Optimization of network traffic anomaly detection using machine learning

In this paper, to optimize the process of detecting cyber-attacks, we choose to propose 2 main optimization solutions: Optimizing the detection method and optimizing features. Both of these two optimization solutions are to ensure the aim is to increase accuracy and reduce the time for analysis and detection. Accordingly, for the detection method, we recommend using the Random Forest supervised classification algorithm. The experimental results in section 4.1 have proven that our proposal that use the Random Forest algorithm for abnormal behavior detection is completely correct because the results of this algorithm are much better than some other detection algorithms on all measures. For the feature optimization solution, we propose to use some data dimensional reduction techniques such as information gain, principal component analysis, and correlation coefficient method. The results of the research proposed in our paper have proven that to optimize the cyber-attack detection process, it is not necessary to use advanced algorithms with complex and cumbersome computational requirements, it must depend on the monitoring data for selecting the reasonable feature extraction and optimization algorithm as well as the appropriate attack classification and detection algorithms.

Download Full-text

RESILIENT FLOCKING CONTROL FOR CONNECTED AND AUTOMATED VEHICLES WITH CYBER-ATTACK THREATS

ASME Letters in Dynamic Systems and Control ◽

10.1115/1.4050123 ◽

2021 ◽

pp. 1-7

Author(s):

Fengchen Wang ◽

Yan Chen

Keyword(s):

Detection Method ◽

Tracking Error ◽

Attack Detection ◽

Cyber Attacks ◽

Vehicle Tracking ◽

Cyber Attack ◽

Dynamics Model ◽

Automated Vehicles ◽

Tracking Errors ◽

Error Dynamics

Abstract To improve the cybersecurity of flocking control for connected and automated vehicles (CAVs), this paper proposes a novel resilient flocking control by specifically considering cyber-attack threats on vehicle tracking errors. Using the vehicle tracking error dynamics model, a dual extended Kalman filter (DEKF) is applied to detect cyber-attacks as an unknown constant on vehicle tracking information with noise rejections. To handle the coupling effects between tracking errors and cyber-attacks, the proposed DEKF consists of a tracking error filter and a cyber-attack filter, which are utilized to conduct the prediction and correction of tracking errors alternatively. Whenever an abnormal tracking error is detected, an observer-based resilient flocking control is enabled. Demonstrated by simulation results, the proposed cyber-attack detection method and resilient flocking control design can successfully achieve and maintain the flocking control of multi-CAV systems by rejecting certain cyber-attack threats.

Download Full-text

Optimizing Network Anomaly Detection Based on Network Traffic

International Journal of Emerging Technology and Advanced Engineering ◽

10.46338/ijetae1121_07 ◽

2021 ◽

Vol 11 (11) ◽

pp. 53-60

Author(s):

Vu Ngoc Son ◽

Keyword(s):

Network Traffic ◽

Processing Time ◽

Principal Component ◽

Attack Detection ◽

Cyber Attacks ◽

Machine Learning Algorithms ◽

Cyber Attack ◽

Feature Dimension ◽

Network Anomaly Detection ◽

Traffic Anomaly

Cyber-attack is a very hot topic today. Nowadays, systems must always be connected to the internet, and network infrastructure keeps growing in both scale and complexity. Therefore, the problem of detecting and warning cyber-attacks is now very urgent. To improve the effectiveness of detecting cyber-attacks, many methods and techniques were applied. In this paper, we propose to apply two methods of optimizing cyber-attack detection based on the IDS 2018 dataset using Principal Component Analysis (PCA) and machine learning algorithms. In the experimental section, we compare and evaluate the efficiency of the algorithm through 2 parameters: detection and processing time, and the accuracy of the algorithm. The experimental results show that the model using optimized features has brought an apparent and better effect than models that have not reduced the feature dimension. Keywords— PCA; Network traffic; Anomaly; Cyberattack detection.

Download Full-text

Examination of Abnormal Behavior Detection Based on Improved YOLOv3

Electronics ◽

10.3390/electronics10020197 ◽

2021 ◽

Vol 10 (2) ◽

pp. 197

Author(s):

Meng-ting Fang ◽

Zhong-ju Chen ◽

Krzysztof Przystupa ◽

Tao Li ◽

Michal Majka ◽

...

Keyword(s):

Detection Method ◽

Abnormal Behavior ◽

Detection Accuracy ◽

Average Precision ◽

Research Results ◽

Behavior Detection ◽

Abnormal Behavior Detection ◽

The Mean ◽

Examination Room ◽

Detection Speed

Examination is a way to select talents, and a perfect invigilation strategy can improve the fairness of the examination. To realize the automatic detection of abnormal behavior in the examination room, the method based on the improved YOLOv3 (The third version of the You Only Look Once algorithm) algorithm is proposed. The YOLOv3 algorithm is improved by using the K-Means algorithm, GIoUloss, focal loss, and Darknet32. In addition, the frame-alternate dual-thread method is used to optimize the detection process. The research results show that the improved YOLOv3 algorithm can improve both the detection accuracy and detection speed. The frame-alternate dual-thread method can greatly increase the detection speed. The mean Average Precision (mAP) of the improved YOLOv3 algorithm on the test set reached 88.53%, and the detection speed reached 42 Frames Per Second (FPS) in the frame-alternate dual-thread detection method. The research results provide a certain reference for automated invigilation.

Download Full-text

OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2016.928 ◽

2016 ◽

Vol 8 (3) ◽

pp. 327-333 ◽

Cited By ~ 3

Author(s):

Rimas Ciplinskas ◽

Nerijus Paulauskas

Keyword(s):

Anomaly Detection ◽

Network Flow ◽

Detection Method ◽

Attack Detection ◽

Detection Methods ◽

Cyber Attack ◽

Normal Network ◽

New Type ◽

Flow Detection ◽

F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

Download Full-text

Network attack detection method for power system terminal based on improved random forest

10.1145/3469213.3470286 ◽

2021 ◽

Author(s):

Tong Yu ◽

Ming Xie ◽

Xin Li ◽

Ying Ling ◽

Dongmei Bin ◽

...

Keyword(s):

Random Forest ◽

Power System ◽

Detection Method ◽

Attack Detection ◽

Network Attack

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch080 ◽

2021 ◽

pp. 1658-1671

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch013 ◽

2020 ◽

pp. 283-299 ◽

Cited By ~ 1

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Download Full-text

Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid

10.5772/intechopen.94093 ◽

2020 ◽

Author(s):

Mohammad Irshaad Oozeer ◽

Simon Haykin

Keyword(s):

Smart Grid ◽

Dynamic System ◽

State Estimation ◽

Attack Detection ◽

Cyber Attacks ◽

Data Detection ◽

Cyber Attack ◽

Bad Data Detection ◽

Cycle Basis ◽

Iterative Procedures

The work presented in this chapter is an extension of our previous research of bringing together the Cognitive Dynamic System (CDS) and the Smart Grid (SG) by focusing on AC state estimation and Cyber-Attack detection. Under the AC power flow model, state estimation is complex and computationally expensive as it relies on iterative procedures. On the other hand, the False Data Injection (FDI) attacks are a new category of cyber-attacks targeting the SG that can bypass the current bad data detection techniques in the SG. Due to the complexity of the nonlinear system involved, the amount of published works on AC based FDI attacks have been fewer compared to their DC counterpart. Here, we will demonstrate how the entropic state, which is the objective function of the CDS, can be used as a metric to monitor the grid’s health and detect FDI attacks. The CDS, acting as the supervisor of the system, improves the entropic state on a cycle to cycle basis by dynamically optimizing the state estimation process through the reconfiguration of the weights of the sensors in the network. In order to showcase performance of this new structure, computer simulations are carried out on the IEEE 14-bus system for optimal state estimation and FDI attack detection.

Download Full-text