Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers

The high need for information technology that can be accessed anywhere and anytime indirectly opens a big opportunity for irresponsible parties to attack and destroy the system. The server farm is one of the targets most hunted by attackers, intending to damage, and even retrieving victim data. One of the efforts to deal with this problem is to add server security by using honeypot. The existence of a honeypot is one of the efforts to prevent system hacking by creating a fake server to divert attackers access. In its application, the logs generated from the honeypot are only letters and numbers, making it difficult to analyze the logs. It became a problem it will being a lot of log data being processed. To make it easier for administrators in analyzing logs, a visualization system using the ELK Stack is proposed. Honeypot and ELK Stack integration can be a security system solution in detecting attacks while providing visualization to administrators. Five testing schemes were carried out to provide a comparative study between the low interaction honeypot Cowrie and Dionaea. Cowrie delivers a better performance detection system (real-time) compared to the detection system offered by Dionaea, and the average delay time is 3.75 seconds, while ELK managed to provide better monitoring results to administrators through its visualization.

Download Full-text

Visualization System for Water Levels and Environmental Conditions in the Flood Monitoring Information System

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k2441.0981119 ◽

2019 ◽

Vol 8 (11) ◽

pp. 2904-2907

Keyword(s):

Information System ◽

Information Systems ◽

Real Time ◽

Communication System ◽

Detection System ◽

Visualization System ◽

Detection Systems ◽

Flood Monitoring ◽

Flood Detection ◽

Monitoring Information

Flood disaster is a national disaster that takes a lot of victims and material for now. The government nationally implements short-term programs to anticipate disasters by supporting the various government and private institutions in developing disaster mitigation systems to reduce sustainable casualties. Based on this support, this research aims to develop a flood monitoring information system by implementing a real-time flood visualization system. System development is done by making two systems, namely hardware-based flood detection systems that are used as client systems and software-based flood monitoring information systems as servers. Flood detection systems are built using ultrasonic sensors, temperature sensors, rain sensors, Arduino microcontrollers, and Sim900A GSM modules. On the flood monitoring information system server using the Xampp component as a server application and Gammu as an SMS application. The communication system between the two systems uses the SMS Gateway communication system. The parameter values sent through the flood detection system will be visualized by the server in the form of animation and text. From the research, it was found that the flood detection system as a client has been able to send flood data, temperature, and rain conditions in real-time. And flood monitoring information systems have been able to capture data from client systems and store them in MySQL DBMS

Download Full-text

Pipeline Diagnostics With Ultrasonic Meters

Volume 3: Operations, Monitoring and Maintenance; Materials and Joining ◽

10.1115/ipc2016-64193 ◽

2016 ◽

Author(s):

Nicole Gailey ◽

Noman Rasool

Keyword(s):

Real Time ◽

Measurement Errors ◽

Flow Measurement ◽

Detection System ◽

Leak Detection ◽

The United States ◽

Time Data ◽

Critical System ◽

Detection Systems ◽

Transient Models

Canada and the United States have vast energy resources, supported by thousands of kilometers (miles) of pipeline infrastructure built and maintained each year. Whether the pipeline runs through remote territory or passing through local city centers, keeping commodities flowing safely is a critical part of day-to-day operation for any pipeline. Real-time leak detection systems have become a critical system that companies require in order to provide safe operations, protection of the environment and compliance with regulations. The function of a leak detection system is the ability to identify and confirm a leak event in a timely and precise manner. Flow measurement devices are a critical input into many leak detection systems and in order to ensure flow measurement accuracy, custody transfer grade liquid ultrasonic meters (as defined in API MPMS chapter 5.8) can be utilized to provide superior accuracy, performance and diagnostics. This paper presents a sample of real-time data collected from a field install base of over 245 custody transfer grade liquid ultrasonic meters currently being utilized in pipeline leak detection applications. The data helps to identify upstream instrumentation anomalies and illustrate the abilities of the utilization of diagnostics within the liquid ultrasonic meters to further improve current leak detection real time transient models (RTTM) and pipeline operational procedures. The paper discusses considerations addressed while evaluating data and understanding the importance of accuracy within the metering equipment utilized. It also elaborates on significant benefits associated with the utilization of the ultrasonic meter’s capabilities and the importance of diagnosing other pipeline issues and uncertainties outside of measurement errors.

Download Full-text

CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds

Research in Attacks, Intrusions, and Defenses - Lecture Notes in Computer Science ◽

10.1007/978-3-319-45719-2_6 ◽

2016 ◽

pp. 118-140 ◽

Cited By ~ 51

Author(s):

Tianwei Zhang ◽

Yinqian Zhang ◽

Ruby B. Lee

Keyword(s):

Real Time ◽

Detection System ◽

Attack Detection ◽

Side Channel ◽

Side Channel Attack

Download Full-text

Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture

Sensors ◽

10.3390/s20164372 ◽

2020 ◽

Vol 20 (16) ◽

pp. 4372 ◽

Cited By ~ 1

Author(s):

Yan Naung Soe ◽

Yaokai Feng ◽

Paulus Insap Santosa ◽

Rudy Hartanto ◽

Kouichi Sakurai

Keyword(s):

Machine Learning ◽

High Performance ◽

Detection System ◽

Rapid Development ◽

Attack Detection ◽

Cyber Attacks ◽

Detection Systems ◽

Iot Devices ◽

Artificial Neural Network Ann ◽

Feature Selection Approach

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

Download Full-text

Fusion of Feature Selection and Random Forest for an Anomaly-Based Intrusion Detection System

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2019.8332 ◽

2019 ◽

Vol 16 (8) ◽

pp. 3603-3607 ◽

Cited By ~ 1

Author(s):

Shraddha Khonde ◽

V. Ulagamuthalvi

Keyword(s):

Feature Selection ◽

Random Forest ◽

Intrusion Detection ◽

Real Time ◽

Intrusion Detection System ◽

New Technologies ◽

Detection System ◽

Sensitive Data ◽

Detection Systems ◽

New Type

Considering current network scenario hackers and intruders has become a big threat today. As new technologies are emerging fast, extensive use of these technologies and computers, what plays an important role is security. Most of the computers in network can be easily compromised with attacks. Big issue of concern is increase in new type of attack these days. Security to the sensitive data is very big threat to deal with, it need to consider as high priority issue which should be addressed immediately. Highly efficient Intrusion Detection Systems (IDS) are available now a days which detects various types of attacks on network. But we require the IDS which is intelligent enough to detect and analyze all type of new threats on the network. Maximum accuracy is expected by any of this intelligent intrusion detection system. An Intrusion Detection System can be hardware or software that analyze and monitors all activities of network to detect malicious activities happened inside the network. It also informs and helps administrator to deal with malicious packets, which if enters in network can harm more number of computers connected together. In our work we have implemented an intellectual IDS which helps administrator to analyze real time network traffic. IDS does it by classifying packets entering into the system as normal or malicious. This paper mainly focus on techniques used for feature selection to reduce number of features from KDD-99 dataset. This paper also explains algorithm used for classification i.e., Random Forest which works with forest of trees to classify real time packet as normal or malicious. Random forest makes use of ensembling techniques to give final output which is derived by combining output from number of trees used to create forest. Dataset which is used while performing experiments is KDD-99. This dataset is used to train all trees to get more accuracy with help of random forest. From results achieved we can observe that random forest algorithm gives more accuracy in distributed network with reduced false alarm rate.

Download Full-text

CARRADS: Cross layer based adaptive real-time routing attack detection system for MANETS

Computer Networks ◽

10.1016/j.comnet.2009.10.012 ◽

2010 ◽

Vol 54 (7) ◽

pp. 1126-1141 ◽

Cited By ~ 13

Author(s):

John Felix Charles Joseph ◽

Amitabha Das ◽

Bu-Sung Lee ◽

Boon-Chong Seet

Keyword(s):

Real Time ◽

Detection System ◽

Attack Detection ◽

Cross Layer ◽

Routing Attack

Download Full-text

CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.10.169183 ◽

2020 ◽

Vol 2 (10) ◽

pp. 169-183

Author(s):

Serhii Tolіupa ◽

Oleksandr Pliushch ◽

Ivan Parkhomenko

Keyword(s):

Neural Network ◽

Information Systems ◽

Detection System ◽

Attack Detection ◽

Cyber Attacks ◽

Network Structures ◽

Network Attack ◽

Detection Systems ◽

Protection Mechanisms ◽

Software Prototype

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

Download Full-text

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

Download Full-text

DNA Encoding for Misuse Intrusion Detection System based on UNSW-NB15 Data Set

Iraqi Journal of Science ◽

10.24996/ijs.2020.61.12.29 ◽

2020 ◽

pp. 3408-3416

Author(s):

Omar Fitian Rashid

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Attack Detection ◽

High Rate ◽

Dna Encoding ◽

Data Set ◽

Detection Rates ◽

Detection Systems ◽

Threat Environment

Recent researches showed that DNA encoding and pattern matching can be used for the intrusion-detection system (IDS), with results of high rate of attack detection. The evaluation of these intrusion detection systems is based on datasets that are generated decades ago. However, numerous studies outlined that these datasets neither inclusively reflect the network traffic, nor the modern low footprint attacks, and do not cover the current network threat environment. In this paper, a new DNA encoding for misuse IDS based on UNSW-NB15 dataset is proposed. The proposed system is performed by building a DNA encoding for all values of 49 attributes. Then attack keys (based on attack signatures) are extracted and, finally, Raita algorithm is applied to classify records, either attacks or normal, based on the extracted keys. The results of the current experiment showed that the proposed system achieved good detection rates for all of attacks, which included the Analysis, Backdoor, DoS, Exploits, Fuzzers, Generic, Reconnaissance, Shellcode, and Worms, with values of 82.56%, 92.68%, 75.59%, 75.42%, 67%, 99.28%, 81.02%, 73.6%, 85%, and 90.91%, respectively. The values of false alarm rate and accuracy were equal to 24% and 89.05%, respectively. Also, the execution time for the proposed system was found to be short, where the values of the encoding time and matching time for one record were 0.45 and 0.002 second, respectively.

Download Full-text

Design a Monitoring Device for Heart-Attack Early Detection Based on Respiration Rate and Body Temperature Parameters

Indonesian Journal of electronics, electromedical engineering, and medical informatics ◽

10.35882/ijeeemi.v3i3.5 ◽

2021 ◽

Vol 3 (3) ◽

pp. 114-120

Author(s):

Isna Fatimatuz Zahra ◽

I Dewa Gede Hari Wisana ◽

Priyambada Cahya Nugraha ◽

Hayder J Hassaballah

Keyword(s):

Body Temperature ◽

Real Time ◽

Respiration Rate ◽

Heart Attack ◽

Detection System ◽

Warning System ◽

Piezoelectric Sensor ◽

Attack Detection ◽

Sensor Data ◽

Frequency Module

Acute myocardial infarction, commonly referred to as a heart attack, is the most common cause of sudden death where a monitoring tool is needed that is equipped with a system that can notify doctors to take immediate action. The purpose of this study was to design a heart attack detection device through indicators of vital human signs. The contribution of this research is that the system works in real-time, has more parameters, uses wireless, and is equipped with a system to detect indications of a heart attack. In order for wireless monitoring to be carried out in real-time and supported by a detection system, this design uses a radio frequency module as data transmission and uses a warning system that is used for detection. Respiration rate was measured using the piezoelectric sensor, and body temperature was measured using the DS18B20 temperature sensor. Processing of sensor data is done with ESP32, which is displayed wirelessly by the HC-12 module on the PC. If an indication of a heart attack is detected in the parameter value, the tool will activate a notification on the PC. In every indication of a heart attack, it was found that this design can provide notification properly. The results showed that the largest respiratory error value was 4%, and the largest body temperature error value was 0.55%. The results of this study can be implemented in patients who have been diagnosed with heart attack disease so that it can facilitate monitoring the patient's condition.

Download Full-text