Network Attack Detection Research Articles

An Efficient Method for Detecting Supernodes Using Reversible Summary Data Structures in the Distributed Monitoring Systems

Supernode detection has many applications in detecting network attacks, assisting resource allocation, etc. As 5G/IoT networks constantly grow, big network traffic brings a great challenge to collect massive traffic data in compact and real-time way. Previous works focus on detecting supernodes in a measurement point, while only a few works consider it in the distributed monitoring system. Moreover, they are not able to measure two types of node cardinalities simultaneously and reconstruct labels of supernodes efficiently due to large calculation and memory cost. To address these problems, we propose a novel reversible and distributed traffic summarization called RDS to simultaneously measure source and destination cardinalities for detecting supernodes in the distributed monitoring system. The basic idea of our approach is that each monitor generates a summary data structure using the coming packets and sends the summary data structure to the controller; then, the controller aggregates the received summary data structures, estimates node cardinalities, and reconstructs labels of supernodes according to the aggregated summary data structure. The experimental results based on real network traffic demonstrate that the proposed approach can detect up to 96% supernodes with a low memory requirement in comparison with state-of-the-art approaches.

Network Attack Detection Method of the Cyber-Physical Power System Based on Ensemble Learning

With the rapid development of power grid informatization, the power system has evolved into a multi-dimensional heterogeneous complex system with high cyber-physical integration, denoting the Cyber-Physical Power System (CPPS). Network attack, in addition to faults, becomes an important factor restricting the stable operation of the power system. Under the influence of network attacks, to improve the operational stability of CPPSs, this paper proposes a CPPS network attack detection method based on ensemble learning. First, to solve the shortcomings of a low detection precision caused by insufficient network attack samples, a power data balancing processing method was proposed. Then, the LightGBM ensemble was constructed to detect network attack events and lock the fault points caused by the attack. At the same time, in the process of gradient boost, the focal loss was introduced to optimize the attention weight of the classifier to the misclassified samples, thus improving the network attack detection precision. Finally, we propose an effective evaluation method of the network attack detection model based on cyber-physical comprehensive consideration. In addition, the cyber-physical power system stability under the action of the network attack detection model is quantitatively analyzed. The experimental results show that the F1 score of network attack detection increases by 16.73%, and the precision increases by 15.67%.

Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system

This work proposes an end-to-end model for network attack detection and network attack classification using deep learning-based recurrent models. The proposed model extracts the features of hidden layers of recurrent models and further employs a kernel-based principal component analysis (KPCA) feature selection approach to identify optimal features. Finally, the optimal features of recurrent models are fused together and classification is done using an ensemble meta-classifier. Experimental analysis and results of the proposed method on more than one benchmark network intrusion dataset show that the proposed method performed better than the existing methods and other most commonly used machine learning and deep learning models. In particular, the proposed method showed maximum accuracy 99% in network attacks detection and 97% network attacks classification using the SDN-IoT dataset. Similar performances were obtained by the proposed model on other network intrusion datasets such as KDD-Cup-1999, UNSW-NB15, WSN-DS, and CICIDS-2017.

Hybrid optimization driven deep residual network for attack detection and attack mitigation in wireless sensor networks

Wireless sensor network (WSN) comprises small sensor nodes that have the ability of sensing platform, store and send data. In addition, the sensor nodes pose limited resource such as energy, computing power. Clustering is an effective manner for diminishing energy usage utilized by sensor nodes for sending data from source to base station (BS). The multi-path routing is utilized for routing data amongst nodes. However, the WSN are susceptible to several types of security issues which can degrade network performance. WSN are susceptible to various types of attacks, which degraded the performance of entire network. Hence, the primary purpose of this research is to design and develop attack detection and attack mitigation system in WSN for detecting the attackers. This paper devises an energy efficient and optimization aware deep model for attack detection and mitigation in WSN. Here, the first step is the simulation of WSN nodes. The overall procedure of the proposed model includes simulation of WSN, cluster head selection, routing to BS, Sybil attack detection in BS and finally attack mitigation in BS. The first step is WSN simulation and then the selection of energy efficient cluster head is done using Lower Energy Adaptive Clustering Hierarchy (LEACH) protocol.

A Two-layer Fog-Cloud Intrusion Detection Model for IoT Networks

The Internet of Things (IoT) and its applications are becoming ubiquitous in our life. However, the open deployment environment and the limited resources of IoT devices make them vulnerable to cyber threats. In this paper, we investigate intrusion detection techniques to mitigate attacks that exploit IoT security vulnerabilities. We propose a machine learning-based two-layer hierarchical intrusion detection mechanism that can effectively detect intrusions in IoT networks while satisfying the IoT resource constraints. Specifically, the proposed model effectively utilizes the resources in the fog layer of the IoT network by efficiently deploying multi-layered feedforward neural networks in the fog-cloud infrastructure for detecting network attacks. With a fog layer into the picture, analysis is dynamically distributed across the fog and cloud layer thus enabling real-time analytics of traffic data closer to IoT devices and end-users. We have performed extensive experiments using two publicly available datasets to test the proposed approach. Test results show that the proposed approach outperforms existing approaches in multiple performance metrics such as accuracy, precision, recall, and F1-score. Moreover, experiments also justified the proposed model in terms of improved service time, lower delay, and optimal energy utilization.

Juggler-ResNet: A Flexible and High-Speed ResNet Optimization Method for Intrusion Detection System in Software-Defined Industrial Networks

<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ResNets</i> are widely used in the intrusion detection system (IDS) of software-defined industrial network to construct accurate intelligence detection of network attacks. However, the IDS based on ResNets has a long detecting interval because of the fine-grained operator and intermediate outcomes of the multi-branch architecture of ResNets. To address this problem, in this article, we propose Juggler-ResNet with a fusible residual structure that preserves the feature extraction ability of the residual structure and enables equivalent transformation to linear topology to support low latency inference service in the industrial application (e.g., malicious network behavior detection, fault diagnosis, etc.). First, we propose a fusible multibranch residual structure to avoid gradient vanishing problems in the training phase. Second, we convert it to linear-topology by using a set of equivalent fusion operators. Finally, the linear-topology model is deployed to accelerate inference speed. Our experimental results on CIFAR-10 and CIFAR-100 show that fusible residual structure can achieve 2.08-4.3x acceleration with state-of-the-art level accuracy performance.

Network attack classification using LSTM with XGBoost feature selection

The evolving new and modern technologies raise the risks in the network which will be affected by several attacks and thus give rise to developing efficient network attack detection and classification methods. Here in this article for predicting and classifying the network attacks, the LSTM neural network with XGBoost is suggested in which the NSL-KDD dataset was utilized to train the LSTM in the study. In the beginning, the unnecessary data and the noisy data will be eliminated using the dataset and the feature subset with the most compelling features will be selected using the feature selection. By utilizing the essential data, the proposed system will be trained and the training parameter values will be modified for maximizing the functionality of the proposed system. Then, the result of the proposed system will be evaluated with some of the existing machine learning and deep learning algorithms such as SVM, LR, RF, DNN, and CNN with the performance metrics like Accuracy, F1 score, Recall, and Precision. It was found that the proposed model outperforms better than the other algorithms as this model is trained with the most important features and due to this, the training time and overfitting of the learning model was reduced thereby increasing the model effectiveness

Intrusion Detection Model for Industrial Internet of Things Based on Improved Autoencoder.

With the gradual advancement of informatization and industrialization, the safety and controllability of industrial Internet of things (IoT) have attracted more and more attention. Aiming to improve the security of industrial IoT, a detection method using stacked sparse autoencoder network model is proposed. In this method, the basic units of the network model have been simplified and sparse, and some of basic features are combined with obtaining a higher-level abstract expression, so as to solve the problem of unbalanced network traffic data. The cascaded network structure is adopted to stack its sparse autoencoder network model, so as to improve the data ability of the detection model. In addition, the incorporation of Softmax classifier realizes the dynamic adjustment and optimization of the whole network parameters, which further ensures the efficiency of the detection method. The simulation experiment is based on NSL-KDD dataset. The experiment has proved that the proposed method has excellent network attack identification and detection performance. Its accuracy index is about 95.42%, and the detection time is about 3.42 s.

Retraction Note to: Invariant packet feature with network conditions for efficient low rate attack detection in multimedia networks for improved QoS

Retraction Note to: Invariant packet feature with network conditions for efficient low rate attack detection in multimedia networks for improved QoS

Identify Selective Forwarding Attacks Using Danger Model: Promote the Detection Accuracy in Wireless Sensor Networks

Wireless sensor networks (WSNs) are prone to attack due to open work conditions and broadcast communication. The selective forwarding attack, one of the inner attacks in WSNs, is the hardest attack to detect among denial of service (DoS) attacks. The malicious nodes which launch the selective forwarding attack will drop part of or all the data packets they received. Many proposed detection methods against selective forwarding attacks have low accuracy or high algorithm complexity, especially when the attacker works its way in the network along with several attacks, such as blackhole, wormhole, and Distributed Denial of Service (DDoS). Here, an artificial immune system based on the danger model is established to detect network attacks. To promote detection accuracy and reduce computation, we have proposed a screen-confirm scheme. In the screening phase, the scheme first obtains the danger signals from nodes’ energy consumption, forwarding rate, connect duration, transmission frequency, and transmission time, then it screens out the suspected selective forwarding attacks from DoS attacks using a support vector machine (SVM). After that, in the confirming phase, we select an optimal danger threshold and calculate the outputs of the suspected ones, then confirm them by comparing outputs and threshold. The simulation results show that our scheme’s missing detection rate (MDR) is close to 1.3% and keeps the false detection rate (FDR) lower than 4.3% when the malicious ratio is 10%. Moreover, compared with other related work, our proposed method offers a lower algorithm complexity.

Network attack detection scheme based on variational quantum neural network

Network attack detection scheme based on variational quantum neural network

Node-Replication Attack Detection in Vehicular Ad-hoc Networks based on Automatic Approach

Node-Replication Attack Detection in Vehicular Ad-hoc Networks based on Automatic Approach

Enabling data-driven anomaly detection by design in cyber-physical production systems

Designing and developing distributed cyber-physical production systems (CPPS) is a time-consuming, complex, and error-prone process. These systems are typically heterogeneous, i.e., they consist of multiple components implemented with different languages and development tools. One of the main problems nowadays in CPPS implementation is enabling security mechanisms by design while reducing the complexity and increasing the system’s maintainability. Adopting the IEC 61499 standard is an excellent approach to tackle these challenges by enabling the design, deployment, and management of CPPS in a model-based engineering methodology. We propose a method for CPPS design based on the IEC 61499 standard. The method allows designers to embed a bio-inspired anomaly-based host intrusion detection system (A-HIDS) in Edge devices. This A-HIDS is based on the incremental Dendritic Cell Algorithm (iDCA) and can analyze OPC UA network data exchanged between the Edge devices and detect attacks that target the CPPS’ Edge layer. This study’s findings have practical implications on the industrial security community by making novel contributions to the intrusion detection problem in CPPS considering immune-inspired solutions, and cost-effective security by design system implementation. According to the experimental data, the proposed solution can dramatically reduce design and code complexity while improving application maintainability and successfully detecting network attacks without negatively impacting the performance of the CPPS Edge devices.

Model-Based Feature Selection for Developing Network Attack Detection and Alerting System

The use of the Intrusion Detection Systems (IDS) still has unresolved problems, namely the lack of accuracy in attack detection, resulting in false-positive problems and many false alarms. Machine learning is one way that is often utilized to overcome challenges that arise during the implementation of IDS.. We present a system that uses a machine learning approach to detect network attacks and send attack alerts in this study. The CSE-CICIDS2018 Dataset and Model-Based Feature Selection technique are used to assess the performance of eight classifier algorithms in identifying network attacks in order to determine the best algorithm. The resulting XGBoost Model is chosen as the model that provides the highest performance results in this comparison of machine learning models, with an accuracy rate of 99 percent for two-class classification and 98.4 percent for multi-class classification.&#x0D;

Research on DoS Traffic Detection Model Based on Random Forest and Multilayer Perceptron

Denial of service (DoS) attack is a typical and extremely destructive attack, which poses a serious threat to the Internet security and is highly concealed, making it difficult to detect. In response to this problem, the paper proposes an efficient DoS attack traffic detection method, Random Forest and Multilayer Perceptron hybrid network attack detection algorithm (RF-MLP). At first, it is adopted that the random forest algorithm can be used for feature selection and the optimal threshold can be determined by drawing a learning curve; therefore the optimal feature subset is determined. Then the optimal feature subset is used as the input of the multilayer perceptron for training. We will analyze the experimental results obtained using different configurations by varying the number of training neurons and the number of hidden layers of the multilayer perceptron network in order to improve the accuracy and reduce the number of false results. Using the real network traffic CICIDS2017 dataset and UNSW-NB15 dataset to evaluate the method in this paper, the results show that the model can effectively detect and classify DoS attacks, the accuracy rate can reach 99.83% and 93.51%, and there is also a significant reduction in the false alarm rate, verifying the effectiveness of the method and its ease of use.

A collaborative framework for intrusion detection (C-NIDS) in Cloud computing

In recent years, Cloud computing has emerged as a new paradigm for delivering highly scalable and on-demand shared pool IT resources such as networks, servers, storage, applications and services through internet. It enables IT managers to provision services to users faster and in a cost-effective way. As a result, this technology is used by an increasing number of end users. On the other hand, existing security deficiencies and vulnerabilities of underlying technologies can leave an open door for intruders. Indeed, one of the major security issues in Cloud is to protect against distributed attacks and other malicious activities on the network that can affect confidentiality, availability and integrity of Cloud resources. In order to solve these problems, we propose a Collaborative Network Intrusion Detection System (C-NIDS) to detect network attacks in Cloud by monitoring network traffic, while offering high accuracy by addressing newer challenges, namely, intrusion detection in virtual network, monitoring high traffic, scalability and resistance capability. In our NIDS framework, we use Snort as a signature based detection to detect known attacks, while for detecting network anomaly, we use Support Vector Machine (SVM). Moreover, in this framework, the NIDS sensors deployed in Cloud operate in collaborative way to oppose the coordinated attacks against cloud infrastructure and knowledge base remains up-to-date.

Cooperative Trust Framework for Cloud Computing Based on Mobile Agents

Cloud computing opens doors to the multiple, unlimited venues from elastic computing to on demand provisioning to dynamic storage, reduce the potential costs through optimized and efficient computing. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of for any type of intrusion in this environment. To counter these kinds of attacks, a framework of cooperative Hybrid intrusion detection system (Hy-IDS) and Mobile Agents is proposed. This framework allows protection against the intrusion attacks. Our Hybrid IDS is based on two types of IDS, the first for the detection of attacks at the level of virtual machines (VMs), the second for the network attack detection and Mobile Agents. Then, this framework unfolds in three phases: the first, detection intrusion in a virtual environment using mobile agents for collected malicious data. The second, generating new signatures from malicious data, which were collected in the first phase. The third, dynamic deployment of updates between clusters in a cloud computing, using the newest signatures previously created. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively. In this paper, we develop a collaborative approach based on Hy-IDS and Mobile Agents in Cloud Environment, to define a dynamic context which enables the detection of new attacks, with much detail as possible.

Research on privacy data protection of power wireless network based on heterogeneous data sequence

As an energy industry, the power industry is related to the national economy and the people’s livelihood. It is applied to intensive technology types, and involves all walks of life. Due to the opening of power market and the changes of social economy, such as Internet economy and data economy, the traditional power industry is facing great challenges. Considering the practical problem that the private data anomaly detection model of power network lacks high-quality labeled data set and the anomaly detector is updated in time according to the feedback, an adaptive anomaly detection model of human in the loop is constructed so as to effectively reduce the phenomenon of false positives. This paper proposes an adaptive anomaly detection algorithm based on isolated forest and prediction analysis. The abnormal score is calculated according to the algorithm. The sorting list of abnormal data is given. The samples to be labeled are selected by pal strategy and handed over to the analysts, and then the weight of each side in the database is updated in time according to the labeling feedback. The experimental results show that the detection accuracy of this algorithm is 95% under the low manual annotation budget, which is 5%–10% higher than other algorithms. Besides, about 70% abnormal behaviors were detected from 20000 test data. It realizes the purpose of identifying directional network attacks from multi-source heterogeneous and noisy cyberspace data. This research can help the power department quickly find the abnormal behavior caused by network attack, which aims to solve the problems of low intelligence level and lack of correlation between multi-source heterogeneous data in power network attack detection.

A Feature Similarity Machine Learning Model for DDoS Attack Detection in Modern Network Environments for Industry 4.0

• A new traffic attribute-pattern similarity function SWATHI for similarity computation between network traffic attribute patterns and evolutionary feature clustering of traffic attribute patterns to carry feature transformation-based dimensionality reduction. • A Gaussian based network traffic similarity function for similarity computation between network traffic instances. • A machine learning model SWASTHIKA which considers network traffic data obtained after feature transformation for detection of low rate and high-rate network attacks. Recent advancements in artificial intelligence and machine learning technologies have laid the flagstone for the fourth industrial revolution, Industry 4.0. The industry 4.0 is at a very high momentum when compared to previous revolutions witnessed by humans in a way which was never anticipated. Cyber Physical Systems and Cloud computing are the basis for Industry 4.0. An ongoing research challenge in cloud computing is the immediate need to address security and data availability challenges coined in modern networking environments. For instance, DDoS attacks in cloud are continuously throwing new challenges to network community which makes detection of these attacks, an ongoing research challenge with respect to cloud security. At the outset, the research reported in this work has addressed three important contributions (i) A new gaussian based traffic attribute-pattern similarity function for evolutionary feature clustering to achieve feature transformation-based dimensionality reduction, (ii) A Gaussian based network traffic similarity function for similarity computation between network traffic instances and (iii) A machine learning model SWASTHIKA which uses feature transformation traffic for detection of low rate and high-rate network attacks. For experimental study, the most recent benchmark dataset namely IoT DoS and DDoS attack dataset available at IEEE Dataport is considered as this dataset has highly non-linear traffic instances which are like the real-world traffic. The performance evaluation of the proposed machine learning model SWASTHIKA is done by considering various classifier evaluation parameters such as accuracy, precision, detection rate, and F-Score. The experiment results proved that the attack detection rate of SWASTHIKA is significantly better compared to state of art machine learning classifiers.

Feature Selection Method for Ml/Dl Classification of Network Attacks in Digital Forensics

Abstract The research is related to machine learning and deep learning (ML/DL) methods for clustering and classification that are compatible with anomaly detection (network attacks detection) in digital forensics. Research is conducted in the field of selecting subsets of features of a dataset useful for constructing a good predictor (classifier). In this study, a new feature selection method for a classifier based on the Analytical Hierarchy Process (AHP) method is presented and tested. The proposed step-by-step algorithm for the iterative selection of these features makes it possible to obtain the minimum required list of features that are associated with attack events and can be used to detect them. For the classification, Artificial Neural Network (ANN) method is used. The accuracy of attack detection by the proposed method has been verified in numerical experiments.