scholarly journals An Explainable AI-based Intrusion Detection System for DNS over HTTPS (DoH) Attacks

2022 ◽  
Author(s):  
Tahmina Zebin ◽  
Shahadate Rezvy, ◽  
Yuan Luo
Keyword(s):  
Detection System ◽  
Accurate Solution ◽  
Privacy And Security ◽  
Learning Framework ◽  
Internet Users ◽  
Explainable Ai ◽  
Secure Network ◽  
Access To Data ◽  
Network Administrators ◽  
Gain Access

Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91\%), recall (99.92\%) and F1 score (99.91\%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.

scholarly journals An Explainable AI-based Intrusion Detection System for DNS over HTTPS (DoH) Attacks

2022 ◽  
Author(s):  
Tahmina Zebin ◽  
Shahadate Rezvy, ◽  
Yuan Luo
Keyword(s):  
Detection System ◽  
Accurate Solution ◽  
Privacy And Security ◽  
Learning Framework ◽  
Internet Users ◽  
Explainable Ai ◽  
Secure Network ◽  
Access To Data ◽  
Network Administrators ◽  
Gain Access

Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91\%), recall (99.92\%) and F1 score (99.91\%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.

scholarly journals Intrusion Detection System in Network Forensic Analysis and Investigation

2017 ◽  
Author(s):  
Andysah Putera Utama Siahaan
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Forensic Analysis ◽  
Signature Database ◽  
The Law ◽  
Secure Network ◽  
Network Forensic ◽  
Network Administrators

Intrusion Detection System is built to protect the network from threats of hackers, crackers and security experts from the possibility of action that does not comply with the law. Problems arise when new attacks emerge in a relatively fast so that a network administrator must create their signature and stay updated with new types of attacks that appear. IDS would oversee the packets in the network and benchmark against only those packages with a signature database that is owned by IDS systems or attributes of the attempted attacks ever known. By using IDS, network security will be more secure. Network administrators will be easier to know if network conditions change.

Implementasi Iptables Firewall dan Intrusion Detection System Untuk Mencegah Serangan DDoS Pada Linux Server

2021 ◽  
pp. 19-23
Author(s):  
Theodorus Kristian Widianto ◽  
Wiwin Sulistyo
Keyword(s):  
Intrusion Detection ◽  
Computer Networks ◽  
Intrusion Detection System ◽  
Detection System ◽  
Ddos Attacks ◽  
Server Side ◽  
Ddos Attack ◽  
Internet Users ◽  
Data Theft ◽  
Server Computer

Security on computer networks is currently a matter that must be considered especially for internet users because many risks must be borne if this is negligent of attention. Data theft, system destruction, and so on are threats to users, especially on the server-side. DDoS is a method of attack that is quite popular and is often used to bring down servers. This method runs by consuming resources on the server computer so that it can no longer serve requests from the user side. With this problem, security is needed to prevent the DDoS attack, one of which is using iptables that has been provided by Linux. Implementing iptables can prevent or stop external DDoS attacks aimed at the server.

scholarly journals Implementasi Virtual Interface Menggunakan Metode EOIP Tunnel Pada Jaringan WAN PT. Indo Matra Lestari

2020 ◽  
Vol 6 (1) ◽  
pp. 103-110
Author(s):  
Sidik Sidik ◽  
Ade Sudaryana ◽  
Rame Santoso
Keyword(s):  
Data Center ◽  
Data Access ◽  
Local Network ◽  
Virtual Interface ◽  
Head Office ◽  
Secure Network ◽  
Pass Through ◽  
Point To Point ◽  
Access To Data ◽  
Branch Office

Computer networks have become an important point in companies that have many branch offices to coordinate the transfer of data. PT Indo Matra Lestari's connection uses a VPN system using the PPTP method. Data Center is used as a VPN server, the client is the Head Office and Citereup Branch Offices. Between the Head Office and the Citereup Branch Office there is no direct connection so access to data made between the Head Office and the Citereup Branch Office is slow, because the data must pass through the Data Center before reaching its destination. Moreover, the data accessed is private to the company and only accessed on the local network. The solution used to create a direct and secure network path between the Head Office and Branch Offices is to use the EoIP Tunnel on the proxy router. Tunneling method in EoIP can make network bridging between proxy devices, EoIP Tunnel will change to Virtual Interface on the proxy router so that it is as if the proxy router is connected locally. Tunnel ID on the EoIP Tunnel functions as a tunneling path security. The application of the EoIP Tunnel makes the point to point connection point between Mikrotik devices faster in data access because the data access is directed to the destination. In order for this EoIP Tunnel connection to run optimally and well, a network management is needed in managing internet bandwidth usage

scholarly journals Network Intrusion Detection using a Combination of Fuzzy Clustering and Ant Colony Algorithm

2021 ◽  
Vol 5 (2) ◽  
pp. 11-19
Author(s):  
Yadgar Sirwan Abdulrahman
Keyword(s):  
Intrusion Detection ◽  
Ant Colony Algorithm ◽  
Optimization Problems ◽  
Detection System ◽  
Ant Colony ◽  
Detection Accuracy ◽  
Ant Colony Optimization Algorithm ◽  
Network Intrusion ◽  
Secure Network ◽  
Main Component

As information technology grows, network security is a significant issue and challenge. The intrusion detection system (IDS) is known as the main component of a secure network. An IDS can be considered a set of tools to help identify and report abnormal activities in the network. In this study, we use data mining of a new framework using fuzzy tools and combine it with the ant colony optimization algorithm (ACOR) to overcome the shortcomings of the k-means clustering method and improve detection accuracy in IDSs. Introduced IDS. The ACOR algorithm is recognized as a fast and accurate meta-method for optimization problems. We combine the improved ACOR with the fuzzy c-means algorithm to achieve efficient clustering and intrusion detection. Our proposed hybrid algorithm is reviewed with the NSL-KDD dataset and the ISCX 2012 dataset using various criteria. For further evaluation, our method is compared to other tasks, and the results are compared show that the proposed algorithm has performed better in all cases.

scholarly journals British Columbia’s Health Data Platform: Unleashing the Power of a Data Environment Commons for Health and Health System Improvement

2020 ◽  
Vol 5 (5) ◽  
Author(s):  
Shirley Wong ◽  
Victoria Schuckel ◽  
Simon Thompson ◽  
David Ford ◽  
Ronan Lyons ◽  
...  
Keyword(s):  
Health Sector ◽  
Data Access ◽  
Health Data ◽  
Decision Makers ◽  
Security And Privacy ◽  
Privacy And Security ◽  
Data Accessibility ◽  
Data Platform ◽  
Access To Data ◽  
Data Consumer

IntroductionThere is no power for change greater than a community discovering what it cares about.1 The Health Data Platform (HDP) will democratize British Columbia’s (population of approximately 4.6 million) health sector data by creating common enabling infrastructure that supports cross-organization analytics and research used by both decision makers and cademics. HDP will provide streamlined, proportionate processes that provide timelier access to data with increased transparency for the data consumer and provide shared data related services that elevate best practices by enabling consistency across data contributors, while maintaining continued stewardship of their data. HDP will be built in collaboration with Swansea University following an agile pragmatic approach starting with a minimum viable product. Objectives and ApproachBuild a data sharing environment that harnesses the data and the understanding and expertise about health data across academe, decision makers, and clinicians in the province by: Enabling a common harmonized approach across the sector on: Data stewardship Data access Data security and privacy Data management Data standards To: Enhance data consumer data access experience Increase process consistency and transparency Reduce burden of liberating data from a data source Build trust in the data and what it is telling us and therefore the decisions made Increase data accessibility safely and responsibly Working within the jurisdiction’s existing legislation, the Five Safes Privacy and Security Framework will be implemented, tailored to address the requirements of data contributors. ResultsThe minimum viable product will provide the necessary enabling infrastructure including governance to enable timelier access, safely to administrative data to a limited set of data consumers. The MVP will be expanded with another release planned for early 2021. Conclusion / ImplicationsCollaboration with Swansea University has enabled BC to accelerate its journey to increasing timelier access to data, safely and increasing the maturity of analytics by creating the enabling infrastructure that promotes collaboration and sharing of data and data approaches. 1 Margaret Wheatley

Users as Prosumers of PETs

2014 ◽  
pp. 178-199
Author(s):  
Julio Angulo
Keyword(s):  
Personal Information ◽  
User Involvement ◽  
The Internet ◽  
Data Handling ◽  
Privacy And Security ◽  
Security Technologies ◽  
Frequent Contact ◽  
Internet Users ◽  
Privacy Enhancing Technologies ◽  
Handling Practices

Frequent contact with online businesses requires Internet users to distribute large amounts of personal information. This spreading of users’ information through different Websites can eventually lead to increased probabilities for identity theft, profiling and linkability attacks, as well as other harmful consequences. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often perceived as complicated and obtrusive by users who are not privacy aware or are not computer or technology savvy. This chapter explores the way in which users’ involvement has been considered during the development process of PETs and argues that more democratic approaches of user involvement and data handling practices are needed. It advocates towards an approach in which people are not only seen as consumers of privacy and security technologies, but where they can play a role as the producers of ideas and sources of inspiration for the development of usable PETs that meet their actual privacy needs and concerns.

Sign in / Sign up

Export Citation Format

Share Document