scholarly journals OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

2016 ◽  
Vol 8 (3) ◽  
pp. 327-333 ◽  
Author(s):  
Rimas Ciplinskas ◽  
Nerijus Paulauskas
Keyword(s):  
Anomaly Detection ◽  
Network Flow ◽  
Detection Method ◽  
Attack Detection ◽  
Detection Methods ◽  
Cyber Attack ◽  
Normal Network ◽  
New Type ◽  
Flow Detection ◽  
F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

RESILIENT FLOCKING CONTROL FOR CONNECTED AND AUTOMATED VEHICLES WITH CYBER-ATTACK THREATS

2021 ◽  
pp. 1-7
Author(s):  
Fengchen Wang ◽  
Yan Chen
Keyword(s):  
Detection Method ◽  
Tracking Error ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Vehicle Tracking ◽  
Cyber Attack ◽  
Dynamics Model ◽  
Automated Vehicles ◽  
Tracking Errors ◽  
Error Dynamics

Abstract To improve the cybersecurity of flocking control for connected and automated vehicles (CAVs), this paper proposes a novel resilient flocking control by specifically considering cyber-attack threats on vehicle tracking errors. Using the vehicle tracking error dynamics model, a dual extended Kalman filter (DEKF) is applied to detect cyber-attacks as an unknown constant on vehicle tracking information with noise rejections. To handle the coupling effects between tracking errors and cyber-attacks, the proposed DEKF consists of a tracking error filter and a cyber-attack filter, which are utilized to conduct the prediction and correction of tracking errors alternatively. Whenever an abnormal tracking error is detected, an observer-based resilient flocking control is enabled. Demonstrated by simulation results, the proposed cyber-attack detection method and resilient flocking control design can successfully achieve and maintain the flocking control of multi-CAV systems by rejecting certain cyber-attack threats.

scholarly journals egoDetect: Visual Detection and Exploration of Anomaly in Social Communication Network

Sensors ◽  
2020 ◽  
Vol 20 (20) ◽  
pp. 5895
Author(s):  
Jiansu Pu ◽  
Jingwen Zhang ◽  
Hui Shao ◽  
Tingting Zhang ◽  
Yunbo Rao
Keyword(s):  
Social Networks ◽  
Anomaly Detection ◽  
Communication Networks ◽  
Social Communication ◽  
Detection Method ◽  
Detection Methods ◽  
Visualization System ◽  
Egocentric Network ◽  
Unsupervised Anomaly Detection ◽  
The Relationship

The development of the Internet has made social communication increasingly important for maintaining relationships between people. However, advertising and fraud are also growing incredibly fast and seriously affect our daily life, e.g., leading to money and time losses, trash information, and privacy problems. Therefore, it is very important to detect anomalies in social networks. However, existing anomaly detection methods cannot guarantee the correct rate. Besides, due to the lack of labeled data, we also cannot use the detection results directly. In other words, we still need human analysts in the loop to provide enough judgment for decision making. To help experts analyze and explore the results of anomaly detection in social networks more objectively and effectively, we propose a novel visualization system, egoDetect, which can detect the anomalies in social communication networks efficiently. Based on the unsupervised anomaly detection method, the system can detect the anomaly without training and get the overview quickly. Then we explore an ego’s topology and the relationship between egos and alters by designing a novel glyph based on the egocentric network. Besides, it also provides rich interactions for experts to quickly navigate to the interested users for further exploration. We use an actual call dataset provided by an operator to evaluate our system. The result proves that our proposed system is effective in the anomaly detection of social networks.

scholarly journals Review on EM-CURE Algorithm for Detection DDOS Attack

2018 ◽  
Vol 7 (01) ◽  
pp. 23386-23489
Author(s):  
Miss Priyanka P. Narode ◽  
Prof I.R. Shaikh
Keyword(s):  
Data Mining ◽  
Network Flow ◽  
Denial Of Service ◽  
Attack Detection ◽  
Cyber Attack ◽  
Data Mining Technique ◽  
Network Resource ◽  
Data Mining Techniques ◽  
Ddos Attack ◽  
Efficient Detection

Distributed Denial of Service attack (DoS attack) is a cyber attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method because they are designed to restricted applications on limited environments.DDoS attack detection very difficult because the non-existence of predefined rules to correctly identify the genuine network flow. A combination of unsupervised data mining techniques as IDS are introduced. The Entropy Method concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from datasets. The CURE DDoS attack detection technique based on entropy gives a promising way to analyze this attack and construct an efficient detection model using a clustering data mining techniques. This approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient.

scholarly journals Network Traffic Anomaly Detection Based on ML-ESN for Power Metering System

2020 ◽  
Vol 2020 ◽  
pp. 1-21
Author(s):  
S. T. Zhang ◽  
X. B. Lin ◽  
L. Wu ◽  
Y. Q. Song ◽  
N. D. Liao ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Network Traffic ◽  
Network Flow ◽  
Small Sample ◽  
Detection Methods ◽  
Echo State Network ◽  
Power Network ◽  
Power Metering ◽  
Traffic Anomaly ◽  
Traffic Anomaly Detection

Due to the diversity and complexity of power network system platforms, some traditional network traffic detection methods work well for small sample datasets. However, the network data detection of complex power metering system platforms has problems of low accuracy and high false-positive rate. In this paper, through a combination of exploration and feedback, a solution for power network traffic anomaly detection based on multilayer echo state network (ML-ESN) is proposed. This method first relies on the Pearson and Gini coefficient method to calculate the statistical distribution and correlation of network flow characteristics and then uses the ML-ESN method to classify the network attacks abnormally. Because the ML-ESN method abandons the backpropagation mechanism, the nonlinear fitting ability of the model is solved. In order to verify the effectiveness of the proposed method, a simulation test was conducted on the UNSW_NB15 network security dataset. The test results show that the average accuracy of this method is more than 97%, which is significantly better than single-layer echo state network, shallow BP neural network, and some traditional machine learning methods.

Reliability Evaluation of a Server System Considering Signature Update

2020 ◽  
Vol 28 (01) ◽  
pp. 2150003
Author(s):  
Mitsuhiro Imaizumi ◽  
Mitsutaka Kimura
Keyword(s):  
Stochastic Models ◽  
Detection Methods ◽  
Type Ii ◽  
Type Ii Error ◽  
Cyber Attack ◽  
Signature Detection ◽  
Optimal Policies ◽  
New Type ◽  
And Behavior ◽  
Server System

Cyber attack on the Internet has become a problem in recent years, and it has been becoming more sophisticated and complicated. As one of schemes to detect cyber attack, IDS has been widely used. IDS can detect cyber attack based on the signature which is the pattern of cyber attack and so on. There are signature-based and anomaly-based detection methods in terms of IDS. Signature detection compares activity and behavior to signatures of known attacks. Signatures need to be updated regularly to detect a new type of attacks. This paper considers extended stochastic models for a server system with signature update. The server has the function of IDS. In this model, we consider type II error where IDS judges the occurrence of cyber attack erroneously when it occurs. We assume that the check with signature update is performed at [Formula: see text]th check or every [Formula: see text] checks. We obtain the expected costs until cyber attack is detected and discuss the optimal policies which minimize them. Finally, numerical examples are given.

Optimized cyber-attack detection method of power systems using sliding mode observer

2022 ◽  
Vol 205 ◽  
pp. 107745
Author(s):  
Mahdieh Adeli ◽  
Majid Hajatipour ◽  
Mohammad Javad Yazdanpanah ◽  
Hamed Hashemi-Dezaki ◽  
Mohsen Shafieirad
Keyword(s):  
Power Systems ◽  
Detection Method ◽  
Sliding Mode ◽  
Attack Detection ◽  
Sliding Mode Observer ◽  
Cyber Attack

scholarly journals Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

2010 ◽  
Vol 2010 ◽  
pp. 1-14 ◽  
Author(s):  
Zhengmin Xia ◽  
Songnian Lu ◽  
Junhua Tang
Keyword(s):  
Change Point ◽  
Detection Method ◽  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Hurst Parameter ◽  
Test Results ◽  
Self Similarity ◽  
Ddos Detection ◽  
Detection Evaluation

Distributed denial-of-service (DDoS) flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li's work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.

scholarly journals A Self-Learning Detection Method of Sybil Attack Based on LSTM for Electric Vehicles

Energies ◽  
2020 ◽  
Vol 13 (6) ◽  
pp. 1382 ◽  
Author(s):  
Yi-Ying Zhang ◽  
Jing Shang ◽  
Xi Chen ◽  
Kun Liang
Keyword(s):  
Communication Network ◽  
Electric Vehicles ◽  
Short Term Memory ◽  
Detection Method ◽  
Detection Efficiency ◽  
Attack Detection ◽  
Detection Methods ◽  
Sybil Attack ◽  
Time Dimension ◽  
Self Learning

Electric vehicles (EVs) are the development direction of new energy vehicles in the future. As an important part of the Internet of things (IOT) communication network, the charging pile is also facing severe challenges in information security. At present, most detection methods need a lot of prophetic data and too much human intervention, so they cannot do anything about unknown attacks. In this paper, a self-learning-based attack detection method is proposed, which makes training and prediction a closed-loop system according to a large number of false information packets broadcast to the communication network. Using long short-term memory (LSTM) neural network training to obtain the characteristics of traffic data changes in the time dimension, the unknown malicious behavior characteristics are self-extracted and self-learning, improving the detection efficiency and quality. In this paper, we take the Sybil attack in the car network as an example. The simulation results show that the proposed method can detect the Sybil early attack quickly and accurately.

scholarly journals A Novel Cyber Attack Detection Method in Networked Control Systems

2018 ◽  
Vol 48 (11) ◽  
pp. 3254-3264 ◽  
Author(s):  
Eman Mousavinejad ◽  
Fuwen Yang ◽  
Qing-Long Han ◽  
Ljubo Vlacic
Keyword(s):  
Control Systems ◽  
Detection Method ◽  
Networked Control Systems ◽  
Attack Detection ◽  
Networked Control ◽  
Cyber Attack

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

Sign in / Sign up

Export Citation Format

Share Document