An Efficient Hyperparameter Control Method for a Network Intrusion Detection System Based on Proximal Policy Optimization

The complexity of network intrusion detection systems (IDSs) is increasing due to the continuous increases in network traffic, various attacks and the ever-changing network environment. In addition, network traffic is asymmetric with few attack data, but the attack data are so complex that it is difficult to detect one. Many studies on improving intrusion detection performance using feature engineering have been conducted. These studies work well in the dataset environment; however, it is challenging to cope with a changing network environment. This paper proposes an intrusion detection hyperparameter control system (IDHCS) that controls and trains a deep neural network (DNN) feature extractor and k-means clustering module as a reinforcement learning model based on proximal policy optimization (PPO). An IDHCS controls the DNN feature extractor to extract the most valuable features in the network environment, and identifies intrusion through k-means clustering. Through iterative learning using the PPO-based reinforcement learning model, the system is optimized to improve performance automatically according to the network environment, where the IDHCS is used. Experiments were conducted to evaluate the system performance using the CICIDS2017 and UNSW-NB15 datasets. In CICIDS2017, an F1-score of 0.96552 was achieved and UNSW-NB15 achieved an F1-score of 0.94268. An experiment was conducted by merging the two datasets to build a more extensive and complex test environment. By merging datasets, the attack types in the experiment became more diverse and their patterns became more complex. An F1-score of 0.93567 was achieved in the merged dataset, indicating 97% to 99% performance compared with CICIDS2017 and UNSW-NB15. The results reveal that the proposed IDHCS improved the performance of the IDS by automating learning new types of attacks by managing intrusion detection features regardless of the network environment changes through continuous learning.

Polymorphic Adversarial Cyberattacks Using WGAN

Intrusion Detection Systems (IDS) are essential components in preventing malicious traffic from penetrating networks and systems. Recently, these systems have been enhancing their detection ability using machine learning algorithms. This development also forces attackers to look for new methods for evading these advanced Intrusion Detection Systemss. Polymorphic attacks are among potential candidates that can bypass the pattern matching detection systems. To alleviate the danger of polymorphic attacks, the IDS must be trained with datasets that include these attacks. Generative Adversarial Network (GAN) is a method proven in generating adversarial data in the domain of multimedia processing, text, and voice, and can produce a high volume of test data that is indistinguishable from the original training data. In this paper, we propose a model to generate adversarial attacks using Wasserstein GAN (WGAN). The attack data synthesized using the proposed model can be used to train an IDS. To evaluate the trained IDS, we study several techniques for updating the attack feature profile for the generation of polymorphic data. Our results show that by continuously changing the attack profiles, defensive systems that use incremental learning will still be vulnerable to new attacks; meanwhile, their detection rates improve incrementally until the polymorphic attack exhausts its profile variables.

Shark Side of the Moon: Are Shark Attacks Related to Lunar Phase?

Animals across taxa have shown behaviors linked to moon phase (or the proxy of lunar illumination), and marine organisms are well-documented to calibrate certain activities with the moon. Few studies have looked at a possible connection between moon phase and shark attacks on humans, and the results have been preliminary or lacking relationships. We used nearly 50 years of shark attack data from across the globe to test for a relationship between shark attacks and moon phase. We examined factors of geography, shark species, and outcome of attack. From 12 relationships that we tested (totaling 120 comparisons), we found 12 significant outcomes, of which five were positive (i.e., more attacks than expected) and seven were negative (i.e., fewer attacks than expected). Specifically, all the instances of more shark attacks than expected occurred at lunar illumination >50%, while all the instances of fewer shark attacks than expected occurred at lunar illumination of <50%. The findings presented here provide global evidence that shark attacks may be related to moon phase, and such information could be useful toward evaluating attack risk and developing recommendations for water-based recreational activities.

Overview of attacks against civilian infrastructure during the Syrian civil war, 2012–2018

BackgroundHundreds of thousands of people have been killed during the Syrian civil war and millions more displaced along with an unconscionable amount of destroyed civilian infrastructure.MethodsWe aggregate attack data from Airwars, Physicians for Human Rights and the Safeguarding Health in Conflict Coalition/Insecurity Insight to provide a summary of attacks against civilian infrastructure during the years 2012–2018. Specifically, we explore relationships between date of attack, governorate, perpetrator and weapon for 2689 attacks against five civilian infrastructure classes: healthcare, private, public, school and unknown. Multiple correspondence analysis (MCA) via squared cosine distance, k-means clustering of the MCA row coordinates, binomial lasso classification and Cramer’s V coefficients are used to produce and investigate these correlations.ResultsFrequencies and proportions of attacks against the civilian infrastructure classes by year, governorate, perpetrator and weapon are presented. MCA results identify variation along the first two dimensions for the variables year, governorate, perpetrator and healthcare infrastructure in four topics of interest: (1) Syrian government attacks against healthcare infrastructure, (2) US-led Coalition offensives in Raqqa in 2017, (3) Russian violence in Aleppo in 2016 and (4) airstrikes on non-healthcare infrastructure. These topics of interest are supported by results of the k-means clustering, binomial lasso classification and Cramer’s V coefficients.DiscussionFindings suggest that violence against healthcare infrastructure correlates strongly with specific perpetrators. We hope that the results of this study provide researchers with valuable data and insights that can be used in future analyses to better understand the Syrian conflict.

Suicide Bomb Attack Identification and Analytics through Data Mining Techniques

Suicide bomb attacks are a high priority concern nowadays for every country in the world. They are a massively destructive criminal activity known as terrorism where one explodes a bomb attached to himself or herself, usually in a public place, taking the lives of many. Terrorist activity in different regions of the world depends and varies according to geopolitical situations and significant regional factors. There has been no significant work performed previously by utilizing the Pakistani suicide attack dataset and no data mining-based solutions have been given related to suicide attacks. This paper aims to contribute to the counterterrorism initiative for the safety of this world against suicide bomb attacks by extracting hidden patterns from suicidal bombing attack data. In order to analyze the psychology of suicide bombers and find a correlation between suicide attacks and the prediction of the next possible venue for terrorist activities, visualization analysis is performed and data mining techniques of classification, clustering and association rule mining are incorporated. For classification, Naïve Bayes, ID3 and J48 algorithms are applied on distinctive selected attributes. The results exhibited by classification show high accuracy against all three algorithms applied, i.e., 73.2%, 73.8% and 75.4%. We adapt the K-means algorithm to perform clustering and, consequently, the risk of blast intensity is identified in a particular location. Frequent patterns are also obtained through the Apriori algorithm for the association rule to extract the factors involved in suicide attacks.

An Efficient Method for Detection of DDoS Attacks on the Web Using Deep Learning Algorithms

Recently, DDoS attacks is the most significant threat in network security. Both industry and academia are currently debating how to detect and protect against DDoS attacks. Many studies are provided to detect these types of attacks. Deep learning techniques are the most suitable and efficient algorithm for categorizing normal and attack data. Hence, a deep neural network approach is proposed in this study to mitigate DDoS attacks effectively. We used a deep learning neural network to identify and classify traffic as benign or one of four different DDoS attacks. We will concentrate on four different DDoS types: Slowloris, Slowhttptest, DDoS Hulk, and GoldenEye. The rest of the paper is organized as follow: Firstly, we introduce the work, Section 2 defines the related works, Section 3 presents the problem statement, Section 4 describes the proposed methodology, Section 5 illustrate the results of the proposed methodology and shows how the proposed methodology outperforms state-of-the-art work and finally Section VI concludes the paper.

ICSTrace: A Malicious IP Traceback Model for Attacking Data of the Industrial Control System

Considering that the attacks against the industrial control system are mostly organized and premeditated actions, IP traceback is significant for the security of the industrial control system. Based on the infrastructure of the internet, we have developed a novel malicious IP traceback model, ICSTrace, without deploying any new services. The model extracts the function codes and their parameters from the attack data according to the format of the industrial control protocol and employs a short sequence probability method to transform the function codes and their parameters into a vector, which characterizes the attack pattern of malicious IP addresses. Furthermore, a partial seeded K-means algorithm is proposed for the pattern’s clustering, which helps in tracing the attacks back to an organization. ICSTrace is evaluated based on the attack data captured by the large-scale deployed honeypots for the industrial control system, and the results demonstrate that ICSTrace is effective on malicious IP traceback in the industrial control system.

Penggunaan Metode Signature Based dalam Pengenalan Pola Serangan di Jaringan Komputer

<p class="Abstrak">Masalah keamanan jaringan semakin menjadi perhatian saat ini. Sudah semakin banyak <em>tools</em> maupun teknik yang dapat digunakan untuk masuk kedalam sistem secara ilegal, sehingga membuat lumpuh sistem yang ada. Hal tersebut dapat terjadi karena adanya celah dan tidak adanya sistem keamanan yang melindunginya, sehingga sistem menjadi rentan terhadap serangan. Pengenalan pola serangan di jaringan merupakan salah satu upaya agar serangan tersebut dapat dikenali, sehingga mempermudah administrator jaringan dalam menanganinya apabila terjadi serangan. Salah satu teknik yang dapat digunakan dalam keamanan jaringan<em> </em>karena dapat mendeteksi serangan secara <em>real time</em> adalah <em>Intrusion Detection System</em> (IDS), yang dapat membantu administrator dalam mendeteksi serangan yang datang. Penelitian ini menggunakan metode <em>signatured based </em>dan mengujinya dengan menggunakan simulasi. Paket data yang masuk akan dinilai apakah berbahaya atau tidak, selanjutnya digunakan beberapa <em>rule</em> untuk mencari nilai akurasi terbaik. Beberapa <em>rule</em> yang digunakan berdasarkan hasil <em>training </em>dan uji menghasilakan 60% hasil <em>training </em>dan 50% untuk hasil uji <em>rule</em> 1, 50% hasil <em>training </em>dan 75% hasil uji <em>rule</em> 2, 75% hasil <em>training</em> dan hasil uji rule 3, 25% hasil <em>training </em>dan hasil uji <em>rule </em>4, 50% hasil <em>training</em> dan hasil uji untuk <em>rule</em> 5. Hasil pengujian dengan metode <em>signatured based</em> ini mampu mengenali pola data serangan melaui protokol TCP dan UDP, dan <em>monitoring </em>yang dibuat mampu mendeteksi semua serangan dengan tampilan <em>web base.</em></p><p class="Abstrak"><em><br /></em></p><p class="Abstrak"><strong><em>Abstract</em></strong></p><p class="Abstract"><em>Network security issues are becoming increasingly a concern these days. There are more and more tools and techniques that can be used to enter the system illegally, thus paralyzing the existing system. This can occur due to loopholes and the absence of a security system that protects it so that the system becomes vulnerable to attacks. The recognition of attack patterns on the network is an effort to make these attacks recognizable, making it easier for network administrators to handle them in the event of an attack. One of the techniques that can be used in network security because of a timely attack is the Intrusion Detection System (IDS), which can help administrators in surveillance that comes. This study used a signature-based method and tested it using a simulation. The incoming data packet will be assessed whether it is dangerous or not, then several rules are used to find the best accuracy value. Some rules used are based on the results of training and testing results in 60% training results and 50% for rule 1 test results, 50% training results and 75% rule 2 test results, 75% training results and rule 3 test results, 25% training results and the result of rule 4 test, 50% of training results and test results for rule 5. The test results with the signature-based method can recognize attack data patterns via TCP and UDP protocols, and monitoring is made to be able to detect all attacks with a web-based display.</em></p><p class="Abstrak"><strong><em><br /></em></strong></p>