Hybrid Internal Anomaly Detection System for IoT: Reactive Nodes with Cross-Layer Operation

We present a hybrid internal anomaly detection system that shares detection tasks between router and nodes. It allows nodes to react instinctively against the anomaly node by enforcing temporary communication ban on it. Each node monitors its own neighbors and if abnormal behavior is detected, the node blocks the packets of the anomaly node at link layer and reports the incident to its parent node. A novel RPL control message, Distress Propagation Object (DPO), is formulated and used for reporting the anomaly and network activities to the parent node and subsequently to the router. The system has configurable profile settings and is able to learn and differentiate between the nodes normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases that are distributed in both the nodes and router, which act on data link and network layers. The system uses network fingerprinting to be aware of changes in network topology and approximate threat locations without any assistance from a positioning subsystem. The developed system was evaluated using test-bed consisting of Zolertia nodes and in-house developed PandaBoard based gateway as well as emulation environment of Cooja. The evaluation revealed that the system has low energy consumption overhead and fast response. The system occupies 3.3 KB of ROM and 0.86 KB of RAM for its operations. Security analysis confirms nodes reaction against abnormal nodes and successful detection of packet flooding, selective forwarding, and clone attacks. The system’s false positive rate evaluation demonstrates that the proposed system exhibited 5% to 10% lower false positive rate compared to simple detection system.

Download Full-text

Security Analysis of the TSN Backbone Architecture and Anomaly Detection System Design Based on IEEE 802.1Qci

Security and Communication Networks ◽

10.1155/2021/6902138 ◽

2021 ◽

Vol 2021 ◽

pp. 1-17

Author(s):

Feng Luo ◽

Bowen Wang ◽

Zihao Fang ◽

Zhenyu Yang ◽

Yifan Jiang

Keyword(s):

Anomaly Detection ◽

Detection System ◽

Denial Of Service ◽

Security Analysis ◽

Security Protocol ◽

Abnormal Behavior ◽

Network Architectures ◽

Security Mechanism ◽

Protection Technology ◽

Anomaly Detection System

With the development of intelligent and connected vehicles, onboard Ethernet will play an important role in the next generation of vehicle network architectures. It is well established that accurate timing and guaranteed data delivery are critical in the automotive environment. The time-sensitive network (TSN) protocol can precisely guarantee the time certainty of the key signals of automotive Ethernet. With the time-sensitive network based on automotive Ethernet being standardized by the TSN working group, the TSN has already entered the vision of the automotive network. However, the security mechanism of the TSN protocol is rarely discussed. First, the security of the TSN automotive Ethernet as a backbone E/E (electrical/electronic) architecture is analyzed in this paper through the Microsoft STRIDE threat model, and possible countermeasures for the security of automotive TSNs are listed, including the security protocol defined in the TSN, so that the TSN security protocol and the traditional protection technology can form a complete automotive Ethernet protection system. Then, the security mechanism per-stream filtering and policing (PSFP) defined in IEEE 802.1Qci is analyzed in detail, and an anomaly detection system based on PSFP is proposed in this paper. Finally, OMNeT++ is used to simulate a real TSN topology to evaluate the performance of the proposed anomaly detection system (ADS). As a result, the protection strategy based on 802.1Qci not only ensures the real-time performance of the TSN but can also isolate individuals with abnormal behavior and block DoS (denial of service) attacks, thus attaining the security protection of the TSN vehicle-based network.

Download Full-text

The Study of the Ontology and Context Verification Based Intrusion Detection Model

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.3338 ◽

2014 ◽

Vol 644-650 ◽

pp. 3338-3341 ◽

Cited By ~ 1

Author(s):

Guang Feng Guo

Keyword(s):

Intrusion Detection ◽

Knowledge Base ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

False Positives ◽

The Real ◽

Detection Model ◽

Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Download Full-text

Soft Computing‐Based Intrusion Detection System With Reduced False Positive Rate

Design and Analysis of Security Protocol for Communication ◽

10.1002/9781119555759.ch5 ◽

2020 ◽

pp. 109-139

Author(s):

Dharmendra G. Bhatti ◽

Paresh V. Virparia

Keyword(s):

Intrusion Detection ◽

Soft Computing ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Positive Rate

Download Full-text

Autonomous Anomaly Detection System for Crime Monitoring

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2019.8301 ◽

2019 ◽

Vol 16 (8) ◽

pp. 3410-3418

Author(s):

Muhammed Shuaau ◽

Ka Fei Thang

Keyword(s):

Anomaly Detection ◽

Trajectory Analysis ◽

Detection System ◽

False Positive Rate ◽

Gaussian Mixture Models ◽

Gaussian Mixture ◽

Asia Pacific ◽

Detection Accuracy ◽

Positive Rate ◽

Reception Area

Autonomous anomaly detection has attracted significant amount of attention in the past decade due to increased security concerns all around the world. The volume of data reported by surveillance cameras has outrun human capacity and there exists a greater need for anomaly detection systems for crime monitoring. This project proposes a solution to this problem in a reception area context by using trajectory analysis. Trajectory extraction is proposed by using Gaussian Mixture Models and Kalman Filter for data association. Then trajectory analysis is performed on extracted trajectories to detect four different anomalies which are entering staff area, running, loitering and squatting down. The proposed anomaly detection method is tested on datasets recorded at Asia Pacific University’s reception area. The proposed algorithms were able to achieve a detection accuracy of 89% and a false positive rate of 4.52%. The results presented show the effectiveness of the proposed method.

Download Full-text

A robust method to authenticate car license plates using segmentation and ROI based approach

Smart and Sustainable Built Environment ◽

10.1108/sasbe-07-2019-0083 ◽

2019 ◽

Vol 9 (4) ◽

pp. 737-747 ◽

Cited By ~ 7

Author(s):

Akarsh Aggarwal ◽

Anuj Rani ◽

Manoj Kumar

Keyword(s):

False Positive ◽

Detection Rate ◽

Performance Metrics ◽

Detection System ◽

False Positive Rate ◽

Input Image ◽

License Plate ◽

Phase Detection ◽

Content Type ◽

Positive Rate

Purpose The purpose of this paper is to explore the challenges faced by the automatic recognition systems over the conventional systems by implementing a novel approach for detecting and recognizing the vehicle license plates in order to increase the security of the vehicles. This will also increase the societal discipline among vehicle users. Design/methodology/approach From a methodological point of view, the proposed system works in three phases which includes the pre-processing of the input image from the database, applying segmentation to the processed image, and finally extracting and recognizing the image of the license plate. Findings The proposed paper provides an analysis that demonstrates the correctness of the algorithm to correctly capture the license plate using performance metrics such as detection rate and false positive rate. The obtained results demonstrate that the proposed algorithm detects vehicle license plates and provides detection rate of 93.34 percent with false positive rate of 6.65 percent. Research limitations/implications The proposed license plate detection system eliminates the need of manually used systems for managing the traffic by installing the toll-booths on freeways and bridges. The design implemented in this paper attempts to capture the license plate by using three phase detection process that helps to increase the level of security and contribute in making a sustainable city. Originality/value This paper presents a distinctive approach to detect the license plate of the vehicles using the various image processing techniques such as dilation, grey-scale conversion, edge processing, etc. and finding the region of interest of the segmented image to capture the license plate of the vehicles.

Download Full-text

Detection of Cyber-Attack in Broad-Scale Smart Grids using Deep and Scalable Unsupervised Machine Learning System

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.j7543.0891020 ◽

2020 ◽

Vol 9 (10) ◽

pp. 335-344

Keyword(s):

Anomaly Detection ◽

Power Distribution ◽

Smart Grids ◽

Detection System ◽

False Positive Rate ◽

True Positive Rate ◽

Statistical Correlation ◽

Learning System ◽

Cyber Attack ◽

Positive Rate

The increase in the reliability, efficiency and security of the electrical grids was credited to the innovation of the smart grid. It is also a fact that the smart grids a very dependable on the digital communication technology that in turn gives rise to undiscovered weaknesses which have to be reconsidered for dependable and coherent power distribution. In this paper, we propose an unsupervised anomaly detection which is mainly focused the statistical correlation among the data. The main aim is to create a scalable anomaly detection system suitable for huge-scale smart grids, which are capable to denote a difference between a real fault from a disruption and an intelligent cyber-attack. We have presented a methodology that applies the concept of attribute extraction by the use of Symbolic Dynamic Filtering (SDF) to decrease compilation drift whilst uncovering usual interactions among subsystems. Results of simulation obtained on IEEE 39, 118 and 2848 bus systems confirm the execution of the method, proposed in this paper, under various working conditions. The results depict a precision of almost 99 percent, along with 98 percent of true positive rate and less than 2 percent of false positive rate.

Download Full-text

Support Based Graph Framework for Effective Intrusion Detection and Classification

10.21203/rs.3.rs-1035364/v1 ◽

2021 ◽

Author(s):

Rahul B Adhao ◽

Vinod K Pachghare

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Krill Herd ◽

Positive Rate ◽

Time Accuracy

Abstract Intrusion Detection System is one of the worthwhile areas for researchers for a long. Numbers of researchers have worked for increasing the efficiency of Intrusion Detection Systems. But still, many challenges are present in modern Intrusion Detection Systems. One of the major challenges is controlling the false positive rate. In this paper, we have presented an efficient soft computing framework for the classification of intrusion detection dataset to diminish a false positive rate. The proposed processing steps are described as; the input data is at first pre-processed by the normalization process. Afterward, optimal features are chosen for the dimensionality decrease utilizing krill herd optimization. Here, the effective feature assortment is utilized to enhance classification accuracy. Support value is then estimated from ideally chosen features and lastly, a support value-based graph is created for the powerful classification of data into intrusion or normal. The exploratory outcomes demonstrate that the presented technique outperforms the existing techniques regarding different performance examinations like execution time, accuracy, false-positive rate, and their intrusion detection model increases the detection rate and decreases the false rate.

Download Full-text

A Reliable Intrusion Detection System in Wide Area Networks against the assault of DDOS

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.j9199.0881019 ◽

2019 ◽

Vol 8 (10) ◽

pp. 1810-1817

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Denial Of Service ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Positive Rate ◽

Enormous Number ◽

Real Test

The real test with the present Web Intrusion Detection Systems is an enormous number of alarms are produced by the customary instruments and strategies where the greater part of them are false positive and less huge. It is hard for the web organize executive or approved client to audit each alarm that is produced by customary IDS apparatus on a bustling constant LAN or WAN condition. Thus, numerous MIM assaults might be undetected, which can make serious harm the system frameworks. Fundamentally, customary location models create countless interruption designs which produce high false positive rate. Because of countless interruption designs, a great deal of time is required for discovery of interruptions on correspondence arrange which antagonistically influences the productivity of the Intrusion Detection Systems. In this paper we proposed a half breed approaches for distinguishing different DDoS (Distributed Denial of Service) assaults in WAN. We directed an inexhaustible study on this works, from which we finished up how we move further on our work.

Download Full-text

Minimize the False Positive Rate in a Database Intrusion Detection System

International Journal of Computer Science and Information Technology ◽

10.5121/ijcsit.2011.3503 ◽

2011 ◽

Vol 3 (5) ◽

pp. 29-38 ◽

Cited By ~ 2

Author(s):

Rezk ◽

H Ali ◽

El Mikkawy ◽

Barakat

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Positive Rate ◽

Database Intrusion Detection

Download Full-text

Evaluation Of Efficiency For Intrusion Detection System Using Gini Index C5 Algorithm

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8593.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 2196-2200 ◽

Cited By ~ 1

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Intrusion Detection System ◽

Gini Index ◽

Detection System ◽

False Positive Rate ◽

Principal Component ◽

Statistical Technique ◽

Data Mining Technique ◽

Positive Rate

Security is the critical part in the computers and the networks which connect the computers each other’s through network for communication or exchange the data. It is a wide complex to secure the data while transmitting the data between the system/networks. The intrusion detection is a mechanism to protect the data. There are various existing mechanisms for intrusion detection namely neural network, data mining technique, fuzzy logic, statistical technique etc. In this paper, Principal Component Analysis is applied to reduce the features and Gini index C5 algorithm is used to investigate and evaluate the efficiency and false positive rate. The benchmark KDD dataset is used to evaluate the efficiency and minimize the false positive rate using Gini index C5 algorithm and compare with other algorithm which shows significant improvement and to experiment the KDD Dataset to improve the efficiency and minimize the false positive rate using MATLAB software and demonstrated with the KDD dataset

Download Full-text