Optimizing Network Anomaly Detection Based on Network Traffic

Cyber-attack is a very hot topic today. Nowadays, systems must always be connected to the internet, and network infrastructure keeps growing in both scale and complexity. Therefore, the problem of detecting and warning cyber-attacks is now very urgent. To improve the effectiveness of detecting cyber-attacks, many methods and techniques were applied. In this paper, we propose to apply two methods of optimizing cyber-attack detection based on the IDS 2018 dataset using Principal Component Analysis (PCA) and machine learning algorithms. In the experimental section, we compare and evaluate the efficiency of the algorithm through 2 parameters: detection and processing time, and the accuracy of the algorithm. The experimental results show that the model using optimized features has brought an apparent and better effect than models that have not reduced the feature dimension. Keywords— PCA; Network traffic; Anomaly; Cyberattack detection.

Download Full-text

Optimization of network traffic anomaly detection using machine learning

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v11i3.pp2360-2370 ◽

2021 ◽

Vol 11 (3) ◽

pp. 2360

Author(s):

ChoXuan Do ◽

Nguyen Quang Dam ◽

Nguyen Tung Lam

Keyword(s):

Random Forest ◽

Detection Method ◽

Information Gain ◽

Principal Component ◽

Attack Detection ◽

Cyber Attacks ◽

Abnormal Behavior ◽

Cyber Attack ◽

Detection Algorithms ◽

Abnormal Behavior Detection

In this paper, to optimize the process of detecting cyber-attacks, we choose to propose 2 main optimization solutions: Optimizing the detection method and optimizing features. Both of these two optimization solutions are to ensure the aim is to increase accuracy and reduce the time for analysis and detection. Accordingly, for the detection method, we recommend using the Random Forest supervised classification algorithm. The experimental results in section 4.1 have proven that our proposal that use the Random Forest algorithm for abnormal behavior detection is completely correct because the results of this algorithm are much better than some other detection algorithms on all measures. For the feature optimization solution, we propose to use some data dimensional reduction techniques such as information gain, principal component analysis, and correlation coefficient method. The results of the research proposed in our paper have proven that to optimize the cyber-attack detection process, it is not necessary to use advanced algorithms with complex and cumbersome computational requirements, it must depend on the monitoring data for selecting the reasonable feature extraction and optimization algorithm as well as the appropriate attack classification and detection algorithms.

Download Full-text

RESILIENT FLOCKING CONTROL FOR CONNECTED AND AUTOMATED VEHICLES WITH CYBER-ATTACK THREATS

ASME Letters in Dynamic Systems and Control ◽

10.1115/1.4050123 ◽

2021 ◽

pp. 1-7

Author(s):

Fengchen Wang ◽

Yan Chen

Keyword(s):

Detection Method ◽

Tracking Error ◽

Attack Detection ◽

Cyber Attacks ◽

Vehicle Tracking ◽

Cyber Attack ◽

Dynamics Model ◽

Automated Vehicles ◽

Tracking Errors ◽

Error Dynamics

Abstract To improve the cybersecurity of flocking control for connected and automated vehicles (CAVs), this paper proposes a novel resilient flocking control by specifically considering cyber-attack threats on vehicle tracking errors. Using the vehicle tracking error dynamics model, a dual extended Kalman filter (DEKF) is applied to detect cyber-attacks as an unknown constant on vehicle tracking information with noise rejections. To handle the coupling effects between tracking errors and cyber-attacks, the proposed DEKF consists of a tracking error filter and a cyber-attack filter, which are utilized to conduct the prediction and correction of tracking errors alternatively. Whenever an abnormal tracking error is detected, an observer-based resilient flocking control is enabled. Demonstrated by simulation results, the proposed cyber-attack detection method and resilient flocking control design can successfully achieve and maintain the flocking control of multi-CAV systems by rejecting certain cyber-attack threats.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch080 ◽

2021 ◽

pp. 1658-1671

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.

Download Full-text

Learning Representations of Network Traffic Using Deep Neural Networks for Network Anomaly Detection: A Perspective towards Oil and Gas IT Infrastructures

Symmetry ◽

10.3390/sym12111882 ◽

2020 ◽

Vol 12 (11) ◽

pp. 1882

Author(s):

Sheraz Naseer ◽

Rao Faizan Ali ◽

P.D.D Dominic ◽

Yasir Saleem

Keyword(s):

Anomaly Detection ◽

Network Traffic ◽

Oil And Gas ◽

Resource Planning ◽

Machine Learning Algorithms ◽

Data Driven ◽

Network Data ◽

It Infrastructure ◽

Industrial Automation ◽

Network Anomaly Detection

Oil and Gas organizations are dependent on their IT infrastructure, which is a small part of their industrial automation infrastructure, to function effectively. The oil and gas (O&G) organizations industrial automation infrastructure landscape is complex. To perform focused and effective studies, Industrial systems infrastructure is divided into functional levels by The Instrumentation, Systems and Automation Society (ISA) Standard ANSI/ISA-95:2005. This research focuses on the ISA-95:2005 level-4 IT infrastructure to address network anomaly detection problem for ensuring the security and reliability of Oil and Gas resource planning, process planning and operations management. Anomaly detectors try to recognize patterns of anomalous behaviors from network traffic and their performance is heavily dependent on extraction time and quality of network traffic features or representations used to train the detector. Creating efficient representations from large volumes of network traffic to develop anomaly detection models is a time and resource intensive task. In this study we propose, implement and evaluate use of Deep learning to learn effective Network data representations from raw network traffic to develop data driven anomaly detection systems. Proposed methodology provides an automated and cost effective replacement of feature extraction which is otherwise a time and resource intensive task for developing data driven anomaly detectors. The ISCX-2012 dataset is used to represent ISA-95 level-4 network traffic because the O&G network traffic at this level is not much different than normal internet traffic. We trained four representation learning models using popular deep neural network architectures to extract deep representations from ISCX 2012 traffic flows. A total of sixty anomaly detectors were trained by authors using twelve conventional Machine Learning algorithms to compare the performance of aforementioned deep representations with that of a human-engineered handcrafted network data representation. The comparisons were performed using well known model evaluation parameters. Results showed that deep representations are a promising feature in engineering replacement to develop anomaly detection models for IT infrastructure security. In our future research, we intend to investigate the effectiveness of deep representations, extracted using ISA-95:2005 Level 2-3 traffic comprising of SCADA systems, for anomaly detection in critical O&G systems.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch013 ◽

2020 ◽

pp. 283-299 ◽

Cited By ~ 1

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Download Full-text

Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid

10.5772/intechopen.94093 ◽

2020 ◽

Author(s):

Mohammad Irshaad Oozeer ◽

Simon Haykin

Keyword(s):

Smart Grid ◽

Dynamic System ◽

State Estimation ◽

Attack Detection ◽

Cyber Attacks ◽

Data Detection ◽

Cyber Attack ◽

Bad Data Detection ◽

Cycle Basis ◽

Iterative Procedures

The work presented in this chapter is an extension of our previous research of bringing together the Cognitive Dynamic System (CDS) and the Smart Grid (SG) by focusing on AC state estimation and Cyber-Attack detection. Under the AC power flow model, state estimation is complex and computationally expensive as it relies on iterative procedures. On the other hand, the False Data Injection (FDI) attacks are a new category of cyber-attacks targeting the SG that can bypass the current bad data detection techniques in the SG. Due to the complexity of the nonlinear system involved, the amount of published works on AC based FDI attacks have been fewer compared to their DC counterpart. Here, we will demonstrate how the entropic state, which is the objective function of the CDS, can be used as a metric to monitor the grid’s health and detect FDI attacks. The CDS, acting as the supervisor of the system, improves the entropic state on a cycle to cycle basis by dynamically optimizing the state estimation process through the reconfiguration of the weights of the sensors in the network. In order to showcase performance of this new structure, computer simulations are carried out on the IEEE 14-bus system for optimal state estimation and FDI attack detection.

Download Full-text

An Efficient Classifier for U2R, R2L, DoS Attack

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a1942.059120 ◽

2020 ◽

Vol 9 (1) ◽

pp. 644-647

Keyword(s):

Machine Learning ◽

Network Security ◽

Learning Algorithms ◽

Research Area ◽

Attack Detection ◽

Machine Learning Algorithms ◽

The Internet ◽

Detection Accuracy ◽

Cyber Attack ◽

Detection Systems

The internet has become an irreplaceable communicating and informative tool in the current world. With the ever-growing importance and massive use of the internet today, there has been interesting from researchers to find the perfect Cyber Attack Detection Systems (CADSs) or rather referred to as Intrusion Detection Systems (IDSs) to protect against the vulnerabilities of network security. CADS presently exist in various variants but can be largely categorized into two broad classifications; signature-based detection and anomaly detection CADSs, based on their approaches to recognize attack packets.The signature-based CADS use the well-known signatures or fingerprints of the attack packets to signal the entry across the gateways of secured networks. Signature-based CADS can only recognize threats that use the known signature, new attacks with unknown signatures can, therefore, strike without notice. Alternatively, anomaly-based CADS are enabled to detect any abnormal traffic within the network and report. There are so many ways of identifying anomalies and different machine learning algorithms are introduced to counter such threats. Most systems, however, fall short of complete attack prevention in the real world due system administration and configuration, system complexity and abuse of authorized access. Several scholars and researchers have achieved a significant milestone in the development of CADS owing to the importance of computer and network security. This paper reviews the current trends of CADS analyzing the efficiency or level of detection accuracy of the machine learning algorithms for cyber-attack detection with an aim to point out to the best. CADS is a developing research area that continues to attract several researchers due to its critical objective.

Download Full-text

Development of an IoT Architecture Based on a Deep Neural Network against Cyber Attacks for Automated Guided Vehicles

Sensors ◽

10.3390/s21248467 ◽

2021 ◽

Vol 21 (24) ◽

pp. 8467

Author(s):

Mahmoud Elsisi ◽

Minh-Quang Tran

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Online Monitoring ◽

Attack Detection ◽

Cyber Attacks ◽

Machine Learning Algorithms ◽

Automated Guided Vehicles ◽

Gradient Boosting ◽

Machine Model ◽

Extreme Gradient Boosting

This paper introduces an integrated IoT architecture to handle the problem of cyber attacks based on a developed deep neural network (DNN) with a rectified linear unit in order to provide reliable and secure online monitoring for automated guided vehicles (AGVs). The developed IoT architecture based on a DNN introduces a new approach for the online monitoring of AGVs against cyber attacks with a cheap and easy implementation instead of the traditional cyber attack detection schemes in the literature. The proposed DNN is trained based on experimental AGV data that represent the real state of the AGV and different types of cyber attacks including a random attack, ramp attack, pulse attack, and sinusoidal attack that is injected by the attacker into the internet network. The proposed DNN is compared with different deep learning and machine learning algorithms such as a one dimension convolutional neural network (1D-CNN), a supported vector machine model (SVM), random forest, extreme gradient boosting (XGBoost), and a decision tree for greater validation. Furthermore, the proposed IoT architecture based on a DNN can provide an effective detection for the AGV status with an excellent accuracy of 96.77% that is significantly greater than the accuracy based on the traditional schemes. The AGV status based on the proposed IoT architecture with a DNN is visualized by an advanced IoT platform named CONTACT Elements for IoT. Different test scenarios with a practical setup of an AGV with IoT are carried out to emphasize the performance of the suggested IoT architecture based on a DNN. The results approve the usefulness of the proposed IoT to provide effective cybersecurity for data visualization and tracking of the AGV status that enhances decision-making and improves industrial productivity.

Download Full-text

Crucial Role of Data Analytics in the Prevention and Detection of Cyber Security Attacks

Advances in Digital Crime, Forensics, and Cyber Terrorism - Confluence of AI, Machine, and Deep Learning in Cyber Forensics ◽

10.4018/978-1-7998-4900-1.ch004 ◽

2021 ◽

pp. 67-80

Author(s):

Charulatha B. S. ◽

A. Neela Madheswari ◽

Shanthi K. ◽

Chamundeswari Arumugam

Keyword(s):

Business Process ◽

Cyber Security ◽

Data Analytics ◽

User Behavior ◽

Relevant Information ◽

Cyber Attacks ◽

Social Needs ◽

Machine Learning Algorithms ◽

Cyber Attack ◽

Data Set

Data analytics plays a major role in retrieving relevant information in addition to avoiding unwanted data, missed values, good visualization and interpretation, decision making in any business, or social needs. Many organizations are affected by cyber-attacks in their business at a greater frequency when they get exposure to the internet. Cyber-attacks are plenty, and tracking them is really difficult work. The entry of cyber-attack may be through different events in the business process. Detecting the attack is laborious and collecting the data is still a hard task. The detection of the source of attack for the various events in the business process as well as the tracking the corresponding data needs an investigation procedure. This chapter concentrates on applying machine learning algorithms to study the user behavior in the process to detect network anomalies. The data from KDD'99 data set is collected and analyzed using decision tree, isolation forest, bagging classifier, and Adaboost classifier algorithms.

Download Full-text

SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach

Future Internet ◽

10.3390/fi10080076 ◽

2018 ◽

Vol 10 (8) ◽

pp. 76 ◽

Cited By ~ 12

Author(s):

Marcio Teixeira ◽

Tara Salman ◽

Maede Zolanvari ◽

Raj Jain ◽

Nader Meskin ◽

...

Keyword(s):

Machine Learning ◽

Supervisory Control ◽

Network Traffic ◽

Learning Algorithms ◽

Cyber Attacks ◽

Machine Learning Algorithms ◽

Learning Models ◽

Scada System ◽

Machine Learning Approach ◽

Machine Learning Models

This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank’s control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naïve Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environments.

Download Full-text