hybrid Mutual Authentication Scheme for Industrial Internet of Thing Networks

Internet of Things (IoT) network used for industrial management is vulnerable to different security threats due to its unstructured deployment, and dynamic communication behavior. In literature various mechanisms addressed the security issue of Industrial IoT networks, but proper maintenance of the performance reliability is among the common challenges. In this paper, we proposed an intelligent mutual authentication scheme leveraging authentication aware node (AAN) and base station (BS) to identify routing attacks in Industrial IoT networks. The AAN and BS uses the communication parameter such as a route request (RREQ), node-ID, received signal strength (RSS), and round-trip time (RTT) information to identify malicious devices and routes in the deployed network. The feasibility of the proposed model is validated in the simulation environment, where OMNeT++ was used as a simulation tool. We compare the results of the proposed model with existing field-proven schemes in terms of routing attacks detection, communication cost, latency, computational cost, and throughput. The results show that our proposed scheme surpasses the previous schemes regarding these performance parameters with the attack detection rate of 97.7 %.     

基于单元多项式回归法的扫描仪色彩校正研究

针对IT8.7/2色靶及自定义色靶,采用单元多项式回归法,进行扫描仪RGB到Lab颜色空间的转换,以实现扫描仪的色彩校正.结果表明:针对IT8.7/2色靶,当采用5级均等分割中心点并采用13项50点进行多项式回归时,精度相对较高,效果较好;针对自定义色靶,当采用8级均等分割中心点并采用19项180点进行单元多项式回归时,精度相对较高,效果较好.采用单元多项式回归法,可提升扫描仪RGB到Lab颜色空间的转换精度,并节约计算时间,能有效实现扫描仪的色彩校正,且处理过程更简便、直观.     

Deep Semisupervised Learning-Based Network Anomaly Detection in Heterogeneous Information Systems

The extensive proliferation of modern information services and ubiquitous digitization of society have raised cybersecurity challenges to new levels. With the massive number of connected devices, opportunities for potential network attacks are nearly unlimited. An additional problem is that many low-cost devices are not equipped with effective security protection so that they are easily hacked and applied within a network of bots (botnet) to perform distributed denial of service (DDoS) attacks. In this paper, we propose a novel intrusion detection system (IDS) based on deep learning that aims to identify suspicious behavior in modern heterogeneous information systems. The proposed approach is based on a deep recurrent autoencoder that learns time series of normal network behavior and detects notable network anomalies. An additional feature of the proposed IDS is that it is trained with an optimized dataset, where the number of features is reduced by 94% without classification accuracy loss. Thus, the proposed IDS remains stable in response to slight system perturbations, which do not represent network anomalies. The proposed approach is evaluated under different simulation scenarios and provides a 99% detection accuracy over known datasets while reducing the training time by an order of magnitude.