Comparative Study between Big Data Analysis Techniques in Intrusion Detection

Cybersecurity ventures expect that cyber-attack damage costs will rise to $11.5 billion in 2019 and that a business will fall victim to a cyber-attack every 14 seconds. Notice here that the time frame for such an event is seconds. With petabytes of data generated each day, this is a challenging task for traditional intrusion detection systems (IDSs). Protecting sensitive information is a major concern for both businesses and governments. Therefore, the need for a real-time, large-scale and effective IDS is a must. In this work, we present a cloud-based, fault tolerant, scalable and distributed IDS that uses Apache Spark Structured Streaming and its Machine Learning library (MLlib) to detect intrusions in real-time. To demonstrate the efficacy and effectivity of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities. A decision tree algorithm is used to predict the nature of incoming data. For this task, the use of the MAWILab dataset as a data source will give better insights about the system capabilities against cyber-attacks. The experimental results showed a 99.95% accuracy and more than 55,175 events per second were processed by the proposed system on a small cluster.

Download Full-text

A Model-Based Real-Time Intrusion Detection System for Large Scale Heterogeneous Networks

10.21236/ada420824 ◽

2003 ◽

Cited By ~ 1

Author(s):

Richard A. Kemmer ◽

Giovanni Vigna

Keyword(s):

Intrusion Detection ◽

Real Time ◽

Heterogeneous Networks ◽

Intrusion Detection System ◽

Large Scale ◽

Detection System ◽

Model Based

Download Full-text

Single Chip Microcomputer Cluster Management

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.933.584 ◽

2014 ◽

Vol 933 ◽

pp. 584-589

Author(s):

Zhi Chun Zhang ◽

Song Wei Li ◽

Wei Ren Wang ◽

Wei Zhang ◽

Li Jun Qi

Keyword(s):

Real Time ◽

Management System ◽

Large Scale ◽

Fault Tolerant ◽

Single Chip ◽

Single Chip Microcomputer ◽

Cluster Management ◽

The Real ◽

Time Performance ◽

Operational Phase

This paper presents a system in which the cluster devices are controlled by single-chip microcomputers, with emphasis on the cluster management techniques of single-chip microcomputers. Each device in a cluster is controlled by a single-chip microcomputer collecting sample data sent to and driving the device by driving data received from the same cluster management computer through COMs. The cluster management system running on the cluster management computer carries out such control as initial SCM identification, run time slice management, communication resource utilization, fault tolerance and error corrections on single-chip microcomputers. Initial SCM identification is achieved by signal responses between the single-chip microcomputers and the cluster management computer. By using the port priority and the parallelization of serial communications, the systems real-time performance is maximized. The real-time performance can be adjusted and improved by increasing or decreasing COMs and the ports linked to each COM, and the real-time performance can also be raised by configuring more cluster management computers. Fault-tolerant control occurs in the initialization phase and the operational phase. In the initialization phase, the cluster management system incorporates unidentified single-chip microcomputers into the system based on the history information recorded on external storage media. In the operational phase, if an operation error of reading and writing on a single-chip microcomputer reaches a predetermined threshold, the single-chip microcomputer is regarded as serious fault or not existing. The cluster management system maintains accuracy maintenance database on external storage medium to solve nonlinear control of specific devices and accuracy maintenance due to wear. The cluster management system uses object-oriented method to design a unified driving framework in order to enable the implementation of the cluster management system simplified, standardized and easy to transplant. The system has been applied in a large-scale simulation system of 230 single-chip microcomputers, which proves that the system is reliable, real-time and easy to maintain.

Download Full-text

Enhanced Security In Cloud With Multi-Level Intrusion Detection System

International Journal of Computer and Communication Technology ◽

10.47893/ijcct.2015.1265 ◽

2015 ◽

pp. 9-12

Author(s):

M. KUZHALISAI ◽

G. GAYATHRI

Keyword(s):

Cloud Computing ◽

Intrusion Detection ◽

Large Scale ◽

Detection System ◽

Computing System ◽

Cyber Attacks ◽

Security Level ◽

Security Service ◽

Cloud Computing System ◽

System Resource

Cloud computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing Systems can be easily threatened by various cyber attacks, because most of Cloud computing system needs to contain some Intrusion Detection Systems (IDS) for protecting each Virtual Machine (VM) against threats. In this case, there exists a tradeoff between the security level of the IDS and the system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customers decreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyse them. In this paper, we propose a method that enables cloud computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them.

Download Full-text

A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things: Challenges, Solutions and Future Directions

Electronics ◽

10.3390/electronics9071177 ◽

2020 ◽

Vol 9 (7) ◽

pp. 1177

Author(s):

Javed Asharf ◽

Nour Moustafa ◽

Hasnat Khurshid ◽

Essam Debie ◽

Waqas Haider ◽

...

Keyword(s):

Deep Learning ◽

Internet Of Things ◽

Intrusion Detection ◽

Cyber Attacks ◽

The Internet ◽

Cyber Attack ◽

Control Approach ◽

Detection Systems ◽

Desktop Computers ◽

Iot Devices

The Internet of Things (IoT) is poised to impact several aspects of our lives with its fast proliferation in many areas such as wearable devices, smart sensors and home appliances. IoT devices are characterized by their connectivity, pervasiveness and limited processing capability. The number of IoT devices in the world is increasing rapidly and it is expected that there will be 50 billion devices connected to the Internet by the end of the year 2020. This explosion of IoT devices, which can be easily increased compared to desktop computers, has led to a spike in IoT-based cyber-attack incidents. To alleviate this challenge, there is a requirement to develop new techniques for detecting attacks initiated from compromised IoT devices. Machine and deep learning techniques are in this context the most appropriate detective control approach against attacks generated from IoT devices. This study aims to present a comprehensive review of IoT systems-related technologies, protocols, architecture and threats emerging from compromised IoT devices along with providing an overview of intrusion detection models. This work also covers the analysis of various machine learning and deep learning-based techniques suitable to detect IoT systems related to cyber-attacks.

Download Full-text

Experimental Demonstration of Hopfield Neural Network using DNA molecules

MRS Proceedings ◽

10.1557/opl.2011.868 ◽

2011 ◽

Vol 1346 ◽

Author(s):

Hayri E. Akin ◽

Dundar Karabay ◽

Allen P. Mills ◽

Cengiz S. Ozkan ◽

Mihrimah Ozkan

Keyword(s):

Neural Network ◽

Data Storage ◽

Large Scale ◽

Fault Tolerant ◽

Hamiltonian Path ◽

Hopfield Neural Network ◽

Dna Molecules ◽

Processing Power ◽

Dna Strands ◽

Molecular Reactions

ABSTRACTDNA Computing is a rapidly-developing interdisciplinary area which could benefit from more experimental results to solve problems with the current biological tools. In this study, we have integrated microelectronics and molecular biology techniques for showing the feasibility of Hopfield Neural Network using DNA molecules. Adleman’s seminal paper in 1994 showed that DNA strands using specific molecular reactions can be used to solve the Hamiltonian Path Problem. This accomplishment opened the way for possibilities of massively parallel processing power, remarkable energy efficiency and compact data storage ability with DNA. However, in various studies, small departures from the ideal selectivity of DNA hybridization lead to significant undesired pairings of strands and that leads to difficulties in schemes for implementing large Boolean functions using DNA. Therefore, these error prone reactions in the Boolean architecture of the first DNA computers will benefit from fault tolerance or error correction methods and these methods would be essential for large scale applications. In this study, we demonstrate the operation of six dimensional Hopfield associative memory storing various memories as an archetype fault tolerant neural network implemented using DNA molecular reactions. The response of the network suggests that the protocols could be scaled to a network of significantly larger dimensions. In addition the results are read on a Silicon CMOS platform exploiting the semiconductor processing knowledge for fast and accurate hybridization rates.

Download Full-text

Cybersecurity in Automotive: An Intrusion Detection System in Connected Vehicles

Electronics ◽

10.3390/electronics10151765 ◽

2021 ◽

Vol 10 (15) ◽

pp. 1765

Author(s):

Francesco Pascale ◽

Ennio Andrea Adinolfi ◽

Simone Coppola ◽

Emanuele Santonicola

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Cyber Attacks ◽

Connected Vehicles ◽

Area Network ◽

Automotive Sector ◽

Cyber Attack ◽

Data Set ◽

Evaluation Parameters

Today’s modern vehicles are connected to a network and are considered smart objects of IoT, thanks to the capability to send and receive data from the network. One of the greatest challenges in the automotive sector is to make the vehicle secure and reliable. In fact, there are more connected instruments on a vehicle, such as the infotainment system and/or data interchange systems. Indeed, with the advent of new paradigms, such as Smart City and Smart Road, the vision of Internet of Things has evolved substantially. Today, we talk about the V2X systems in which the vehicle is strongly connected with the rest of the world. In this scenario, the main aim of all connected vehicles vendors is to provide a secure system to guarantee the safety of the drive and persons against a possible cyber-attack. So, in this paper, an embedded Intrusion Detection System (IDS) for the automotive sector is introduced. It works by adopting a two-step algorithm that provides detection of a possible cyber-attack. In the first step, the methodology provides a filter of all the messages on the Controller Area Network (CAN-Bus) thanks to the use of a spatial and temporal analysis; if a set of messages are possibly malicious, these are analyzed by a Bayesian network, which gives the probability that a given event can be classified as an attack. To evaluate the efficiency and effectiveness of our method, an experimental campaign was conducted to evaluate them, according to the classic evaluation parameters for a test’s accuracy. These results were compared with a common data set on cyber-attacks present in the literature. The first experimental results, obtained in a test scenario, seem to be interesting. The results show that our method has good correspondence in the presence of the most common cyber-attacks (DDoS, Fuzzy, Impersonating), obtaining a good score relative to the classic evaluation parameters for a test’s accuracy. These results have decreased performance when we test the system on a Free State Attack.

Download Full-text

A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning

Frontiers in Public Health ◽

10.3389/fpubh.2021.824898 ◽

2022 ◽

Vol 9 ◽

Author(s):

M. Akshay Kumaar ◽

Duraimurugan Samiayya ◽

P. M. Durai Raj Vincent ◽

Kathiravan Srinivasan ◽

Chuan-Yu Chang ◽

...

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Detection System ◽

Healthcare Systems ◽

Cyber Attacks ◽

Optimization Techniques ◽

Machine Learning Algorithms ◽

Cyber Attack ◽

Network Intrusion ◽

Hybrid Framework

The unbounded increase in network traffic and user data has made it difficult for network intrusion detection systems to be abreast and perform well. Intrusion Systems are crucial in e-healthcare since the patients' medical records should be kept highly secure, confidential, and accurate. Any change in the actual patient data can lead to errors in the diagnosis and treatment. Most of the existing artificial intelligence-based systems are trained on outdated intrusion detection repositories, which can produce more false positives and require retraining the algorithm from scratch to support new attacks. These processes also make it challenging to secure patient records in medical systems as the intrusion detection mechanisms can become frequently obsolete. This paper proposes a hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data. The proposed framework uses multiple feature engineering processes, oversampling methods to improve class balance, and hyper-parameter optimization techniques to achieve high accuracy and performance. The architecture contains <1 million parameters, making it lightweight, fast, and IoT-friendly, suitable for deploying the IDS on medical devices and healthcare systems. The performance of ImmuneNet was benchmarked against several other machine learning algorithms on the Canadian Institute for Cybersecurity's Intrusion Detection System 2017, 2018, and Bell DNS 2021 datasets which contain extensive real-time and latest cyber attack data. Out of all the experiments, ImmuneNet performed the best on the CIC Bell DNS 2021 dataset with about 99.19% accuracy, 99.22% precision, 99.19% recall, and 99.2% ROC-AUC scores, which are comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.

Download Full-text

Techniques to Model and Derive a Cyber-Attacker’s Intelligence

Efficiency and Scalability Methods for Computational Intellect ◽

10.4018/978-1-4666-3942-3.ch008 ◽

2013 ◽

pp. 162-180 ◽

Cited By ~ 3

Author(s):

Peter J. Hawrylak ◽

Chris Hartney ◽

Michael Haney ◽

Jonathan Hamm ◽

John Hale

Keyword(s):

Intrusion Detection ◽

Attack Detection ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Cyber Attack ◽

Computationally Efficient ◽

Attack Graph ◽

Detection Systems ◽

Specialized Hardware ◽

Time Required

Identifying the level of intelligence of a cyber-attacker is critical to detecting cyber-attacks and determining the next targets or steps of the adversary. This chapter explores intrusion detection systems (IDSs) which are the traditional tool for cyber-attack detection, and attack graphs which are a formalism used to model cyber-attacks. The time required to detect an attack can be reduced by classifying the attacker’s knowledge about the system to determine the traces or signatures for the IDS to look for in the audit logs. The adversary’s knowledge of the system can then be used to identify their most likely next steps from the attack graph. A computationally efficient technique to compute the likelihood and impact of each step of an attack is presented. The chapter concludes with a discussion describing the next steps for implementation of these processes in specialized hardware to achieve real-time attack detection.

Download Full-text

Hierarchical Multi-Stage Cyber Attack Scenario Modeling Based on G&E Model for Cyber Risk Simulation Analysis

Applied Sciences ◽

10.3390/app10041426 ◽

2020 ◽

Vol 10 (4) ◽

pp. 1426

Author(s):

Myung Kil Ahn ◽

Yong Hyun Kim ◽

Jung-Ryun Lee

Keyword(s):

Large Scale ◽

Simulation Analysis ◽

Cyber Attacks ◽

Cyber Attack ◽

Scenario Modeling ◽

Course Of Action ◽

Multi Stage ◽

Attack Scenario ◽

Analysis System ◽

Large Scale Networks

With the advancement in cyber-defense capabilities, cyber attacks have continued to evolve like living creatures to breach security. Assuming the possibility of various enemy attacks, it is necessary to select an appropriate course of action by proactively analyzing and predicting the consequences of a particular security event. Cyber attacks, especially in large-scale military network environments, have a fatal effect on security; therefore, various experiments and analyses must be conducted to establish the necessary preparations. Herein, we propose a hierarchical multi-stage cyber attack scenario modeling based on the goal and effect (G&E) model and analysis system, which enables expression of various goals of attack and damage effects without being limited to specific type. The proposed method is applicable to large-scale networks and can be utilized in various scenario-based cyber combat experiments.

Download Full-text