Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection

Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.

Download Full-text

A Deep Learning-Based Classification Scheme for False Data Injection Attack Detection in Power System

Electronics ◽

10.3390/electronics10121459 ◽

2021 ◽

Vol 10 (12) ◽

pp. 1459

Author(s):

Yucheng Ding ◽

Kang Ma ◽

Tianjiao Pu ◽

Xinying Wang ◽

Ran Li ◽

...

Keyword(s):

Deep Learning ◽

Information And Communication Technologies ◽

Test System ◽

Attack Detection ◽

Cyber Attacks ◽

Support Vector ◽

Detection Accuracy ◽

Detection Mechanism ◽

False Data Injection ◽

False Data Injection Attack

A smart grid improves power grid efficiency by using modern information and communication technologies. However, at the same time, due to the dependence on information technology and the deep integration of electrical components and computing information in cyber space, the system might become increasingly vulnerable to cyber-attacks. Among various emerging security problems, a false data injection attack (FDIA) is a new type of attack against the state estimation. In this article, a deep learning-based identification scheme is developed to detect and mitigate information corruption. The scheme implements a conditional deep belief network (CDBN) to analyze time-series input data and leverages captured features to detect the FDIA. The performance of our detection mechanism is validated by using the IEEE 14-bus test system for simulation. Different attack scenarios and parameters are set to demonstrate the feasibility and effectiveness of the developed scheme. Compared with the artificial neural network (ANN) and the support vector machine (SVM), the experimental analyses indicate that the results of our detection mechanism are better than those of the other two in terms of FDIA detection accuracy and robustness.

Download Full-text

Deep Learning Based-Phishing Attack Detection

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c6527.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 8428-8432

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Human Life ◽

Rapid Development ◽

Attack Detection ◽

Cyber Attacks ◽

Training Data ◽

Machine Learning Techniques ◽

Support Vector

Due to the rapid development of the communication technologies and global networking, lots of daily human life activities such as electronic banking, social networks, ecommerce, etc are transferred to the cyberspace. The anonymous, open and uncontrolled infrastructure of the internet enables an excellent platform for cyber attacks. Phishing is one of the cyber attacks in which attackers open some fraudulent websites similar to the popular and legal websites to steal the user’s sensitive information. Machine learning techniques such as J48, Support Vector Machine (SVM), Logistic Regression (LR), Naive Bayes (NB) and Artificial Neural Network (ANN) were widely to detect the phishing attacks. But, getting goodquality training data is one of the biggest problems in machine learning. So, a deep learning method called Deep Neural Network (DNN) is introduced to detect the phishing Uniform Resource Locators (URLs). Initially, a feature extractor is used to construct a 30-dimension feature vector based on URL-based features, HTML-based features and domain-based features. These features are given as input to the DNN classifier for phishing attack detection. It consists of one input layer, multiple hidden layers and one output layer. The multiple hidden layers in DNN try to learn high-level features in an incremental manner. Finally, the DNN returns a probability value which represent the phishing URLs and legitimate URLs. By using DNN the accuracy, precision and recall of phishing attack detection is improved.

Download Full-text

An Electronic Component Recognition Algorithm Based on Deep Learning with a Faster SqueezeNet

Mathematical Problems in Engineering ◽

10.1155/2020/2940286 ◽

2020 ◽

Vol 2020 ◽

pp. 1-11

Author(s):

Yuanyuan Xu ◽

Genke Yang ◽

Jiliang Luo ◽

Jianan He

Keyword(s):

Deep Learning ◽

Characteristic Curve ◽

Area Under The Curve ◽

Principal Component ◽

Recognition Algorithm ◽

Electronic Component ◽

Support Vector ◽

Learning Networks ◽

Component Recognition ◽

And Performance

Electronic component recognition plays an important role in industrial production, electronic manufacturing, and testing. In order to address the problem of the low recognition recall and accuracy of traditional image recognition technologies (such as principal component analysis (PCA) and support vector machine (SVM)), this paper selects multiple deep learning networks for testing and optimizes the SqueezeNet network. The paper then presents an electronic component recognition algorithm based on the Faster SqueezeNet network. This structure can reduce the size of network parameters and computational complexity without deteriorating the performance of the network. The results show that the proposed algorithm performs well, where the Receiver Operating Characteristic Curve (ROC) and Area Under the Curve (AUC), capacitor and inductor, reach 1.0. When the FPR is less than or equal 10 − 6 level, the TPR is greater than or equal to 0.99; its reasoning time is about 2.67 ms, achieving the industrial application level in terms of time consumption and performance.

Download Full-text

A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT

Electronics ◽

10.3390/electronics9040629 ◽

2020 ◽

Vol 9 (4) ◽

pp. 629 ◽

Cited By ~ 3

Author(s):

Junaid Arshad ◽

Muhammad Ajmal Azad ◽

Roohi Amad ◽

Khaled Salah ◽

Mamoun Alazab ◽

...

Keyword(s):

Intrusion Detection ◽

Resource Constraints ◽

Extensive Study ◽

Intrusion Detection Systems ◽

Detection Accuracy ◽

Trade Off ◽

Detection Systems ◽

Computational Overhead ◽

Significant Research ◽

And Performance

Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety of security threats for such systems. However, due to unique characteristics of such systems i.e., battery power, bandwidth and processor overheads and network dynamics, intrusion detection for IoT is a challenge, which requires taking into account the trade-off between detection accuracy and performance overheads. In this context, we are focused at highlighting this trade-off and its significance to achieve effective intrusion detection for IoT. Specifically, this paper presents a comprehensive study of existing intrusion detection systems for IoT systems in three aspects: computational overhead, energy consumption and privacy implications. Through extensive study of existing intrusion detection approaches, we have identified open challenges to achieve effective intrusion detection for IoT infrastructures. These include resource constraints, attack complexity, experimentation rigor and unavailability of relevant security data. Further, this paper is envisaged to highlight contributions and limitations of the state-of-the-art within intrusion detection for IoT, and aid the research community to advance it by identifying significant research directions.

Download Full-text

Application of Color Featuring and Deep Learning in Maize Plant Detection

Remote Sensing ◽

10.3390/rs12142229 ◽

2020 ◽

Vol 12 (14) ◽

pp. 2229

Author(s):

Haojie Liu ◽

Hong Sun ◽

Minzan Li ◽

Michihisa Iida

Keyword(s):

Deep Learning ◽

False Negative ◽

Color Space ◽

Performance Comparison ◽

Maize Plant ◽

Detection Accuracy ◽

Learning Technology ◽

Practical Applications ◽

Feature Based ◽

Detection Speed

Maize plant detection was conducted in this study with the goals of target fertilization and reduction of fertilization waste in weed spots and gaps between maize plants. The methods used included two types of color featuring and deep learning (DL). The four color indices used were excess green (ExG), excess red (ExR), ExG minus ExR, and the hue value from the HSV (hue, saturation, and value) color space, while the DL methods used were YOLOv3 and YOLOv3_tiny. For practical application, this study focused on performance comparison in detection accuracy, robustness to complex field conditions, and detection speed. Detection accuracy was evaluated by the resulting images, which were divided into three categories: true positive, false positive, and false negative. The robustness evaluation was performed by comparing the average intersection over union of each detection method across different sub–datasets—namely original subset, blur processing subset, increased brightness subset, and reduced brightness subset. The detection speed was evaluated by the indicator of frames per second. Results demonstrated that the DL methods outperformed the color index–based methods in detection accuracy and robustness to complex conditions, while they were inferior to color feature–based methods in detection speed. This research shows the application potential of deep learning technology in maize plant detection. Future efforts are needed to improve the detection speed for practical applications.

Download Full-text

Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture

Sensors ◽

10.3390/s20164372 ◽

2020 ◽

Vol 20 (16) ◽

pp. 4372 ◽

Cited By ~ 1

Author(s):

Yan Naung Soe ◽

Yaokai Feng ◽

Paulus Insap Santosa ◽

Rudy Hartanto ◽

Kouichi Sakurai

Keyword(s):

Machine Learning ◽

High Performance ◽

Detection System ◽

Rapid Development ◽

Attack Detection ◽

Cyber Attacks ◽

Detection Systems ◽

Iot Devices ◽

Artificial Neural Network Ann ◽

Feature Selection Approach

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

Download Full-text

Quantifying the Attack Detection Accuracy of Intrusion Detection Systems in Virtualized Environments

2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) ◽

10.1109/issre.2016.39 ◽

2016 ◽

Cited By ~ 2

Author(s):

Aleksandar Milenkoski ◽

K. R. Jayaram ◽

Nuno Antunes ◽

Marco Vieira ◽

Samuel Kounev

Keyword(s):

Intrusion Detection ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Detection Accuracy ◽

Detection Systems

Download Full-text

CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.10.169183 ◽

2020 ◽

Vol 2 (10) ◽

pp. 169-183

Author(s):

Serhii Tolіupa ◽

Oleksandr Pliushch ◽

Ivan Parkhomenko

Keyword(s):

Neural Network ◽

Information Systems ◽

Detection System ◽

Attack Detection ◽

Cyber Attacks ◽

Network Structures ◽

Network Attack ◽

Detection Systems ◽

Protection Mechanisms ◽

Software Prototype

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

Download Full-text

An Efficient Classifier for U2R, R2L, DoS Attack

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a1942.059120 ◽

2020 ◽

Vol 9 (1) ◽

pp. 644-647

Keyword(s):

Machine Learning ◽

Network Security ◽

Learning Algorithms ◽

Research Area ◽

Attack Detection ◽

Machine Learning Algorithms ◽

The Internet ◽

Detection Accuracy ◽

Cyber Attack ◽

Detection Systems

The internet has become an irreplaceable communicating and informative tool in the current world. With the ever-growing importance and massive use of the internet today, there has been interesting from researchers to find the perfect Cyber Attack Detection Systems (CADSs) or rather referred to as Intrusion Detection Systems (IDSs) to protect against the vulnerabilities of network security. CADS presently exist in various variants but can be largely categorized into two broad classifications; signature-based detection and anomaly detection CADSs, based on their approaches to recognize attack packets.The signature-based CADS use the well-known signatures or fingerprints of the attack packets to signal the entry across the gateways of secured networks. Signature-based CADS can only recognize threats that use the known signature, new attacks with unknown signatures can, therefore, strike without notice. Alternatively, anomaly-based CADS are enabled to detect any abnormal traffic within the network and report. There are so many ways of identifying anomalies and different machine learning algorithms are introduced to counter such threats. Most systems, however, fall short of complete attack prevention in the real world due system administration and configuration, system complexity and abuse of authorized access. Several scholars and researchers have achieved a significant milestone in the development of CADS owing to the importance of computer and network security. This paper reviews the current trends of CADS analyzing the efficiency or level of detection accuracy of the machine learning algorithms for cyber-attack detection with an aim to point out to the best. CADS is a developing research area that continues to attract several researchers due to its critical objective.

Download Full-text

Big knowledge-based semantic correlation for detecting slow and low-level advanced persistent threats

Journal Of Big Data ◽

10.1186/s40537-021-00532-9 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

Amir Mohammadzade Lajevardi ◽

Morteza Amini

Keyword(s):

Time Window ◽

Attack Detection ◽

Cyber Attacks ◽

Knowledge Based System ◽

Low Level ◽

Semantic Correlation ◽

Detection Systems ◽

Knowledge Based ◽

Advanced Persistent Threats ◽

Short Time Window

AbstractTargeted cyber attacks, which today are known as Advanced Persistent Threats (APTs), use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this weakness to escape from the detection systems. In these situations, the intruders increase the time of attacks and move as slowly as possible by some tricks such as using sleeper and wake up functions and make detection difficult for such detection systems. In addition, low APTs use trusted subjects or agents to conceal any footprint and abnormalities in the victim system by some tricks such as code injection and stealing digital certificates. In this paper, a new solution is proposed for detecting both low and slow APTs. The proposed approach uses low-level interception, knowledge-based system, system ontology, and semantic correlation to detect low-level attacks. Since using semantic-based correlation is not applicable for detecting slow attacks due to its significant processing overhead, we propose a scalable knowledge-based system that uses three different concepts and approaches to reduce the time complexity including (1) flexible sliding window called Vermiform window to analyze and correlate system events instead of using fixed-size time-window, (2) effective inference using a scalable inference engine called SANSA, and (3) data reduction by ontology-based data abstraction. We can detect the slow APTs whose attack duration is about several months. Evaluation of the proposed approach on a dataset containing many APT scenarios shows 84.21% of sensitivity and 82.16% of specificity.

Download Full-text