An Explainable AI-based Intrusion Detection System for DNS over HTTPS (DoH) Attacks

Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91\%), recall (99.92\%) and F1 score (99.91\%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.

An Explainable AI-based Intrusion Detection System for DNS over HTTPS (DoH) Attacks

Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91\%), recall (99.92\%) and F1 score (99.91\%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.

A Simulation Model of the Confrontation between an Organized Attacker and an Information Security System in the Implementation of an Attack on a Network Management System of Clock Network Synchronization

This article provides an overview of the interaction between the warring parties and the main stages of the confrontation between the organized attacker and the information security system in the implementation of an attack on the network management system of clock network synchronization. A simulation model has been developed that reflects all stages of the struggle, which allows, depending on the resources of an organized attacker and the information security system, to obtain probabilistic and temporal characteristics of the results of the confrontation. Simulation has been carried out for various scenarios of organizing an attack at all stages of the confrontation, from the overwhelming advantage of an organized malefactor to the overwhelming advantage of an information security system. The results obtained in the general case can be used by security administrators and network administrators to make adjustments to the strategy of organizing the protection of the network management system of clock network synchronization.

GPF: A Green Power Forwarding Technique for Energy-Efficient Network Operations

The energy consumption of network infrastructures is increasing; therefore, research efforts designed to diminish this growing carbon footprint are necessary. Building on prior work, which determined a difference in the energy consumption of network hardware based on their forwarding configurations and developed a real-time network energy monitoring tool, this research proposes a novel technique to incorporate individual device energy efficiency into network routing decisions. A new routing metric and algorithm are presented to select the lowest-power, least-congested paths between destinations, known as Green Power Forwarding (GPF). In addition, a network dial is developed to enhance GPF by allowing network administrators to tune the network to optimally operate between energy savings and network performance. To ensure the scope of this research for industry adoption, implementation details for different generations of networking infrastructure (past, present, and future) are also discussed. The experiment results indicate that significant energy and, in turn, cost savings can be achieved by employing the proposed GPF technique without a reduction in network performance. The future directions for this research include developing dynamically-tuning network dial modes and extending the principles to inter-domain routing.

Towards the Representation of Network Assets in Health Care Environments Using Ontologies

Objectives The aim of the study is to design an ontology model for the representation of assets and its features in distributed health care environments. Allow the interchange of information about these assets through the use of specific vocabularies based on the use of ontologies. Methods Ontologies are a formal way to represent knowledge by means of triples composed of a subject, a predicate, and an object. Given the sensitivity of network assets in health care institutions, this work by using an ontology-based representation of information complies with the FAIR principles. Federated queries to the ontology systems, allow users to obtain data from multiple sources (i.e., several hospitals belonging to the same public body). Therefore, this representation makes it possible for network administrators in health care institutions to have a clear understanding of possible threats that may emerge in the network. Results As a result of this work, the “Software Defined Networking Description Language—CUREX Asset Discovery Tool Ontology” (SDNDL-CAO) has been developed. This ontology uses the main concepts in network assets to represent the knowledge extracted from the distributed health care environments: interface, device, port, service, etc. Conclusion The developed SDNDL-CAO ontology allows to represent the aforementioned knowledge about the distributed health care environments. Network administrators of these institutions will benefit as they will be able to monitor emerging threats in real-time, something critical when managing personal medical information.

RT-RCT: an online tool for real-time retrieval of connected things

In recent years, internet of things (IoT) represents a giant and a promoter area in innovation and engineering fields. IoT devices are spread in various fields and offer advanced services which assist their users to monitor and control objects remotely. IoT has a set of special characteristics such as dynamic, variety of data and huge scale which introduces a great challenge in the field of retrieval technologies, more precisely real-time retrieval. This paper addresses the issue of real-time retrieval of connected things and tries to propose an innovative solution which allows the retrieval of these things and their descriptive data. The paper proposes an on-line tool for real-time retrieval of connected things and their descriptive data based on network port scanning technique. The performance of this tool proves to be powerful under normal conditions, however more tests must be implemented in the aim to improve the proposed solution. The tool resulted from this work appears to be promising and can be used as a reference by network administrators and IT security managers for the development of new security mechanisms and security reinforcement.

Layer 2 Path Evaluation System using Machine Learning

Is it strange that the spanning tree protocol (STP) has been the only thing used to defend the Layer-2 backbone against looping? Do we trust it? For several decades, the campus backbone has often been an unsuspected problem, one of which is STP failure. Meanwhile, the MAC address flapping is probably a feasible issue for modern network fabrics. According to the serious Layer-2 issues, particularly the legacy switches extended STP design, this work uses the notion of a software-defined network fashion to evaluate the traditional and modern networks. Through the MAC address lookup of all bridge devices, this work proposes the Layer-2 evaluation system (LES), which uses a novel approach known as support supervised learning to create the data preparation for machine learning. Additionally, the LES enabled network administrators to determine their backbones. This study is intended to evaluate the potential slowdown network caused by MAC address problems. Furthermore, this work investigates the proposed method in a real network, and it also covers the evaluation and performance of our proposed method.

On Optimizing WiFi RSSI and Channel Assignment using Genetic Algorithm for WiFi Tuning

In this work, we proposed a genetic algorithm-based Wi-Fi-tuning platform that could facilitate the network administrators to cope with co-channel interference triggered by other wireless sources. Generally, with a well-designed WLAN, signal interference from adjacent areas is usually minimized. Unfortunately, when other wireless sources are introduced into the WLAN system, co-channel interference is inevitable. Interference usually causes degradation and/or disruption of network services. Resolving this issue becomes even more complicated when the interfering signals come from access points owned by other ISPs and are not accessible by the network administrators. This paper proposed a Wi-Fi tuning platform that allowed automatic reconfiguration of WLAN settings by finding the best settings for channel assignment and transmission power level. When signal interference is detected, the platform attempts to find heuristic solutions for wireless settings based on a genetic algorithm. From our experiments, we could see that our proposed algorithm could regenerate WLAN settings that provided stronger signal levels, higher coverage ranges while reducing interference levels in the deployment area. With the proposed platform, troubleshooting became less complicated, requiring less cost and time. With the help of the Wi-Fi tuning platform, the network administrators could promptly react to the incidence leading to the enhancement of availability, reliability, and consistency of the WLAN system.

Network Automation using Ansible for EIGRP Network

Network automation has evolved into a solution that emphasizes efficiency in all areas. Furthermore, communication and computer networks rely on a platform that provides the necessary technological infrastructure for packet transfer through the Internet using routing protocols. The Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid routing protocol that combines the properties of both distance-vector and link-state routing methods. The traditional technique to configure EIGRP is inefficient and requires repeated processes compared to the network automation concept. Network automation helps to assist network administrators in automating and verifying the EIGRP configuration using scripting. This paper implemented network automation using Ansible to configure EIGRP routing and advanced configuration in the GNS3 environment. This study is focused on automated scripting to configure IP Addresses to the interfaces, EIGRP routing protocol, a default static route and advanced EIGRP configurations. Ansible ran the scripting on Network Automation Docker and pushed the configurations to the routers. The network automation docker communicated with other routers via SSH. In the testing phase, the running configuration between the traditional approach and automation scripting in the Ansible playbook was compared to verify EIGRP configurations' accuracy. The findings show that Ansible has successfully deployed the configuration to the routers with no errors. Ansible can help network administrators minimized human mistakes, reduce time-consuming and enable device visibility across the network environment. Implementing EIGRP authentication and hardening process can enhance the network security level for future study.

A Real-Time Network Traffic Classifier for Online Applications Using Machine Learning

The increasing ubiquity of network traffic and the new online applications’ deployment has increased traffic analysis complexity. Traditionally, network administrators rely on recognizing well-known static ports for classifying the traffic flowing their networks. However, modern network traffic uses dynamic ports and is transported over secure application-layer protocols (e.g., HTTPS, SSL, and SSH). This makes it a challenging task for network administrators to identify online applications using traditional port-based approaches. One way for classifying the modern network traffic is to use machine learning (ML) to distinguish between the different traffic attributes such as packet count and size, packet inter-arrival time, packet send–receive ratio, etc. This paper presents the design and implementation of NetScrapper, a flow-based network traffic classifier for online applications. NetScrapper uses three ML models, namely K-Nearest Neighbors (KNN), Random Forest (RF), and Artificial Neural Network (ANN), for classifying the most popular 53 online applications, including Amazon, Youtube, Google, Twitter, and many others. We collected a network traffic dataset containing 3,577,296 packet flows with different 87 features for training, validating, and testing the ML models. A web-based user-friendly interface is developed to enable users to either upload a snapshot of their network traffic to NetScrapper or sniff the network traffic directly from the network interface card in real time. Additionally, we created a middleware pipeline for interfacing the three models with the Flask GUI. Finally, we evaluated NetScrapper using various performance metrics such as classification accuracy and prediction time. Most notably, we found that our ANN model achieves an overall classification accuracy of 99.86% in recognizing the online applications in our dataset.