A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection

Currently, expert systems and applied machine learning algorithms are widely used to automate network intrusion detection. In critical infrastructure applications of communication technologies, the interaction among various industrial control systems and the Internet environment intrinsic to the IoT technology makes them susceptible to cyber-attacks. Given the existence of the enormous network traffic in critical Cyber-Physical Systems (CPSs), traditional methods of machine learning implemented in network anomaly detection are inefficient. Therefore, recently developed machine learning techniques, with the emphasis on deep learning, are finding their successful implementations in the detection and classification of anomalies at both the network and host levels. This paper presents an ensemble method that leverages deep models such as the Deep Neural Network (DNN) and Long Short-Term Memory (LSTM) and a meta-classifier (i.e., logistic regression) following the principle of stacked generalization. To enhance the capabilities of the proposed approach, the method utilizes a two-step process for the apprehension of network anomalies. In the first stage, data pre-processing, a Deep Sparse AutoEncoder (DSAE) is employed for the feature engineering problem. In the second phase, a stacking ensemble learning approach is utilized for classification. The efficiency of the method disclosed in this work is tested on heterogeneous datasets, including data gathered in the IoT environment, namely IoT-23, LITNET-2020, and NetML-2020. The results of the evaluation of the proposed approach are discussed. Statistical significance is tested and compared to the state-of-the-art approaches in network anomaly detection.

Download Full-text

Hybrid approach with Deep Auto-Encoder and optimized LSTM based Deep Learning approach to detect anomaly in cloud logs

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-201707 ◽

2021 ◽

pp. 1-15

Author(s):

Savaridassan Pankajashan ◽

G. Maragatham ◽

T. Kirthiga Devi

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Anomaly Detection ◽

Performance Metrics ◽

Hybrid Approach ◽

Machine Learning Techniques ◽

Support Vector ◽

Paper Machine ◽

Log Data ◽

Isolation Forest

Anomaly-based detection is coupled with recognizing the uncommon, to catch the unusual activity, and to find the strange action behind that activity. Anomaly-based detection has a wide scope of critical applications, from bank application security to regular sciences to medical systems to marketing apps. Anomaly-based detection adopted by various Machine Learning techniques is really a type of system that consists of artificial intelligence. With the ever-expanding volume and new sorts of information, for example, sensor information from an incontestably enormous amount of IoT devices and from network flow data from cloud computing, it is implicitly understood without surprise that there is a developing enthusiasm for having the option to deal with more conclusions automatically by means of AI and ML applications. But with respect to anomaly detection, many applications of the scheme are simply the passion for detection. In this paper, Machine Learning (ML) techniques, namely the SVM, Isolation forest classifiers experimented and with reference to Deep Learning (DL) techniques, the proposed DA-LSTM (Deep Auto-Encoder LSTM) model are adopted for preprocessing of log data and anomaly-based detection to get better performance measures of detection. An enhanced LSTM (long-short-term memory) model, optimizing for the suitable parameter using a genetic algorithm (GA), is utilized to recognize better the anomaly from the log data that is filtered, adopting a Deep Auto-Encoder (DA). The Deep Neural network models are utilized to change over unstructured log information to training ready features, which are reasonable for log classification in detecting anomalies. These models are assessed, utilizing two benchmark datasets, the Openstack logs, and CIDDS-001 intrusion detection OpenStack server dataset. The outcomes acquired show that the DA-LSTM model performs better than other notable ML techniques. We further investigated the performance metrics of the ML and DL models through the well-known indicator measurements, specifically, the F-measure, Accuracy, Recall, and Precision. The exploratory conclusion shows that the Isolation Forest, and Support vector machine classifiers perform roughly 81%and 79%accuracy with respect to the performance metrics measurement on the CIDDS-001 OpenStack server dataset while the proposed DA-LSTM classifier performs around 99.1%of improved accuracy than the familiar ML algorithms. Further, the DA-LSTM outcomes on the OpenStack log data-sets show better anomaly detection compared with other notable machine learning models.

Download Full-text

Anomaly Detection in Drone-Captured Images Using Machine Learning Techniques and Deep Learning Architectures

10.1007/978-981-16-4625-6_78 ◽

2021 ◽

pp. 783-791

Author(s):

Kartik Joshi ◽

G. Vidya ◽

Soumya Shaw ◽

Abitha K. Thyagarajan ◽

Akhil Pathak ◽

...

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Anomaly Detection ◽

Machine Learning Techniques ◽

Learning Techniques ◽

Learning Architectures

Download Full-text

Adaptive Anomaly Detection Framework Model Objects in Cyberspace

Applied Bionics and Biomechanics ◽

10.1155/2020/6660489 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Hasan Alkahtani ◽

Theyazn H. H. Aldhyani ◽

Mohammed Al-Yaari

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Network Security ◽

Anomaly Detection ◽

Denial Of Service ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Support Vector ◽

Ddos Attacks ◽

Framework Model

Telecommunication has registered strong and rapid growth in the past decade. Accordingly, the monitoring of computers and networks is too complicated for network administrators. Hence, network security represents one of the biggest serious challenges that can be faced by network security communities. Taking into consideration the fact that e-banking, e-commerce, and business data will be shared on the computer network, these data may face a threat from intrusion. The purpose of this research is to propose a methodology that will lead to a high level and sustainable protection against cyberattacks. In particular, an adaptive anomaly detection framework model was developed using deep and machine learning algorithms to manage automatically-configured application-level firewalls. The standard network datasets were used to evaluate the proposed model which is designed for improving the cybersecurity system. The deep learning based on Long-Short Term Memory Recurrent Neural Network (LSTM-RNN) and machine learning algorithms namely Support Vector Machine (SVM), K-Nearest Neighbor (K-NN) algorithms were implemented to classify the Denial-of-Service attack (DoS) and Distributed Denial-of-Service (DDoS) attacks. The information gain method was applied to select the relevant features from the network dataset. These network features were significant to improve the classification algorithm. The system was used to classify DoS and DDoS attacks in four stand datasets namely KDD cup 199, NSL-KDD, ISCX, and ICI-ID2017. The empirical results indicate that the deep learning based on the LSTM-RNN algorithm has obtained the highest accuracy. The proposed system based on the LSTM-RNN algorithm produced the highest testing accuracy rate of 99.51% and 99.91% with respect to KDD Cup’99, NSL-KDD, ISCX, and ICI-Id2017 datasets, respectively. A comparative result analysis between the machine learning algorithms, namely SVM and KNN, and the deep learning algorithms based on the LSTM-RNN model is presented. Finally, it is concluded that the LSTM-RNN model is efficient and effective to improve the cybersecurity system for detecting anomaly-based cybersecurity.

Download Full-text

Design and Development of an Efficient Network Intrusion Detection System Using Machine Learning Techniques

Wireless Communications and Mobile Computing ◽

10.1155/2021/9974270 ◽

2021 ◽

Vol 2021 ◽

pp. 1-35

Author(s):

Thomas Rincy N ◽

Roopam Gupta

Keyword(s):

Machine Learning ◽

Performance Metrics ◽

Detection System ◽

Machine Learning Algorithms ◽

Feature Subset Selection ◽

Hybrid Network ◽

Machine Learning Techniques ◽

Feature Subset ◽

Network Connection ◽

Network Intrusion

Today’s internets are made up of nearly half a million different networks. In any network connection, identifying the attacks by their types is a difficult task as different attacks may have various connections, and their number may vary from a few to hundreds of network connections. To solve this problem, a novel hybrid network IDS called NID-Shield is proposed in the manuscript that classifies the dataset according to different attack types. Furthermore, the attack names found in attack types are classified individually helping considerably in predicting the vulnerability of individual attacks in various networks. The hybrid NID-Shield NIDS applies the efficient feature subset selection technique called CAPPER and distinct machine learning methods. The UNSW-NB15 and NSL-KDD datasets are utilized for the evaluation of metrics. Machine learning algorithms are applied for training the reduced accurate and highly merit feature subsets obtained from CAPPER and then assessed by the cross-validation method for the reduced attributes. Various performance metrics show that the hybrid NID-Shield NIDS applied with the CAPPER approach achieves a good accuracy rate and low FPR on the UNSW-NB15 and NSL-KDD datasets and shows good performance results when analyzed with various approaches found in existing literature studies.

Download Full-text

Successful leveraging of image processing and machine learning in seismic structural interpretation: A review

The Leading Edge ◽

10.1190/tle37060451.1 ◽

2018 ◽

Vol 37 (6) ◽

pp. 451-461 ◽

Cited By ~ 26

Author(s):

Zhen Wang ◽

Haibin Di ◽

Muhammad Amir Shafiq ◽

Yazeed Alaudah ◽

Ghassan AlRegib

Keyword(s):

Machine Learning ◽

Image Processing ◽

Deep Learning ◽

Seismic Data ◽

Domain Knowledge ◽

Machine Learning Algorithms ◽

Hydrocarbon Exploration ◽

Machine Learning Techniques ◽

Structural Interpretation ◽

Salt Domes

As a process that identifies geologic structures of interest such as faults, salt domes, or elements of petroleum systems in general, seismic structural interpretation depends heavily on the domain knowledge and experience of interpreters as well as visual cues of geologic structures, such as texture and geometry. With the dramatic increase in size of seismic data acquired for hydrocarbon exploration, structural interpretation has become more time consuming and labor intensive. By treating seismic data as images rather than signal traces, researchers have been able to utilize advanced image-processing and machine-learning techniques to assist interpretation directly. In this paper, we mainly focus on the interpretation of two important geologic structures, faults and salt domes, and summarize interpretation workflows based on typical or advanced image-processing and machine-learning algorithms. In recent years, increasing computational power and the massive amount of available data have led to the rise of deep learning. Deep-learning models that simulate the human brain's biological neural networks can achieve state-of-the-art accuracy and even exceed human-level performance on numerous applications. The convolutional neural network — a form of deep-learning model that is effective in analyzing visual imagery — has been applied in fault and salt dome interpretation. At the end of this review, we provide insight and discussion on the future of structural interpretation.

Download Full-text

Deep learning and model personalization in sensor-based human activity recognition

Journal of Reliable Intelligent Environments ◽

10.1007/s40860-021-00167-w ◽

2022 ◽

Author(s):

Anna Ferrari ◽

Daniela Micucci ◽

Marco Mobilio ◽

Paolo Napoletano

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Activity Recognition ◽

Human Activity ◽

Wearable Sensors ◽

Human Activity Recognition ◽

Population Diversity ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Learning Techniques

AbstractHuman activity recognition (HAR) is a line of research whose goal is to design and develop automatic techniques for recognizing activities of daily living (ADLs) using signals from sensors. HAR is an active research filed in response to the ever-increasing need to collect information remotely related to ADLs for diagnostic and therapeutic purposes. Traditionally, HAR used environmental or wearable sensors to acquire signals and relied on traditional machine-learning techniques to classify ADLs. In recent years, HAR is moving towards the use of both wearable devices (such as smartphones or fitness trackers, since they are daily used by people and they include reliable inertial sensors), and deep learning techniques (given the encouraging results obtained in the area of computer vision). One of the major challenges related to HAR is population diversity, which makes difficult traditional machine-learning algorithms to generalize. Recently, researchers successfully attempted to address the problem by proposing techniques based on personalization combined with traditional machine learning. To date, no effort has been directed at investigating the benefits that personalization can bring in deep learning techniques in the HAR domain. The goal of our research is to verify if personalization applied to both traditional and deep learning techniques can lead to better performance than classical approaches (i.e., without personalization). The experiments were conducted on three datasets that are extensively used in the literature and that contain metadata related to the subjects. AdaBoost is the technique chosen for traditional machine learning, while convolutional neural network is the one chosen for deep learning. These techniques have shown to offer good performance. Personalization considers both the physical characteristics of the subjects and the inertial signals generated by the subjects. Results suggest that personalization is most effective when applied to traditional machine-learning techniques rather than to deep learning ones. Moreover, results show that deep learning without personalization performs better than any other methods experimented in the paper in those cases where the number of training samples is high and samples are heterogeneous (i.e., they represent a wider spectrum of the population). This suggests that traditional deep learning can be more effective, provided you have a large and heterogeneous dataset, intrinsically modeling the population diversity in the training process.

Download Full-text

Improving Water Quality Assessment through Anomaly Detection Using Hybrid Convolutional Neural Network Approach

Global NEST Journal ◽

10.30955/gnj.003923 ◽

2021 ◽

Keyword(s):

Neural Network ◽

Machine Learning ◽

Water Quality ◽

Deep Learning ◽

Anomaly Detection ◽

Convolutional Neural Network ◽

Quality Assessment ◽

Water Quality Assessment ◽

Machine Learning Algorithms ◽

Quality Analysis

<p>Water being a precious commodity for every person around the world needs to be quality monitored continuously for ensuring safety whilst usage. The water data collected from sensors in water plants are used for water quality assessment. The anomaly present in the water data seriously affects the performance of water quality assessment. Hence it needs to be addressed. In this regard, water data collected from sensors have been subjected to various anomaly detection approaches guided by Machine Learning (ML) and Deep Learning framework. Standard machine learning algorithms have been used extensively in water quality analysis and these algorithms in general converge quickly. Considering the fact that manual feature selection has to be done for ML algorithms, Deep Learning (DL) algorithm is proposed which involve implicit feature learning. A hybrid model is formulated that takes advantage of both and presented it is data invariant too. This novel Hybrid Convolutional Neural Network (CNN) and Extreme Learning Machine (ELM) approach is used to detect presence of anomalies in sensor collected water data. The experiment of the proposed CNN-ELM model is carried out using the publicly available dataset GECCO 2019. The findings proved that the model has improved the water quality assessment of the sensor water data collected by detecting the anomalies efficiently and achieves F1 score of 0.92. This model can be implemented in water quality assessment.</p>

Download Full-text

Analysis On Deep Learning Approaches For Timely Detection Of Osteoarthritis

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i3.1818 ◽

2021 ◽

Vol 12 (3) ◽

pp. 4396-4405

Author(s):

R Kanthavel Et.al

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Elastic Tissue ◽

Learning Approaches ◽

X Rays ◽

Imaging Analysis ◽

Bone Injury ◽

Learning Techniques

Osteoarthritis is mainly a familiar kind of arthritis when an elastic tissue named Cartilage that softens the tops of the bones, cracks down. The Person with osteoarthritis can encompass joint pain, inflexibility, or inflammation and there is no particular examination for osteoarthritis and physicians take the amalgamation of both medical cum clinical record and X-rays imaging analysis to make a diagnosis of the state. Osteoarthritis is generally only detected following ache and bone scratch and in advance, analysis could permit for ultimate involvement to avoid cartilage worsening and bone injury. Through machine-learning algorithms, the system can be trained to automatically distinguish among people who would develop osteoarthritis and persons who would not with the detection of exact biochemical variances in the midpoint of the knee’s cartilage. The outcome of the Machine learning Techniques will give the persons who are pre-symptomatic by the occasion of the baseline imaging and also the reduction in liquid concentration. In this study, we present the analysis of various deep learning techniques for timely detection of osteoarthritis disease. Several subsets of machine learning called deep learning techniques have been in use for the timely detection of osteoarthritis disease; and therefore analysis is needed highly to choose the best as far as accuracy and reliability are concerned.

Download Full-text

Analysis of deep learning models for network anomaly detection in Internet of Things

Information and Control Systems ◽

10.31799/1684-8853-2021-1-28-37 ◽

2021 ◽

pp. 28-37

Author(s):

Diana Gaifilina ◽

Igor Kotenko

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Internet Of Things ◽

Anomaly Detection ◽

Recurrent Neural Network ◽

Network Traffic ◽

Learning Models ◽

Network Anomaly Detection ◽

Machine Learning Models

Introduction: The article discusses the problem of choosing deep learning models for detecting anomalies in Internet of Things (IoT) network traffic. This problem is associated with the necessity to analyze a large number of security events in order to identify the abnormal behavior of smart devices. A powerful technology for analyzing such data is machine learning and, in particular, deep learning. Purpose: Development of recommendations for the selection of deep learning models for anomaly detection in IoT network traffic. Results: The main results of the research are comparative analysis of deep learning models, and recommendations on the use of deep learning models for anomaly detection in IoT network traffic. Multilayer perceptron, convolutional neural network, recurrent neural network, long short-term memory, gated recurrent units, and combined convolutional-recurrent neural network were considered the basic deep learning models. Additionally, the authors analyzed the following traditional machine learning models: naive Bayesian classifier, support vector machines, logistic regression, k-nearest neighbors, boosting, and random forest. The following metrics were used as indicators of anomaly detection efficiency: accuracy, precision, recall, and F-measure, as well as the time spent on training the model. The constructed models demonstrated a higher accuracy rate for anomaly detection in large heterogeneous traffic typical for IoT, as compared to conventional machine learning methods. The authors found that with an increase in the number of neural network layers, the completeness of detecting anomalous connections rises. This has a positive effect on the recognition of unknown anomalies, but increases the number of false positives. In some cases, preparing traditional machine learning models takes less time. This is due to the fact that the application of deep learning methods requires more resources and computing power. Practical relevance: The results obtained can be used to build systems for network anomaly detection in Internet of Things traffic.

Download Full-text

Application of Deep Learning for Credit Card Approval: A Comparison with Two Machine Learning Techniques

International Journal of Machine Learning and Computing ◽

10.18178/ijmlc.2021.11.4.1049 ◽

2021 ◽

Vol 11 (4) ◽

pp. 286-290

Author(s):

Md. Golam Kibria ◽

◽

Mehmet Sevkli

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Credit Card ◽

Learning Algorithms ◽

Learning Model ◽

Machine Learning Algorithms ◽

The Other ◽

Machine Learning Techniques ◽

Support Vector ◽

Deep Learning Model

The increased credit card defaulters have forced the companies to think carefully before the approval of credit applications. Credit card companies usually use their judgment to determine whether a credit card should be issued to the customer satisfying certain criteria. Some machine learning algorithms have also been used to support the decision. The main objective of this paper is to build a deep learning model based on the UCI (University of California, Irvine) data sets, which can support the credit card approval decision. Secondly, the performance of the built model is compared with the other two traditional machine learning algorithms: logistic regression (LR) and support vector machine (SVM). Our results show that the overall performance of our deep learning model is slightly better than that of the other two models.

Download Full-text