Big Data Analytics With Machine Learning and Deep Learning Methods for Detection of Anomalies in Network Traffic

Information is vital for any organization to communicate through any network. The growth of internet utilization and the web users increased the cyber threats. Cyber-attacks in the network change the traffic flow of each system. Anomaly detection techniques have been developed for different types of cyber-attack or anomaly strategies. Conventional ADS protect information transferred through the network or cyber attackers. The stable prevention of anomalies by machine and deep-learning algorithms are applied for cyber-security. Big data solutions handle voluminous data in a short span of time. Big data management is the organization and manipulation of huge volumes of structured data, semi-structured data and unstructured data, but it does not handle a data imbalance problem during the training process. Big data-based machine and deep-learning algorithms for anomaly detection involve the classification of decision boundary between normal traffic flow and anomaly traffic flow. The performance of anomaly detection is efficiently increased by different algorithms.

Download Full-text

Impacted Cyber Attacks Assessment in Wide Range of Big Data Security Systems

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c1125.1083s19 ◽

2019 ◽

Vol 8 (3S) ◽

pp. 625-629

Keyword(s):

Big Data ◽

Cyber Security ◽

Cyber Attacks ◽

Cyber Attack ◽

Security Systems ◽

Computing Systems ◽

Wide Range ◽

Software Platforms ◽

The Cost ◽

And Storage

The technological advancements in image storage, data processing, and signal analysis of Big Data include (a) the fastly degrade the cost of storage and CPU power in recent arena; the flexibility and cost-effectiveness of data operating platforms and cloud computing systems for flexible computation and storage; and (c) the development of new frameworks , which allow users to take advantage of these divided computing systems storing large amount of data which is almost flexible parallel processing. The proposed survey work focused on discussing the various impacted cyber-attack critics available in industry and the trending algorithms available for cyber security etc. Big data in IoT clouds handling and software platforms which allow the malware enter into the working systems are analyzed, reliable methods to avoid the miscellaneous malwares are clearly depicted here.

Download Full-text

MADICS: A Methodology for Anomaly Detection in Industrial Control Systems

Symmetry ◽

10.3390/sym12101583 ◽

2020 ◽

Vol 12 (10) ◽

pp. 1583

Author(s):

Ángel Luis Perales Gómez ◽

Lorenzo Fernández Maimó ◽

Alberto Huertas Celdrán ◽

Félix J. García Clemente

Keyword(s):

Deep Learning ◽

Water Treatment ◽

Anomaly Detection ◽

Control Systems ◽

Learning Algorithms ◽

Treatment Plant ◽

Cyber Attacks ◽

Fine Tuning ◽

Industrial Control ◽

Industrial Control Systems

Industrial Control Systems (ICSs) are widely used in critical infrastructures to support the essential services of society. Therefore, their protection against terrorist activities, natural disasters, and cyber threats is critical. Diverse cyber attack detection systems have been proposed over the years, in which each proposal has applied different steps and methods. However, there is a significant gap in the literature regarding methodologies to detect cyber attacks in ICS scenarios. The lack of such methodologies prevents researchers from being able to accurately compare proposals and results. In this work, we present a Methodology for Anomaly Detection in Industrial Control Systems (MADICS) to detect cyber attacks in ICS scenarios, which is intended to provide a guideline for future works in the field. MADICS is based on a semi-supervised anomaly detection paradigm and makes use of deep learning algorithms to model ICS behaviors. It consists of five main steps, focused on pre-processing the dataset to be used with the machine learning and deep learning algorithms; performing feature filtering to remove those features that do not meet the requirements; feature extraction processes to obtain higher order features; selecting, fine-tuning, and training the most appropriate model; and validating the model performance. In order to validate MADICS, we used the popular Secure Water Treatment (SWaT) dataset, which was collected from a fully operational water treatment plant. The experiments demonstrate that, using MADICS, we can achieve a state-of-the-art precision of 0.984 (as well as a recall of 0.750 and F1-score of 0.851), which is above the average of other works, proving that the proposed methodology is suitable for use in real ICS scenarios.

Download Full-text

SARCP - Exploiting Cyber-Attack Prediction Through Socially-Aware Recommendation

International Journal of Decision Support System Technology ◽

10.4018/ijdsst.286691 ◽

2022 ◽

Vol 14 (1) ◽

pp. 0-0

Keyword(s):

Social Network ◽

Real World ◽

Cyber Security ◽

Betweenness Centrality ◽

Cyber Attacks ◽

Experimental Results ◽

Cyber Attack ◽

Defence Mechanisms ◽

Network Measure ◽

Recommender Algorithm

In the domain of cyber security, the defence mechanisms of networks has traditionally been placed in a reactionary role. Cyber security professionals are therefore disadvantaged in a cyber-attack situation due to the fact that it is vital that they maneuver such attacks before the network is totally compromised. In this paper, we utilize the Betweenness Centrality network measure (social property) to discover possible cyber-attack paths and then employ computation of similar personality of nodes/users to generate predictions about possible attacks within the network. Our method proposes a social recommender algorithm called socially-aware recommendation of cyber-attack paths (SARCP), as an attack predictor in the cyber security defence domain. In a social network, SARCP exploits and delivers all possible paths which can result in cyber-attacks. Using a real-world dataset and relevant evaluation metrics, experimental results in the paper show that our proposed method is favorable and effective.

Download Full-text

Cyber Attacks on Critical Infrastructure

Civil and Environmental Engineering ◽

10.4018/978-1-4666-9619-8.ch018 ◽

2016 ◽

pp. 448-465

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Cyber Security in Banking Sector

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.02.04 ◽

2019 ◽

Vol 8 (2) ◽

pp. 39-52

Author(s):

Michael BEST ◽

Lachezar KRUMOV ◽

Ioan BACIVAROV

Keyword(s):

Financial Institutions ◽

Cyber Security ◽

Banking Sector ◽

Paper Analysis ◽

Cyber Attacks ◽

Cyber Attack ◽

Network Graph ◽

Bottom Line ◽

Security Controls ◽

Bank Robbery

Because banks are very often target of a cyber-attack, they have also good security controls in place. This paper analysis modern threats to banks and proposes an approach to detect and visualize the risk of data leakage. In the first part of this paper, a comparative analysis of the most common threats to the banking sector is made, based on both bank reports and cyber security companies. The authors came to the conclusion that at the bottom line, insider knowledge is necessary, which is the result of data leakage. This paper comparatively analysis modern threats to banks and shows an approach to detect and visualize the risk of data leakage. In the second part of the paper, a model - based on network graph - that can enumerate the risk of data leakage is proposed. Graphing a network of an organization with the connections of data flow between assets and actors can identify insecure connections that may lead to data leakage. As is demonstrated in this paper, financial institutions are important targets of cyber attacks. Consequently, the financial sector must invest heavily in cybersecurity and find the best ways to counter cyber attacks and cyber bank robbery attempts.

Download Full-text

Cyber Attacks on Critical Infrastructure

Advances in Digital Crime, Forensics, and Cyber Terrorism - Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance ◽

10.4018/978-1-4666-6324-4.ch001 ◽

2015 ◽

pp. 1-18 ◽

Cited By ~ 1

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch080 ◽

2021 ◽

pp. 1658-1671

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch013 ◽

2020 ◽

pp. 283-299 ◽

Cited By ~ 1

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.

Download Full-text

Adaptive Anomaly Detection Framework Model Objects in Cyberspace

Applied Bionics and Biomechanics ◽

10.1155/2020/6660489 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Hasan Alkahtani ◽

Theyazn H. H. Aldhyani ◽

Mohammed Al-Yaari

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Network Security ◽

Anomaly Detection ◽

Denial Of Service ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Support Vector ◽

Ddos Attacks ◽

Framework Model

Telecommunication has registered strong and rapid growth in the past decade. Accordingly, the monitoring of computers and networks is too complicated for network administrators. Hence, network security represents one of the biggest serious challenges that can be faced by network security communities. Taking into consideration the fact that e-banking, e-commerce, and business data will be shared on the computer network, these data may face a threat from intrusion. The purpose of this research is to propose a methodology that will lead to a high level and sustainable protection against cyberattacks. In particular, an adaptive anomaly detection framework model was developed using deep and machine learning algorithms to manage automatically-configured application-level firewalls. The standard network datasets were used to evaluate the proposed model which is designed for improving the cybersecurity system. The deep learning based on Long-Short Term Memory Recurrent Neural Network (LSTM-RNN) and machine learning algorithms namely Support Vector Machine (SVM), K-Nearest Neighbor (K-NN) algorithms were implemented to classify the Denial-of-Service attack (DoS) and Distributed Denial-of-Service (DDoS) attacks. The information gain method was applied to select the relevant features from the network dataset. These network features were significant to improve the classification algorithm. The system was used to classify DoS and DDoS attacks in four stand datasets namely KDD cup 199, NSL-KDD, ISCX, and ICI-ID2017. The empirical results indicate that the deep learning based on the LSTM-RNN algorithm has obtained the highest accuracy. The proposed system based on the LSTM-RNN algorithm produced the highest testing accuracy rate of 99.51% and 99.91% with respect to KDD Cup’99, NSL-KDD, ISCX, and ICI-Id2017 datasets, respectively. A comparative result analysis between the machine learning algorithms, namely SVM and KNN, and the deep learning algorithms based on the LSTM-RNN model is presented. Finally, it is concluded that the LSTM-RNN model is efficient and effective to improve the cybersecurity system for detecting anomaly-based cybersecurity.

Download Full-text