A new proactive feature selection model based on the enhanced optimization algorithms to detect DRDoS attacks

Cyberattacks have grown steadily over the last few years. The distributed reflection denial of service (DRDoS) attack has been rising, a new variant of distributed denial of service (DDoS) attack. DRDoS attacks are more difficult to mitigate due to the dynamics and the attack strategy of this type of attack. The number of features influences the performance of the intrusion detection system by investigating the behavior of traffic. Therefore, the feature selection model improves the accuracy of the detection mechanism also reduces the time of detection by reducing the number of features. The proposed model aims to detect DRDoS attacks based on the feature selection model, and this model is called a proactive feature selection model proactive feature selection (PFS). This model uses a nature-inspired optimization algorithm for the feature subset selection. Three machine learning algorithms, i.e., k-nearest neighbor (KNN), random forest (RF), and support vector machine (SVM), were evaluated as the potential classifier for evaluating the selected features. We have used the CICDDoS2019 dataset for evaluation purposes. The performance of each classifier is compared to previous models. The results indicate that the suggested model works better than the current approaches providing a higher detection rate (DR), a low false-positive rate (FPR), <span>and increased accuracy detection (DA).</span> The PFS model shows better accuracy to detect DRDoS attacks with 89.59%.

RST Analysis of Anomalous TIR Sequences in Relation with Earthquakes Occurred in Turkey in the Period 2004–2015

The paper provides, for the first time, a long-term (>10 years) analysis of anomalous transients in Earth’s emitted radiation over Turkey and neighbouring regions. The RST (Robust Satellite Techniques) approach is used to identify Significant Sequences of Thermal Anomalies (SSTAs) over about 12 years (May 2004 to October 2015) of night-time MSG-SEVIRI satellite images. The correlation analysis is performed with earthquakes with M ≥ 4, which occurred in the investigated period/region within a pre-defined space-time volume around SSTA occurrences. It confirms, also for Turkey, the possibility to qualify SSTAs among the candidate parameters of a multi-parametric system for time-Dependent Assessment of Seismic Hazard (t-DASH). After analysing about 4000 images (about 400 million of single satellite records), just 155 SSTAs (about 4 every 100 images) were isolated; 115 (74% out of the total) resulted in earthquake-related (false-positive rate 26%). Results of the error diagram confirms a non-casual correlation between RST-based SSTAs and earthquake occurrences, with probability gain values up to 2.2 in comparison with the random guess. The analysis, separately performed on Turkish areas characterized by different faults and earthquakes densities, demonstrates the SSTA correlation with a dynamic seismicity more than with static tectonic settings.

The first deep-learning search for radio technosignatures from 820 nearby stars

The goal of the Search for Extraterrestrial Intelligence (SETI) is to quantify the prevalence of technological life beyond Earth via their “technosignatures". One theorized technosignature are narrowband Doppler drifting radio signals. The principal challenge in conducting SETI in the radio domain is developing a generalized technique to reject human radio frequency interference (RFI) that dominate the features across the band in searches for technosignatures. Here, we present the first comprehensive deep-learning based technosignature search to date, returning 8 promising ETI signals-of-interest for re-observation as part of the Breakthrough Listen initiative. The search comprises 820 unique targets observed with the Robert C. Byrd Green Bank Telescope, totaling over 480 hr of on-sky data. We implement a novel β−Convolutional Variational Autoencoder with an embedded discriminator combined with Random Forest Decision Trees to classify technosignature candidates in a semiunsupervised manner. We compare our results with prior classical techniques on the same dataset and conclude that our algorithm returns more convincing and novel signals-of-interest with a manageable false positive rate. This new approach presents itself as a leading solution in accelerating SETI and other transient research into the age of data-driven astronomy.

Development and validation of a circulating microRNA panel for the early detection of breast cancer

Background Mammography is widely used for breast cancer screening but suffers from a high false-positive rate. Here, we perform the largest comprehensive, multi-center study to date involving diverse ethnic groups, for the identification of circulating miRNAs for breast cancer screening. Methods This study had a discovery phase (n = 289) and two validation phases (n = 374 and n = 379). Quantitative PCR profiling of 324 miRNAs was performed on serum samples from breast cancer (all stages) and healthy subjects to identify miRNA biomarkers. Two-fold cross-validation was used for building and optimising breast cancer-associated miRNA panels. An optimal panel was validated in cohorts with Caucasian and Asian samples. Diagnostic ability was evaluated using area under the curve (AUC) analysis. Results The study identified and validated 30 miRNAs dysregulated in breast cancer. An optimised eight-miRNA panel showed consistent performance in all cohorts and was successfully validated with AUC, accuracy, sensitivity, and specificity of 0.915, 82.3%, 72.2% and 91.5%, respectively. The prediction model detected breast cancer in both Caucasian and Asian populations with AUCs ranging from 0.880 to 0.973, including pre-malignant lesions (stage 0; AUC of 0.831) and early-stage (stages I–II) cancers (AUC of 0.916). Conclusions Our panel can potentially be used for breast cancer screening, in conjunction with mammography.

Identification of ∆9-tetrahydrocannabinol (THC) impairment using functional brain imaging

The primary cannabinoid in cannabis, Δ9-tetrahydrocannabinol (THC), causes intoxication and impaired function, with implications for traffic, workplace, and other situational safety risks. There are currently no evidence-based methods to detect cannabis-impaired driving, and current field sobriety tests with gold-standard, drug recognition evaluations are resource-intensive and may be prone to bias. This study evaluated the capability of a simple, portable imaging method to accurately detect individuals with THC impairment. In this double-blind, randomized, cross-over study, 169 cannabis users, aged 18–55 years, underwent functional near-infrared spectroscopy (fNIRS) before and after receiving oral THC and placebo, at study visits one week apart. Impairment was defined by convergent classification by consensus clinical ratings and an algorithm based on post-dose tachycardia and self-rated “high.” Our primary outcome, PFC oxygenated hemoglobin concentration (HbO), was increased after THC only in participants operationalized as impaired, independent of THC dose. ML models using fNIRS time course features and connectivity matrices identified impairment with 76.4% accuracy, 69.8% positive predictive value (PPV), and 10% false-positive rate using convergent classification as ground truth, which exceeded Drug Recognition Evaluator-conducted expanded field sobriety examination (67.8% accuracy, 35.4% PPV, and 35.4% false-positive rate). These findings demonstrate that PFC response activation patterns and connectivity produce a neural signature of impairment, and that PFC signal, measured with fNIRS, can be used as a sole input to ML models to objectively determine impairment from THC intoxication at the individual level. Future work is warranted to determine the specificity of this classifier to acute THC impairment.ClinicalTrials.gov Identifier: NCT03655717

A high-performance brain switch based on code-modulated visual evoked potentials

Objective. Asynchronous brain-computer interfaces (BCIs) are more practical and natural compared to synchronous BCIs. A brain switch is a standard asynchronous BCI, which can automatically detect the specified change of the brain and discriminate between the control state and the idle state. The current brain switches still face challenges on relatively long reaction time (RT) and high false positive rate (FPR). Approach. In this paper, an online electroencephalography-based brain switch is designed to realize a fast reaction and keep long idle time (IDLE) without false positives (FPs) using code-modulated visual evoked potentials (c-VEPs). Two stimulation paradigms were designed and compared in the experiments: multi-code concatenate modulation (concatenation mode) and single-code periodic modulation (periodic mode). Using a task-related component analysis-based detection algorithm, EEG data can be decoded into a series of code indices. Brain states can be detected by a template matching approach with a sliding window on the output series. Main results. The online experiments achieved an average RT of 1.49 seconds when the average IDLE for each FP was 68.57 minutes (1.46e-2 FP/min) or an average RT of 1.67 seconds without FPs. Significance. This study provides a practical c-VEP based brain switch system with both fast reaction and low FPR during idle state, which can be used in various BCI applications.

BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS

Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. ABSTRAK: Botnet merupakan ancaman siber yang sentiasa berevolusi. Pemilik bot sentiasa memperbaharui strategi keselamatan bagi botnet agar tidak dapat dikesan. Setiap saat, kod-kod sumber baru botnet telah dikesan dan setiap serangan dilihat menunjukkan tahap kesukaran dan ketahanan dalam mengesan bot. Model pengesanan rangkaian botnet konvensional telah menggunakan analisis berdasarkan tanda pengenalan bagi mengatasi halangan besar dalam mengesan corak botnet tersembunyi seperti teknik penyulitan dan teknik polimorfik. Masalah ini lebih bertumpu pada perubahan struktur berpusat kepada struktur bukan berpusat seperti rangkaian rakan ke rakan (P2P). Analisis tingkah laku ini seperti sesuai bagi menyelesaikan masalah-masalah tersebut kerana ianya tidak bergantung kepada analisis rangkaian beban muatan trafik. Selain itu, bagi menjangka botnet baru, model pengesanan harus dibangunkan. Kajian ini bertumpu kepada penggunaan analisa tingkah-laku berdasarkan aliran bagi mengesan botnet baru yang sukar dikesan pada corak pengenalan botnet sedia-ada yang sentiasa berubah dan menggunakan strategi tersembunyi. Kajian ini juga mencadangkan penggunakan Analisis Komponen Bebas (ICA) dan pra-pemprosesan data yang standard bagi meningkatkan kualiti data sebelum pengelasan. Peratusan ciri-ciri penting telah dibandingkan dengan dan tanpa menggunakan ICA. Dapatan kajian melalui eksperimen menunjukkan dengan penggunaan ICA, keputusan adalah jauh lebih baik. Skor F tertinggi ialah 83% bagi bot Neris. Purata skor F bagi sampel botnet baru adalah 74%. Melalui ujian kepentingan ciri, kepentingan ciri meningkat dari 22% kepada 27%, dan kadar positif model latihan palsu juga berkurangan dari 1.8% kepada 1.7%.

Detecting the Speed Change Intention from EEG Signals: From the Offline and Pseudo-Online Analysis to an Online Closed-Loop Validation

Control of assistive devices by voluntary user intention is an underdeveloped topic in the Brain–Machine Interfaces (BMI) literature. In this work, a preliminary real-time BMI for the speed control of an exoskeleton is presented. First, an offline analysis for the selection of the intention patterns based on the optimum features and electrodes is proposed. This is carried out comparing three different classification models: monotonous walk vs. increasing and decreasing change speed intentions, monotonous walk vs. only increasing intention, and monotonous walk vs. only decreasing intention. The results indicate that, among the features tested, the most suitable parameter to represent these models are the Hjorth statistics in alpha and beta frequency bands. The average offline classification accuracy for the offline cross-validation of the three models obtained is 68 ± 11%. This selection is also tested following a pseudo-online analysis, simulating a real-time detection of the subject’s intentions to change speed. The average results indices of the three models during this pseudoanalysis are of a 42% true positive ratio and a false positive rate per minute of 9. Finally, in order to check the viability of the approach with an exoskeleton, a case of study is presented. During the experimental session, the pros and cons of the implementation of a closed-loop control of speed change for the H3 exoskeleton through EEG analysis are commented.

Security Testing Framework for Web Applications

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.

IoT-IE: An Information-Entropy-Based Approach to Traffic Anomaly Detection in Internet of Things

Security issues related to the Internet of Things (IoTs) have attracted much attention in many fields in recent years. One important problem in IoT security is to recognize the type of IoT devices, according to which different strategies can be designed to enhance the security of IoT applications. However, existing IoT device recognition approaches rarely consider traffic attacks, which might change the pattern of traffic and consequently decrease the recognition accuracy of different IoT devices. In this work, we first validate by experiments that traffic attacks indeed decrease the recognition accuracy of existing IoT device recognition approaches; then, we propose an approach called IoT-IE that combines information entropy of different traffic features to detect traffic anomaly. We then enhance the robustness of IoT device recognition by detecting and ignoring the abnormal traffic detected by our approach. Experimental evaluations show that IoT-IE can effectively detect abnormal behaviors of IoT devices in the traffic under eight different types of attacks, achieving a high accuracy value of 0.977 and a low false positive rate of 0.011. It also achieves an accuracy of 0.969 in a multiclassification experiment with 7 different types of attacks.