Towards Intrusion Detection Of Previously Unknown Network Attacks

Advances in telecommunication network technologies have led to an ever more interconnected world. Accordingly, the types of threats and attacks to intrude or disable such networks or portions of it are continuing to develop likewise. Thus, there is a need to detect previously unknown attack types. Supervised techniques are not suitable to detect previously not encountered attack types. This paper presents a new ensemble-based Unknown Network Attack Detector (UNAD) system. UNAD proposes a training workflow composed of heterogeneous and unsupervised anomaly detection techniques, trains on attack-free data and can distinguish normal network flow from (previously unknown) attacks. This scenario is more realistic for detecting previously unknown attacks than supervised approaches and is evaluated on telecommunication network data with known ground truth. Empirical results reveal that UNAD can detect attacks on which the workflows have not been trained on with a precision of 75% and a recall of 80%. The benefit of UNAD with existing network attack detectors is, that it can detect completely new attack types that have never been encountered before.

Download Full-text

Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

Sensors ◽

10.3390/s21217070 ◽

2021 ◽

Vol 21 (21) ◽

pp. 7070

Author(s):

Malak Aljabri ◽

Sumayh S. Aljameel ◽

Rami Mustafa A. Mohammad ◽

Sultan H. Almotiri ◽

Samiha Mirza ◽

...

Keyword(s):

Rapid Development ◽

Attack Detection ◽

Network Attacks ◽

Research Directions ◽

Network Attack ◽

Detection Systems ◽

Increased Risk ◽

Use Of The Internet ◽

Main Components ◽

Network Technologies

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.

Download Full-text

Investigation Approach for Network Attack Intention Recognition

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2017010102 ◽

2017 ◽

Vol 9 (1) ◽

pp. 17-38 ◽

Cited By ~ 8

Author(s):

Abdulghani Ali Ahmed

Keyword(s):

Rapid Development ◽

Sensitive Information ◽

Effective Protection ◽

Network Attacks ◽

Similarity Metric ◽

Network Attack ◽

Network Information ◽

Protection Systems ◽

Network Technologies ◽

Malicious Intent

Sensitive information has critical risks when transmitted through computer networks. Existing protection systems still have limitations with treating network information with sufficient confidentiality, integrity, and availability. The rapid development of network technologies helps increase network attacks and hides their malicious intentions. Attack intention is the ultimate attack goal that the attacker attempts to achieve by executing various intrusion methods or techniques. Recognizing attack intentions helps security administrator develop effective protection systems that can detect network attacks that have similar intentions. This paper analyses attack types and classifies them according to their malicious intent. An investigation approach based on similarity metric is proposed to recognize attacker plans and predict their intentions. The obtained results demonstrate that the proposed approach is capable of investigating similarity of attack signatures and recognizing the intentions of Network attack.

Download Full-text

Investigation Approach for Network Attack Intention Recognition

Digital Forensics and Forensic Investigations ◽

10.4018/978-1-7998-3025-2.ch015 ◽

2020 ◽

pp. 185-208

Author(s):

Abdulghani Ali Ahmed

Keyword(s):

Rapid Development ◽

Sensitive Information ◽

Effective Protection ◽

Network Attacks ◽

Similarity Metric ◽

Network Attack ◽

Network Information ◽

Protection Systems ◽

Network Technologies ◽

Malicious Intent

Download Full-text

Evaluating effects of focal length and viewing angle in a comparison of recent face landmark and alignment methods

EURASIP Journal on Image and Video Processing ◽

10.1186/s13640-021-00549-3 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Xiang Li ◽

Jianzheng Liu ◽

Jessica Baron ◽

Khoa Luu ◽

Eric Patterson

Keyword(s):

Focal Length ◽

Ground Truth ◽

Detection Methods ◽

Viewing Angle ◽

Deep Convolutional Neural Networks ◽

Landmark Detection ◽

High Performing ◽

Detection Techniques ◽

And Performance ◽

Lens Focal Length

AbstractRecent attention to facial alignment and landmark detection methods, particularly with application of deep convolutional neural networks, have yielded notable improvements. Neither these neural-network nor more traditional methods, though, have been tested directly regarding performance differences due to camera-lens focal length nor camera viewing angle of subjects systematically across the viewing hemisphere. This work uses photo-realistic, synthesized facial images with varying parameters and corresponding ground-truth landmarks to enable comparison of alignment and landmark detection techniques relative to general performance, performance across focal length, and performance across viewing angle. Recently published high-performing methods along with traditional techniques are compared in regards to these aspects.

Download Full-text

Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach

Journal of Computer Security ◽

10.3233/jcs-210101 ◽

2021 ◽

pp. 1-30

Author(s):

Qingtian Zou ◽

Anoop Singhal ◽

Xiaoyan Sun ◽

Peng Liu

Keyword(s):

Deep Learning ◽

Attack Detection ◽

Network Data ◽

Learning Models ◽

Real World Data ◽

Network Attacks ◽

Network Attack ◽

Public Network ◽

Network Intrusion ◽

End To End

Network attacks have become a major security concern for organizations worldwide. A category of network attacks that exploit the logic (security) flaws of a few widely-deployed authentication protocols has been commonly observed in recent years. Such logic-flaw-exploiting network attacks often do not have distinguishing signatures, and can thus easily evade the typical signature-based network intrusion detection systems. Recently, researchers have applied neural networks to detect network attacks with network logs. However, public network data sets have major drawbacks such as limited data sample variations and unbalanced data with respect to malicious and benign samples. In this paper, we present a new end-to-end approach based on protocol fuzzing to automatically generate high-quality network data, on which deep learning models can be trained for network attack detection. Our findings show that protocol fuzzing can generate data samples that cover real-world data, and deep learning models trained with fuzzed data can successfully detect the logic-flaw-exploiting network attacks.

Download Full-text

OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2016.928 ◽

2016 ◽

Vol 8 (3) ◽

pp. 327-333 ◽

Cited By ~ 3

Author(s):

Rimas Ciplinskas ◽

Nerijus Paulauskas

Keyword(s):

Anomaly Detection ◽

Network Flow ◽

Detection Method ◽

Attack Detection ◽

Detection Methods ◽

Cyber Attack ◽

Normal Network ◽

New Type ◽

Flow Detection ◽

F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

Download Full-text

Multiple Image Splicing Dataset (MISD): A Dataset for Multiple Splicing

Data ◽

10.3390/data6100102 ◽

2021 ◽

Vol 6 (10) ◽

pp. 102

Author(s):

Kalyani Dhananjay Kadam ◽

Swati Ahirrao ◽

Ketan Kotecha

Keyword(s):

Research Work ◽

Ground Truth ◽

Easy Access ◽

Image Editing ◽

Image Splicing ◽

Misleading Information ◽

Detection Techniques ◽

Multiple Image ◽

Significant Area ◽

Social Media Platforms

Image forgery has grown in popularity due to easy access to abundant image editing software. These forged images are so devious that it is impossible to predict with the naked eye. Such images are used to spread misleading information in society with the help of various social media platforms such as Facebook, Twitter, etc. Hence, there is an urgent need for effective forgery detection techniques. In order to validate the credibility of these techniques, publically available and more credible standard datasets are required. A few datasets are available for image splicing, such as Columbia, Carvalho, and CASIA V1.0. However, these datasets are employed for the detection of image splicing. There are also a few custom datasets available such as Modified CASIA, AbhAS, which are also employed for the detection of image splicing forgeries. A study of existing datasets used for the detection of image splicing reveals that they are limited to only image splicing and do not contain multiple spliced images. This research work presents a Multiple Image Splicing Dataset, which consists of a total of 300 multiple spliced images. We are the pioneer in developing the first publicly available Multiple Image Splicing Dataset containing high-quality, annotated, realistic multiple spliced images. In addition, we are providing a ground truth mask for these images. This dataset will open up opportunities for researchers working in this significant area.

Download Full-text

AODV-MSA: A Security Routing Protocol on Mobile Ad Hoc Network

Journal of Communications ◽

10.12720/jcm.16.4.143-149 ◽

2021 ◽

pp. 143-149

Author(s):

Le Quang Minh ◽

Keyword(s):

Routing Protocol ◽

Ad Hoc Network ◽

Network Performance ◽

Ad Hoc ◽

Mobile Ad Hoc Network ◽

Network Attacks ◽

Network Attack ◽

Asymmetric Encryption ◽

Mobile Ad Hoc ◽

Security Routing Protocol

Network security is an important problem, which attracts more attention because recent network attacks caused huge consequences such as data lose, reduce network performance and increase routing load. In this article, we show network attack forms in MANET and propose Multiple Signature Authenticate (MSA) mechanism using digital signature based on asymmetric encryption RSA. Moreover, we describe a new security routing protocol named AODV-MSA by integrating MSA into AODV. Using NS2 simulator system, we implement and examine the efficiency of the AODV-MSA protocol with the 32-bit keys.

Download Full-text

Failure Modeling of a Propulsion Subsystem: Unsupervised and Semi-Supervised Approaches to Anomaly Detection

International Journal of Pattern Recognition and Artificial Intelligence ◽

10.1142/s0218001419400196 ◽

2019 ◽

Vol 33 (11) ◽

pp. 1940019 ◽

Cited By ~ 2

Author(s):

Catherine Cheung ◽

Julio J. Valdés ◽

Richard Salas Chavez ◽

Srishti Sehgal

Keyword(s):

Anomaly Detection ◽

Clustering Algorithm ◽

Operating Conditions ◽

Sensor Data ◽

Support Vector ◽

Training Models ◽

Detection Techniques ◽

Failure Modeling ◽

Supervised Classifiers ◽

Unsupervised Anomaly Detection

In this work, the sensor data related to a diesel engine system and specifically its turbocharger subsystem were analyzed. An incident where the turbocharger seized was recorded by dozens of standard turbocharger-related sensors. By training models to distinguish between normal healthy operating conditions and deteriorated conditions, there is an opportunity to develop prognostic and predictive tools to ideally help prevent a similar occurrence in the future. Analysis of this event provides an opportunity to identify changes in equipment indicators with a known outcome. A number of data analysis tools were used to characterize the healthy and deteriorated states of the turbocharger system, including various supervised classification as well as semi-supervised and unsupervised anomaly detection techniques. The leader clustering algorithm was also implemented to reduce the amount of data to train and develop the models. This paper describes the results of this modeling process, validated by testing on healthy data from the same propulsion system and a second distinct one. Although this problem posed challenges due to the severely imbalanced class distribution, the supervised classifiers, in particular Support Vector Machine (SVM) and Random Forest (RF), performed very well in all metrics while the unsupervised anomaly detection models achieved near-perfect accuracy for identifying healthy turbocharger states.

Download Full-text

A Hybrid Deep Learning Framework for Unsupervised Anomaly Detection in Multivariate Spatio-Temporal Data

Applied Sciences ◽

10.3390/app10155191 ◽

2020 ◽

Vol 10 (15) ◽

pp. 5191

Author(s):

Yıldız Karadayı ◽

Mehmet N. Aydin ◽

A. Selçuk Öğrenci

Keyword(s):

Deep Learning ◽

Anomaly Detection ◽

Hurricane Katrina ◽

Time Series Data ◽

Hybrid Approach ◽

Ground Truth ◽

Outbreak Detection ◽

Series Data ◽

Detection Techniques ◽

Spatio Temporal

Multivariate time-series data with a contextual spatial attribute have extensive use for finding anomalous patterns in a wide variety of application domains such as earth science, hurricane tracking, fraud, and disease outbreak detection. In most settings, spatial context is often expressed in terms of ZIP code or region coordinates such as latitude and longitude. However, traditional anomaly detection techniques cannot handle more than one contextual attribute in a unified way. In this paper, a new hybrid approach based on deep learning is proposed to solve the anomaly detection problem in multivariate spatio-temporal dataset. It works under the assumption that no prior knowledge about the dataset and anomalies are available. The architecture of the proposed hybrid framework is based on an autoencoder scheme, and it is more efficient in extracting features from the spatio-temporal multivariate datasets compared to the traditional spatio-temporal anomaly detection techniques. We conducted extensive experiments using buoy data of 2005 from National Data Buoy Center and Hurricane Katrina as ground truth. Experiments demonstrate that the proposed model achieves more than 10% improvement in accuracy over the methods used in the comparison where our model jointly processes the spatial and temporal dimensions of the contextual data to extract features for anomaly detection.

Download Full-text