scholarly journals Characterizing Network Anomaly Traffic with Euclidean Distance-Based Multiscale Fuzzy Entropy

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Renjie Zhou ◽  
Xiao Wang ◽  
Jingjing Yang ◽  
Wei Zhang ◽  
Sanyuan Zhang
Keyword(s):  
Mobile Networks ◽  
Network Traffic ◽  
Euclidean Distance ◽  
Denial Of Service ◽  
Approximate Entropy ◽  
Fuzzy Entropy ◽  
Multiscale Entropy ◽  
Heaviside Function ◽  
Daily Lives ◽  
Network Administrators

The prosperity of mobile networks and social networks brings revolutionary conveniences to our daily lives. However, due to the complexity and fragility of the network environment, network attacks are becoming more and more serious. Characterization of network traffic is commonly used to model and detect network anomalies and finally to raise the cybersecurity awareness capability of network administrators. As a tool to characterize system running status, entropy-based time-series complexity measurement methods such as Multiscale Entropy (MSE), Composite Multiscale Entropy (CMSE), and Fuzzy Approximate Entropy (FuzzyEn) have been widely used in anomaly detection. However, the existing methods calculate the distance between vectors solely using the two most different elements of the two vectors. Furthermore, the similarity of vectors is calculated using the Heaviside function, which has a problem of bouncing between 0 and 1. The Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm was proposed to avoid the two disadvantages and to measure entropy values of system signals more precisely, accurately, and stably. In this paper, the EDM-Fuzzy is applied to analyze the characteristics of abnormal network traffic such as botnet network traffic and Distributed Denial of Service (DDoS) attack traffic. The experimental analysis shows that the EDM-Fuzzy entropy technology is able to characterize the differences between normal traffic and abnormal traffic. The EDM-Fuzzy entropy characteristics of ARP traffic discovered in this paper can be used to detect various types of network traffic anomalies including botnet and DDoS attacks.

scholarly journals Locomotion postural variability and coordination in boys with overweight

2021 ◽  
pp. 105971232110240
Author(s):  
Shahab Parvinpour ◽  
Marzie Balali ◽  
Mohsen Shafizadeh ◽  
Fatemeh Samimi Pazhuh ◽  
Michael Duncan ◽  
...  
Keyword(s):  
Body Mass ◽  
Movement Pattern ◽  
Approximate Entropy ◽  
Normal Weight ◽  
Multiscale Entropy ◽  
Body Movements ◽  
Straight Line ◽  
Straight Line Distance

The purpose of this study was to examine the variability and coordination of postural adaptations in normal weight children and those with overweight in running and hopping. Fifty-six boys between 7 and 10 years were classified into groups as overweight ( n = 33) or normal-weight ( n = 23). They performed two trials of running and hopping over a 20-m straight line distance. Accelerometers were attached on the trunk and head for collecting body movements in different directions from 15 strides. Postural variability and coordination were calculated by multiscale entropy and cross approximate entropy for the running and hopping trials, separately. Findings highlight overweight boys had significantly higher trunk-head coordination in mediolateral direction than normal-weight boys (0.72 vs. 0.68). The hopping movement pattern had highest variability (9.88 vs. 8.77) and trunk–head coordination (0.61 vs. 0.67) than running. Excess body mass demands additional postural adaptations to compensate for reducing the risk of losing balance laterally in boys with overweight.

Markov paths on the Poisson-Delaunay graph with applications to routeing in mobile networks

2000 ◽  
Vol 32 (01) ◽  
pp. 1-18 ◽  
Author(s):  
F. Baccelli ◽  
K. Tchoumatchenko ◽  
S. Zuyev
Keyword(s):  
Communication Networks ◽  
Mobile Networks ◽  
Path Length ◽  
Euclidean Distance ◽  
Voronoi Tessellation ◽  
Voronoi Cells ◽  
Ergodic Properties ◽  
Potential Applications ◽  
The Mean ◽  
Mobile Communication Networks

Consider the Delaunay graph and the Voronoi tessellation constructed with respect to a Poisson point process. The sequence of nuclei of the Voronoi cells that are crossed by a line defines a path on the Delaunay graph. We show that the evolution of this path is governed by a Markov chain. We study the ergodic properties of the chain and find its stationary distribution. As a corollary, we obtain the ratio of the mean path length to the Euclidean distance between the end points, and hence a bound for the mean asymptotic length of the shortest path. We apply these results to define a family of simple incremental algorithms for constructing short paths on the Delaunay graph and discuss potential applications to routeing in mobile communication networks.

scholarly journals Evaluation of Takagi-Sugeno-Kang fuzzy method in entropy-based detection of DDoS attacks

2018 ◽  
Vol 15 (1) ◽  
pp. 139-162 ◽  
Author(s):  
Miodrag Petkovic ◽  
Ilija Basicevic ◽  
Dragan Kukolj ◽  
Miroslav Popovic
Keyword(s):  
Network Traffic ◽  
Fuzzy System ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Sudden Change ◽  
Change Point Detection ◽  
Statistical Characteristics ◽  
Ddos Attacks ◽  
Detection Process ◽  
Takagi Sugeno

The detection of distributed denial of service (DDoS) attacks based on internet traffic anomalies is a method which is general in nature and can detect unknown or zero-day attacks. One of the statistical characteristics used for this purpose is network traffic entropy: a sudden change in entropy may indicate a DDoS attack. However, this approach often gives false positives, and this is the main obstacle to its wider deployment within network security equipment. In this paper, we propose a new, two-step method for detection of DDoS attacks. This method combines the approaches of network traffic entropy and the Takagi-Sugeno-Kang fuzzy system. In the first step, the detection process calculates the entropy distribution of the network packets. In the second step, the Takagi-Sugeno-Kang fuzzy system (TSK-FS) method is applied to these entropy values. The performance of the TSK-FS method is compared with that of the typically used approach, in which cumulative sum (CUSUM) change point detection is applied directly to entropy time series. The results show that the TSK-FS DDoS detector reaches enhanced sensitivity and robustness in the detection process, achieving a high true-positive detection rate and a very low false-positive rate. As it is based on entropy, this combined method retains its generality and is capable of detecting various types of attack.

Cluster-Based Countermeasures for DDoS Attacks

2016 ◽  
pp. 206-227
Author(s):  
Mohammad Jabed Morshed Chowdhury ◽  
Dileep Kumar G
Keyword(s):  
Unsupervised Learning ◽  
Network Traffic ◽  
Denial Of Service ◽  
Security Threats ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Real Progress ◽  
Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

scholarly journals Anomaly Detection in Distributed Denial of Service Attack using Map Reduce Improvised Counter Based Algorithm in Hadoop

2019 ◽  
Vol 8 (4) ◽  
pp. 4668-4671
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Map Reduce ◽  
Distributed Denial Of Service ◽  
Unusual Pattern ◽  
Denial Of Service Attack

A Distributed denial of Service attacks(DDoS) is one of the major threats in the cyber network and it attacks the computers flooded with the Users Data Gram packet. These types of attacks causes major problem in the network in the form of crashing the system with large volume of traffic to attack the victim and make the victim idle in which not responding the requests. To detect this DDOS attack traditional intrusion detection system is not suitable to handle huge volume of data. Hadoop is a frame work which handles huge volume of data and is used to process the data to find any malicious activity in the data. In this research paper anomaly detection technique is implemented in Map Reduce Algorithm which detects the unusual pattern of data in the network traffic. To design a proposed model, Map Reduce platform is used to hold the improvised algorithm which detects the (DDoS) attacks by filtering and sorting the network traffic and detects the unusual pattern from the network. Improvised Map reduce algorithm is implemented with Map Reduce functionalities at the stage of verifying the network IPS. This Proposed algorithm focuses on the UDP flooding attack using Anomaly based Intrusion detection system technique which detects kind of pattern and flow of packets in the node is more than the threshold and also identifies the source code causing UDP Flood Attack.

scholarly journals N-Gram, Semantic-Based Neural Network for Mobile Malware Network Traffic Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Huiwen Bai ◽  
Guangjie Liu ◽  
Weiwei Liu ◽  
Yingxue Quan ◽  
Shuhua Huang
Keyword(s):  
Neural Network ◽  
Mobile Networks ◽  
Network Traffic ◽  
Recurrent Network ◽  
Application Layer ◽  
Proposed Model ◽  
Mobile Malware ◽  
Series Of Experiments ◽  
N Gram ◽  
Traffic Detection

Mobile malware poses a great challenge to mobile devices and mobile communication. With the explosive growth of mobile networks, it is significant to detect mobile malware for mobile security. Since most mobile malware relies on the networks to coordinate operations, steal information, or launch attacks, evading network monitor is difficult for the mobile malware. In this paper, we present an N-gram, semantic-based neural modeling method to detect the network traffic generated by the mobile malware. In the proposed scheme, we segment the network traffic into flows and extract the application layer payload from each packet. Then, the generated flow payload data are converted into the text form as the input of the proposed model. Each flow text consists of several domains with 20 words. The proposed scheme models the domain representation using convolutional neural network with multiwidth kernels from each domain. Afterward, relationships of domains are adaptively encoded in flow representation using gated recurrent network and then the classification result is obtained from an attention layer. A series of experiments have been conducted to verify the effectiveness of our proposed scheme. In addition, to compare with the state-of-the-art methods, several comparative experiments also are conducted. The experiment results depict that our proposed scheme is better in terms of accuracy.

scholarly journals Improving the network traffic classification using the Packet Vision approach

2020 ◽  
Author(s):  
Rodrigo Moreira ◽  
Larissa Rodrigues ◽  
Pedro Rosa ◽  
Flávio Silva
Keyword(s):  
Mobile Networks ◽  
Network Traffic ◽  
State Of The Art ◽  
Security And Privacy ◽  
Network Services ◽  
Network Architectures ◽  
Traffic Classification ◽  
Raw Data ◽  
Network Traffic Classification ◽  
Application Aware

The network traffic classification allows improving the management, and the network services offer taking into account the kind of application. The future network architectures, mainly mobile networks, foresee intelligent mechanisms in their architectural frameworks to deliver application-aware network requirements. The potential of convolutional neural networks capabilities, widely exploited in several contexts, can be used in network traffic classification. Thus, it is necessary to develop methods based on the content of packets transforming it into a suitable input for CNN technologies. Hence, we implemented and evaluated the Packet Vision, a method capable of building images from packets raw-data, considering both header and payload. Our approach excels those found in state-of-the-art by delivering security and privacy by transforming the raw-data packet into images. Therefore, we built a dataset with four traffic classes evaluating the performance of three CNNs architectures: AlexNet, ResNet-18, and SqueezeNet. Experiments showcase the Packet Vision combined with CNNs applicability and suitability as a promising approach to deliver outstanding performance in classifying network traffic.

scholarly journals Quarantining Malicious IoT Devices in Intelligent Sliced Mobile Networks

Sensors ◽  
2020 ◽  
Vol 20 (18) ◽  
pp. 5054
Author(s):  
David Candal-Ventureira ◽  
Pablo Fondo-Ferreiro ◽  
Felipe Gil-Castiñeira ◽  
Francisco Javier González-Castaño
Keyword(s):  
Mobile Networks ◽  
Early Stage ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
5G Networks ◽  
Secondary Network ◽  
Attack Surface ◽  
Iot Devices ◽  
3Rd Generation Partnership Project ◽  
The Internet Of Things

The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of “smart” objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3GPP) is designing the different 5G releases specifically with IoT in mind. Nevertheless, from a security perspective this scenario is a potential nightmare: the attack surface becomes wider and many IoT nodes do not have enough resources to support advanced security protocols. In fact, security is rarely a priority in their design. Thus, including network-level mechanisms for preventing attacks from malware-infected IoT devices is mandatory to avert further damage. In this paper, we propose a novel Software-Defined Networking (SDN)-based architecture to identify suspicious nodes in 4G or 5G networks and redirect their traffic to a secondary network slice where traffic is analyzed in depth before allowing it reaching its destination. The architecture can be easily integrated in any existing deployment due to its interoperability. By following this approach, we can detect potential threats at an early stage and limit the damage by Distributed Denial of Service (DDoS) attacks originated in IoT devices.

Security Issues of Routing Protocols in MANETs

2012 ◽  
Vol 3 (2) ◽  
pp. 339-342
Author(s):  
Kaushal Gandhi ◽  
Rajneesh Narula ◽  
Sumeer Khullar ◽  
Anish Arora
Keyword(s):  
Ad Hoc Networks ◽  
Routing Protocols ◽  
Network Traffic ◽  
Ad Hoc ◽  
Denial Of Service ◽  
Secure Routing ◽  
Network Layer ◽  
Attack Patterns ◽  
Secure Routing Protocols ◽  
Hoc Networks

There are a number of routing protocols developed by researchers. Due to the nature of ad hoc networks, secure routing is an important area of research in developing secure routing protocols. Although researchers have proposed several secure routing protocols, their resistance towards various types of security attacks and efficiency are primary points of concern in implementing these protocols. This paper presents some of the available secure routing protocols and most common attack patterns against ad hoc networks. Routing protocols are subjected to case studies against the most commonly identified attack patterns such as: denial-of-service attack, tunneling, spoofing, black hole attack and wormhole attack etc. In MANET, the nodes also function as routers that discover and maintain routes to other nodes in the network. Establishing an optimal and efficient route between the communicating parties is the primary concern of the routing protocols of MANET. Any attack in routing phase may disrupt the overall communication and the entire network can be paralyzed. Thus, security in network layer plays an important role in the security of the whole network. A number of attacks in network layer have been identified and studied in security research. An attacker can absorb network traffic, inject themselves into the path between the source and destination and thus control the network traffic flow.

Comparison of Blind Diagnostic Indicators for Condition Monitoring of Wind Turbine Gearbox Bearings

2020 ◽  
Author(s):  
Junyu Qi ◽  
Alexandre Mauricio ◽  
Konstantinos Gryllias
Keyword(s):  
Wind Turbine ◽  
Condition Monitoring ◽  
Wind Turbines ◽  
Conditional Entropy ◽  
Approximate Entropy ◽  
Fuzzy Entropy ◽  
The Other ◽  
Permutation Entropy ◽  
Other Hand ◽  
Acceleration Sensors

Abstract Under the pressure of climate change, renewable energy gradually replaces fossil fuels and plays nowadays a significant role in energy production. Among different types of energy sources, wind power covered 14% of the EU’s electricity demand in 2018. The Operations and Maintenance (O&M) costs of wind turbines may easily reach up to 20–25% of the total leverised cost per kWh produced over the lifetime of the turbine for a new unit. According to Wood Mackenzie Power & Renewables (WMPR) onshore wind farm operators are expected to spend nearly $15 billion on O&M services in 2019. Manufacturers and operators try to reduce O&M on one hand by developing new turbine designs and on the other hand by adopting condition monitoring approaches. One of the most critical and rather complex assembly of wind turbines is the gearbox. Gearboxes are designed to last till the end of asset’s lifetime, according to the IEC 61400-4 standards. On the other hand, a recent study over approximately 350 offshore wind turbines indicated that gearboxes might have to be replaced as early as 6.5 years. Therefore a plethora of sensor types and signal processing methodologies have been proposed in order to accurately detect and diagnose the presence of a fault. Among others, Envelope Analysis is one of the most important methodologies, where an envelope of the vibration signal is estimated, usually after filtering around a selected frequency band excited by impacts due to the fault. Sometimes the gearbox is equipped with many acceleration sensors and its kinematics is clearly known. In these cases Cyclostationary Analysis and the corresponding methodologies, i.e. the Cyclic Spectral Correlation and the Cyclic Spectral Coherence, have been proposed as powerful tools. On the other hand often the gearbox is equipped with a limited number of sensors and a simple global diagnostic indicator is demanded, being capable to detect globally various faults of different components. The scope of this paper is the application and comparison of a number of blind global diagnostic indicators which are based on Entropy (Permutation entropy, Approximate entropy, Samples entropy, Fuzzy entropy, Conditional entropy and Wiener entropy), on Negentropy (Infogram), on Sparsity (Sparse-L2/L1, Sparse-L1/L0, Sparse-Gini index) and on Statistics (Mean, Standard deviation, Kurtosis, etc.). The performance of the indicators is evaluated and compared on a wind turbine data set, consisted of vibration data captured by one accelerometer mounted on six 2.5 MW wind turbines, located in a wind park in northern Sweden, where two different bearing faults have been filed, for one wind turbine, during a period of 46 months. Among the different diagnostic indicators Permutation entropy, Approximate entropy, Samples entropy, Fuzzy entropy, Conditional entropy and Wiener entropy achieve the best results detecting blindly the two failure events.

Sign in / Sign up

Export Citation Format

Share Document