Detection of IoT based DDoS Attacks by Network Traffic Analysis using Feedforward Neural Networks

In this paper an optimized feedforward neural network model is proposed for detection of IoT based DDoS attacks by network traffic analysis aimed towards a specific target which could be constantly monitored by a tap. The proposed model is applicable for DoS and DDoS attacks which consist of TCP, UDP and HTTP flood and also against keylogging, data exfiltration, OS fingerprint and service scan activities. It simply differentiates such kind of network traffic from normal network flows. The neural network uses Adam optimization as a solver and the hyperbolic tangent activation function in all neurons from a single hidden layer. The number of hidden neurons could be varied, depending on targeted accuracy and processing speed. Testing over the Bot IoT dataset reveals that developed models are applicable using 8 or 10 features and achieved discrimination error of 4.91.10-3%.

A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.

The method for detecting network attacks based on the neuroimmune approach

The given paper proposes a procedure for detecting network attacks based on a hybrid model that combines deep learning methods and artificial immune systems and increases the efficiency of network traffic analysis. During the development process, the constituent components of a hybrid system for identifying network incidents have been specified with a preceding analysis of existing approaches to its construction. Conceptual architectures of the intrusion detection system have been proposed, functional simulation and data flow simulation for the system comprehensive description have been carried out. Theoretical analysis of the concepts selected for implementation of the development methods of network detection systems has been carried out and the procedures of their hybridization have been substantiated. A software package for comparative analysis of the neuroimmune approach with machine learning methods has been developed and tested.

Network traffic analysis using Machine Learning Techniques in IoT Network

Internet of things devices are not very intelligent and resource-constrained; thus, they are vulnerable to cyber threats. Cyber threats would become potentially harmful and lead to infecting the machines, disrupting the network topologies, and denying services to their legitimate users. Artificial intelligence-driven methods and advanced machine learning-based network investigation prevent the network from malicious traffics. In this research, a support vector machine learning technique was used to classify normal and abnormal traffic. Network traffic analysis has been done to detect and prevent the network from malicious traffic. Static and dynamic analysis of malware has been done. Mininet emulator was selected for network design, VMware fusion for creating a virtual environment, hosting OS was Ubuntu Linux, network topology was a tree topology. Wireshark was used to open an existing pcap file that contains network traffic. The support vector machine classifier demonstrated the best performance with 99% accuracy.