Large-scale Network Environment Research Articles

Survey of federated learning in intrusion detection

Intrusion detection methods are crucial means to mitigate network security issues. However, the challenges posed by large-scale complex network environments include local information islands, regional privacy leaks, communication burdens, difficulties in handling heterogeneous data, and storage resource bottlenecks. Federated learning has the potential to address these challenges by leveraging widely distributed and heterogeneous data, achieving load balancing of storage and computing resources across multiple nodes, and reducing the risks of privacy leaks and bandwidth resource demands. This paper reviews the process of constructing federated learning based intrusion detection system from the perspective of intrusion detection. Specifically, it outlines six main aspects: application scenario analysis, federated learning methods, privacy and security protection, selection of classification models, data sources and client data distribution, and evaluation metrics, establishing them as key research content. Subsequently, six research topics are extracted based on these aspects. These topics include expanding application scenarios, enhancing aggregation algorithm, enhancing security, enhancing classification models, personalizing model and utilizing unlabeled data. Furthermore, the paper delves into research content related to each of these topics through in-depth investigation and analysis. Finally, the paper discusses the current challenges faced by research, and suggests promising directions for future exploration.

A sharding blockchain protocol for enhanced scalability and performance optimization through account transaction reconfiguration

Sharding is a critical technology for enhancing blockchain scalability. However, existing sharding blockchain protocols suffer from a high cross-shard ratio, high transaction latency, limited throughput enhancement, and high account migration. To address these problems, this paper proposes a sharding blockchain protocol for enhanced scalability and performance optimization through account transaction reconfiguration. Firstly, we construct a blockchain transaction account graph network structure to analyze transaction account correlations. Secondly, a modularity-based account transaction reconfiguration algorithm and a detailed account reconfiguration process is designed to minimize cross-shard transactions. Finally, we introduce a transaction processing mechanism for account transaction reconfiguration in parallel with block consensus uploading, which reduces the reconfiguration time overhead and system latency. Experimental results demonstrate substantial performance improvements compared to existing shard protocols: up to a 34.7% reduction in cross-shard transaction ratio, at least an 83.2% decrease in transaction latency, at least a 52.7% increase in throughput and a 7.8% decrease in account migration number. The proposed protocol significantly enhances the overall performance and scalability of blockchain, providing robust support for blockchain applications in various fields such as financial services, supply chain management, and industrial Internet of Things. It also enables better support for high-concurrency scenarios and large-scale network environments.

Federated Learning-Based Security Attack Detection for Multi-Controller Software-Defined Networks

A revolutionary concept of Multi-controller Software-Defined Networking (MC-SDN) is a promising structure for pursuing an evolving complex and expansive large-scale modern network environment. Despite the rich operational flexibility of MC-SDN, it is imperative to protect the network deployment against potential vulnerabilities that lead to misuse and malicious activities on data planes. The security holes in the MC-SDN significantly impact network survivability, and subsequently, the data plane is vulnerable to potential security threats and unintended consequences. Accordingly, this work intends to design a Federated learning-based Security (FedSec) strategy that detects the MC-SDN attack. The FedSec ensures packet routing services among the nodes by maintaining a flow table frequently updated according to the global model knowledge. By executing the FedSec algorithm only on the network-centric nodes selected based on importance measurements, the FedSec reduces the system complexity and enhances attack detection and classification accuracy. Finally, the experimental results illustrate the significance of the proposed FedSec strategy regarding various metrics.

Optimizing Charging Pad Deployment by Applying a Quad-Tree Scheme

The recent advancement in wireless power transmission (WPT) has led to the development of wireless rechargeable sensor networks (WRSNs), since this technology provides a means to replenish sensor nodes wirelessly, offering a solution to the energy challenges faced by WSNs. Most of the recent previous work has focused on charging sensor nodes using wireless charging vehicles (WCVs) equipped with high-capacity batteries and WPT devices. In these schemes, a vehicle can move close to a sensor node and wirelessly charge it without physical contact. While these schemes can mitigate the energy problem to some extent, they overlook two primary challenges of applied WCVs: off-road navigation and vehicle speed limitations. To overcome these challenges, previous work proposed a new WRSN model equipped with one drone coupled with several pads deployed to charge the drone when it cannot reach the subsequent stop. This wireless charging pad deployment aims to deploy the minimum number of pads so that at least one feasible routing path from the base station can be established for the drone to reach every SN in a given WRSN. The major weakness of previous studies is that they only consider deploying a wireless charging pad at the locations of the wireless sensor nodes. Their schemes are limited and constrained because usually every point in the deployed area can be considered to deploy a pad. Moreover, the deployed pads suggested by these schemes may not be able to meet the connected requirements due to sparse environments. In this work, we introduce a new scheme that utilizes the Quad-Tree concept to address the wireless charging pad deployment problem and reduce the number of deployed pads at the same time. Extensive simulations were conducted to illustrate the merits of the proposed schemes by comparing them with different previous schemes on maps of varying sizes. In the case of large maps, the proposed schemes surpassed all previous works, indicating that our approach is more suitable for large-scale network environments.

Research on a Critical Link Discovery Method for Network Security Situational Awareness.

Network security situational awareness (NSSA) aims to capture, understand, and display security elements in large-scale network environments in order to predict security trends in the relevant network environment. With the internet's increasingly large scale, increasingly complex structure, and gradual diversification of components, the traditional single-layer network topology model can no longer meet the needs of network security analysis. Therefore, we conduct research based on a multi-layer network model for network security situational awareness, which is characterized by the three-layer network structure of a physical device network, a business application network, and a user role network. Its network characteristics require new assessment methods, so we propose a multi-layer network link importance assessment metric: the multi-layer-dependent link entropy (MDLE). On the one hand, the MDLE comprehensively evaluates the connectivity importance of links by fitting the link-local betweenness centrality and mapping entropy. On the other hand, it relies on the link-dependent mechanism to better aggregate the link importance contributions in each network layer. The experimental results show that the MDLE has better ordering monotonicity during critical link discovery and a higher destruction efficacy in destruction simulations compared to classical link importance metrics, thus better adapting to the critical link discovery requirements of a multi-layer network topology.

Mitigating Vulnerabilities in Large-Scale Network Environments: Strategies and Best Practices

In the modern world of networks, managing multiple threats in large-scale network environments is an essential goal of organizations to protect their system and essential information. Measures to counter threats and sources of vulnerability and the chances of cyber threats and cyber incidences are the primary focuses of this paper. Vulnerability management, network segmentation, and access controls are the first pillars of a sound cybersecurity program. Vulnerability management is a repeated process of discovering, analyzing, documenting, addressing, and checking general and individual protection flaws before an attacker can. Dividing the network becomes effective in preventing threats from affecting certain highly vulnerable areas of the network, as well as improving the levels of security control. Adopting robust identity and access management solutions, including MFA and RBAC, adds another layer of protection to the network by limiting access to networks and resources to only authorized users. Furthermore, the relevance of repeating vulnerability assessments and penetration testing is underlined, as these activities help update the information on the organization’s security and identify insecure positions. However, factors like the increasing pace of vulnerabilities and the necessity to adapt instantly to novel threats show that protection is not easy. Cyber threats are still on the rise, and as a result, the adoption of the spur) advanced technologies like AI in security frameworks boost detection rates and reaction time. The paper concludes by emphasizing the need for constant monitoring and implementing preventive measures to safeguard against emerging and evolving cyber threats.

Malware Attack Detection in Large Scale Networks using the Ensemble Deep Restricted Boltzmann Machine

Today, cyber attackers use Artificial Intelligence (AI) to boost the sophistication and scope of their attacks. On the defense side, AI is used to improve defense plans, robustness, flexibility, and efficiency of defense systems by adapting to environmental changes. With the developments in information and communication technologies, various exploits that are changing rapidly constitute a danger sign for cyber security. Cybercriminals use new and sophisticated tactics to boost their attack speed and size. Consequently, there is a need for more flexible, adaptable, and strong cyber defense systems that can identify a wide range of threats in real time. In recent years, the adoption of AI approaches has increased and maintained a vital role in the detection and prevention of cyber threats. This paper presents an Ensemble Deep Restricted Boltzmann Machine (EDRBM) to classify cybersecurity threats in large-scale network environments. EDRBM acts as a classification model that enables the classification of malicious flowsets in a large-scale network. Simulations were carried out to evaluate the efficacy of the proposed EDRBM model under various malware attacks. The results showed that the proposed method achieved a promising malware classification rate in malicious flowsets.

Subspace-Based Anomaly Detection for Large-Scale Campus Network Traffic

With the continuous development of information technology and the continuous progress of traffic bandwidth, the types and methods of network attacks have become more complex, posing a great threat to the large-scale campus network environment. To solve this problem, a network traffic anomaly detection model based on subspace information entropy flow matrix and a subspace anomaly weight clustering network traffic anomaly detection model combined with density anomaly weight and clustering ideas are proposed. Under the two test sets of public dataset and collected campus network data information of a university, the detection performance of the proposed anomaly detection method is compared with other anomaly detection algorithm models. The results show that the proposed detection model is superior to other models in speed and accuracy under the open dataset. And the two traffic anomaly detection models proposed in the study can well complete the task of network traffic anomaly detection under the large-scale campus network environment.

Consensus reaching process with noncooperative behaviors in large-scale group social network environment

Large-scale group decision-making (LSGDM) problems have drawn general attention from scholars. The distribution linguistic preference relation (DLPR) is a flexible and practical tool to describe the preferences of decision makers (DMs) in the decision-making process. Opinion conflict is inevitable among large-scale DMs due to self-interest and individual perception. Thus, it is essential to establish a consensus reaching process (CRP), but there may be non-cooperative behaviors for DMs when they are required to accept the opinions adjustment. As the social network becomes more ubiquitous, moreover, the trust relationship among decision members has implications for the consensus reaching process. Hence, this study proposes a new consensus model that manages non-cooperative behaviors from the cooperative degree, trust relationship, and individual self-confidence level three aspects, and discusses the specific influence of these factors on the penalty for non-cooperative behaviors. In addition, hesitancy-based similarity measure of linguistic distributed assessment is proposed for clustering and measuring consensus level. Finally, a numerical example of a price hearing system demonstrates the feasibility and efficacy of the proposed method, and a comparative analysis illustrates its features and advantages.

Dynamic SFC Embedding Algorithm Assisted by Federated Learning in Space–Air–Ground-Integrated Network Resource Allocation Scenario

Traditional terrestrial wireless communication networks cannot support the requirements for high-quality services for artificial intelligence applications such as smart cities. The space-air-ground integrated network (SAGIN) provides a solution to address this challenge. However, SAGIN is heterogeneous, time-varying, and multi-dimensional information sources, making it difficult for traditional network architectures to support resource allocation in large-scale complex network environments. This paper proposes a service provision method based on Service Function Chaining (SFC) to solve this problem. Network Function Virtualization (NFV) is essential for efficient resource allocation in SAGIN to meet the resource requirements of user service requests. We propose a federation learning (FL) based algorithm to solve the embedding problem of SFCs in SAGIN. The algorithm considers different characteristics of nodes and resource load to balance resource consumption. Then an SFC scheduling mechanism is proposed that allows SFC reconfiguration to reduce the service blocking rate. Simulation results show that our proposed FL-VNFE algorithm is more advantageous compared to other algorithms, with 12.9%, 2.52%, and 10.5% improvement in long-term average revenue, acceptance rate, and long-term average revenue-cost ratio, respectively.

A Scalable Byzantine Fault Tolerance Algorithm Based on a Tree Topology Network

The consortium chain is the main form of application of blockchain technology in the actual industry, and its consensus mechanism mostly adopts the practical Byzantine fault tolerance (PBFT) algorithm. The traditional PBFT algorithm is only suitable for small-scale local area networks, but in large-scale wide-area network environments, its scalability bottleneck has a serious impact on the performance of the system. Therefore, in this paper, a scalable Byzantine fault tolerance algorithm based on a tree topology network is proposed (STBFT), which can take different steps to reach consensus according to the abnormal situation of the system. First, the STBFT algorithm divides the consensus nodes into different layers and groups based on the tree topology network structure, which transforms from global consensus to local consensus and drastically reduces communication consumption. Then, the division method of the group is based on a verifiable random function (VRF), with the purpose of preventing targeted attacks and colluding Byzantine nodes from affecting the normal consensus of the system. Finally, a feedback mechanism is proposed for the first time to reduce the influence of Byzantine failure on hierarchical network systems. The simulation results show that the proposed algorithm reduces the communication complexity and improves the fault tolerance of the system, and the scalability of the tree topology network structure can be better applied in large-scale scenarios such as IoT and health care.

Research on the Identification of Internet Critical Nodes Based on Multilayer Network Modeling

The research goal of cyberspace security situational awareness analysis is to predict the future security development of the target network by acquiring, understanding, and displaying the security elements in the large-scale network environment. Current cyberspace security situational awareness systems are mostly based on traditional single-layer network topology to analyze the security of the target network's operational posture. However, as the scale of the network continues to expand, the network structure becomes more complex, and the information fusion in multiple fields in practical applications deepens, the single-layer topology model can no longer meet the analysis requirements. In this paper, we construct a multilayer network topology model for cyberspace security situational awareness by integrating multidimensional information in the physical device layer network, business application layer network, and user role layer network. Meanwhile, to eliminate the limitations of traditional node importance indicators, a node importance assessment indicator that integrates topological centrality and node dependency factor is proposed in conjunction with model characteristics: multilayer dependency CRITIC indicator ( MDCI ). On the one hand, MDCI fits a variety of evaluation metrics through the CRITIC multi-attribute decision method to comprehensively assess the importance of nodes in network centrality, and on the other hand, MDCI better aggregates the important contributions of nodes in each network layer based on node dependency factor to coordinate multilayer network information. The experimental results show that MDCI has better ordering monotonicity and generates more stable metric sequences, and can effectively cause large-scale failures in multilayer network while destroying fewer physical device components, which can be better adapted to the critical node identification needs of multilayer network.

Electricity Network Security Monitoring Based on Bee Colony Algorithm

In order to effectively detect and discover network threats in the initial stage, this study proposes an electricity network security intrusion detection method based on feature selection. A heuristic feature selection algorithm based on the bee colony algorithm is proposed to overcome the shortcomings of existing feature evaluation methods. The algorithm uses average mutual information to measure the importance of features and more truly reflects the relationship between the selected features, the selected features, and the classification labels. Aiming at the problem that the algorithm is easy to fall into local optimization, a heuristic random search algorithm is proposed, which iteratively optimizes to generate smaller feature subsets, and improves the speed and accuracy of intrusion detection. The experimental results show that compared with the traditional algorithm, the proposed method can effectively evaluate the risk of attack path on the selected experimental data set, and the gap between the generation strategy and the optimal strategy is reduced by 71.3%, which enhances the practicability of the attack graph analysis method in a large-scale network environment. Conclusion. This method has good scalability and can be applied to large-scale network environments. It can effectively obtain attack paths that are more in line with the real threat situation in an acceptable time, so as to effectively find the network threats.

A Detection Method Against DNS Cache Poisoning Attacks using Machine Learning Techniques

In this paper, we offer a machine learning-based enhanced detection strategy for DNS cache poisoning attacks. In addition to the standard DNS packet's five basic tuples, we plan to include numerous specific features that were extracted based on The heuristic components, such as the common DNS protocols "trigger," "time related features," and "GeoIP related features" of DNS cached data," etc.[1] By mapping IP and domain name, DNS's principal job is to lead users to the right computers, programmes, and data. Due to some DNS security weaknesses, attackers frequently use DNS-based malware, DNS-amplification, false-positive triggering, DNS tunnelling, etc. as a means of attack.[2] The upcoming effort comprises training with DNS traffic data and evaluations in both a small-scale experimental network and a large-scale real network environment.

Root Cause Analysis of Anomalies Based on Graph Convolutional Neural Network

With the gradual increase of network complexity and network scale in the cloud environment, Root Cause Analysis (RCA) of node failures has become a systematic problem of great research significance. This paper proposes Graph-Attention-Sage (GASage) algorithm, which is a fault RCA algorithm and scheme. The algorithm solves the RCA by incorporating TOPK sampling and Attention-Aggregation with GraphSage algorithm in large-scale and complex microservice network environment. The GASage algorithm is based on graph convolutional neural network and graph attention mechanism, which profoundly combines the characteristics of network fault RCA problems. TOPK sampling mechanism is applied in GASage to select the neighboring nodes with the top [Formula: see text] highest correlation as the objectives to be aggregated. GASage adopts an attention mechanism when aggregated, which aggregates the features of the central node according to the weights of the adjacent nodes and the central node. The weight aggregation method can greatly improve the node representation effect in the RCA scenario. The empirical results of our experiments have demonstrated that the model learned with GASage can outperform other model with the same learning framework and achieves more than 10% improvement in precision.

AdaBoost Algorithm in Trustworthy Network for Anomaly Intrusion Detection

Abstract Boosting is an ensemble learning method that combines a set of weak learners into a strong learner to minimize training errors. AdaBoost algorithm, as a typical boosting algorithm, transforms weak learners or predictors to strong predictors in order to solve problems of classification. With remarkable usability and effectiveness, AdaBoost algorithm has been widely used in many fields, such as face recognition, speech enhancement, natural language processing, and network intrusion detection. In the large-scale enterprise network environment, more and more companies have begun to build trustworthy networks to effectively defend against hacker attacks. However, since trustworthy networks use trusted flags to verify the legitimacy of network requests, it cannot effectively identify abnormal behaviors in network data packets. This paper applies Adaboost algorithm in trustworthy network for anomaly intrusion detection to improve the defense capability against network attacks. This method uses a simple decision tree as the base weak learner, and uses AdaBoost algorithm to combine multiple weak learners into a strong learner by re-weighting the samples. This paper uses the real data of trustworthy network for experimental verification. The experimental results show that the average precision of network anomaly detection method based on AdaBoost algorithm is more than 0.999, indicating that it has a significant detection effect on abnormal network attacks and normal network access. Therefore, the proposed method can effectively improve the security of trustworthy networks.

Large-Scale Emulation Network Topology Partition Based on Community Detection With the Weight of Vertex Similarity

Abstract Due to the limitations of physical resources, if a large-scale emulation network environment composed of millions of vertices and edges is constructed by virtualization technology, the whole network topology should be partitioned into a set of subnets. The topology partition is a work of graph partition. The existing topology partition methods have shortcomings, such as low efficiency and poor practicability, especially for large-scale network topology. The emulation network is a kind of complex network and has the characteristics of community structure. Therefore, we proposed LENTP (large-scale emulation network topology partition) based on the community detection with the weight of the vertex similarity for large-scale topology partition. In the first stage, the tree-structured area compression reduces the topology scales significantly to improve partition efficiency. And then, the improved Louvain algorithm is used to topology partitioning and obtain an initial set of subnets with the minimum number of subnets and remote links. Finally, after repartitioning and merging for the initial subnets, the result of subnets is the final topology partition that reaches the optimization objectives with the conditions of the virtual resources. In the experiment, the method is tested in five groups of network topology with different scales. The results demonstrate that LENTP can partition the network topology over 1 000 000 nodes and significantly improve the running-time efficiency of the network topology partition.

Prediction of Computer Network Security Situation Based on Association Rules Mining

Traditional NSSA (network security situational awareness) systems have significant equipment limitations, poor data fusion capabilities, and a low level of analysis and evaluation, making them difficult to adapt to large-scale and complex network environments. This paper proposes the study of computer NSS (network security situation) prediction technology based on AR (association rules) mining to solve this problem. The support-confidence framework is improved by introducing an interest evaluation standard, and the value of AR is re-evaluated, based on a discussion of traditional concepts and algorithms related to AR mining. The MFP-interest algorithm proposed in this paper is a combination of alarm AR template and interest degree. The MFP-interest algorithm was put to the test. We discovered that the MFP-interest algorithm can effectively predict NSS and indicate its development trend when run in a real-world network environment. Most time points have a relative error range of less than 0.035.

Intelligent Resource Allocations for Software-Defined Mission-Critical IoT燬ervices

Heterogeneous Internet of Things (IoT) applications generate a diversity of novelty applications and services in next-generation networks (NGN), which is essential to guarantee end-to-end (E2E) communication resources for both control plane (CP) and data plane (DP). Likewise, the heterogeneous 5th generation (5G) communication applications, including Mobile Broadband Communications (MBBC), massive Machine-Type Commutation (mMTC), and ultra-reliable low latency communications (URLLC), obligate to perform intelligent Quality-of-Service (QoS) Class Identifier (QCI), while the CP entities will be suffered from the complicated massive HIOT applications. Moreover, the existing management and orchestration (MANO) models are inappropriate for resource utilization and allocation in large-scale and complicated network environments. To cope with the issues mentioned above, this paper presents an adopted software-defined mobile edge computing (SDMEC) with a lightweight machine learning (ML) algorithm, namely support vector machine (SVM), to enable intelligent MANO for real-time and resource-constraints IoT applications which require lightweight computation models. Furthermore, the SVM algorithm plays an essential role in performing QCI classification. Moreover, the software-defined networking (SDN) controller allocates and configures priority resources according to the SVM classification outcomes. Thus, the complementary of SVM and SDMEC conducts intelligent resource MANO for massive QCI environments and meets the perspectives of mission-critical communication with resource constraint applications. Based on the E2E experimentation metrics, the proposed scheme shows remarkable outperformance in key performance indicator (KPI) QoS, including communication reliability, latency, and communication throughput over the various powerful reference methods.

A GAN and Feature Selection-Based Oversampling Technique for Intrusion Detection

In recent years, there have been numerous cyber security issues that have caused considerable damage to the society. The development of efficient and reliable Intrusion Detection Systems (IDSs) is an effective countermeasure against the growing cyber threats. In modern high-bandwidth, large-scale network environments, traditional IDSs suffer from a high rate of missed and false alarms. Researchers have introduced machine learning techniques into intrusion detection with good results. However, due to the scarcity of attack data, such methods’ training sets are usually unbalanced, affecting the analysis performance. In this paper, we survey and analyze the design principles and shortcomings of existing oversampling methods. Based on the findings, we take the perspective of imbalance and high dimensionality of datasets in the field of intrusion detection and propose an oversampling technique based on Generative Adversarial Networks (GAN) and feature selection. Specifically, we model the complex high-dimensional distribution of attacks based on Gradient Penalty Wasserstein GAN (WGAN-GP) to generate additional attack samples. We then select a subset of features representing the entire dataset based on analysis of variance, ultimately generating a rebalanced low-dimensional dataset for machine learning training. To evaluate the effectiveness of our proposal, we conducted experiments based on the NSL-KDD, UNSW-NB15, and CICIDS-2017 datasets. The experimental results show that our method can effectively improve the detection performance of machine learning models and outperform the baselines.