Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence

From proactive detection of cyberattacks to the identification of key actors, analyzing contents of the Dark Web plays a significant role in deterring cybercrimes and understanding criminal minds. Researching in the Dark Web proved to be an essential step in fighting cybercrime, whether with a standalone investigation of the Dark Web solely or an integrated one that includes contents from the Surface Web and the Deep Web. In this review, we probe recent studies in the field of analyzing Dark Web content for Cyber Threat Intelligence (CTI), introducing a comprehensive analysis of their techniques, methods, tools, approaches, and results, and discussing their possible limitations. In this review, we demonstrate the significance of studying the contents of different platforms on the Dark Web, leading new researchers through state-of-the-art methodologies. Furthermore, we discuss the technical challenges, ethical considerations, and future directions in the domain.

SWIPT-Based Nonorthogonal Multiple Access under Arbitrary Nakagami-m Fading with Direct Links

This paper studies the joint impact of simultaneous wireless information and power transfer (SWIPT) and nonorthogonal multiple access (NOMA) to the cooperative relay (CoR) network where direct links exist. Over Nakagami-m fading environments, the near users employ decode-and-forward (DF) and energy harvesting (EH) to assist the transmission from the source to the far users. Exploiting the time-switching protocol (TSP) and power-splitting protocol (PSP) to the CoR-based NOMA system, analytical results for the outage probability are derived, and the corresponding throughput is obtained. Comparative results show that the PSP outperforms the TSP at low transmit power, while at high-transmit-power regime, the TSP provides similar performance as the PSP.

Efficient Intrusion Detection System for SDN Orchestrated Internet of Things

Internet of Things (IoT) can simply be defined as an extension of the current Internet system. It extends the human to human interconnection and intercommunication scenario of the Internet by including things, to bring anytime, anywhere, and anything communication. A discipline in networking evolving in parallel with IoT is Software Defined Networking (SDN). It is an important technology that is aimed to solve the different problems existing in the traditional network systems. It provides a new convenient home to address the different challenges existing in different network-based systems including IoT. One important security challenge prevailing in such SDN-based IoT (SDIoT) systems is guarantying service availability. The ever-increasing denial of service (DoS) attacks are responsible for such service denials. A centralized signature-based intrusion detection system (IDS) is proposed and developed in this work. Random Forest (RF) classifier is used for training the model. A very popular and recent benchmark dataset, CICIDS2017, has been used for training and validating the machine learning (ML) models. An accuracy result of 99.968% has been achieved by using only 12 features on Wednesday’s release of the dataset. This result is higher than the achieved accuracy results of related works considering the original CICIDS2017 dataset. A maximum cross-validated accuracy result of 99.713% has been achieved on the same release of the dataset. These developed models meet the basic requirement of a supervised IDS system developed for smart environments and can effectively be used in different IoT service scenarios.

New Network Selection Algorithm Based on Cosine Similarity Distance and PSO in Heterogeneous Wireless Networks

Future wireless communication networks will be composed of different technologies with complementary characteristics. Thus, vertical handover (VHO) must support seamless mobility in such heterogeneous environments. The network selection is an important phase in the VHO process and it can be formulated as a multiattribute decision-making problem. So, the mobile terminal equipped with multiple interfaces will be able to choose the most suitable network. This work proposes an access network selection algorithm, based on cosine similarity distance, subjective weights using Fuzzy ANP, and objective weights using particle swarm optimization. The comprehensive weights are based on the cosine similarity distance between the networks and the ideal network. Finally, the candidate network with the minimum cosine distance to the ideal network will be selected in the VHO network selection stage. The performance analysis shows that our proposed method, based on cosine similarity distance and combination weights, reduces the ranking abnormality and number of handoffs in comparison with other MADM methods in the literature.

A Novel Approach for Detecting DGA-Based Botnets in DNS Queries Using Machine Learning Techniques

In today’s security landscape, advanced threats are becoming increasingly difficult to detect as the pattern of attacks expands. Classical approaches that rely heavily on static matching, such as blacklisting or regular expression patterns, may be limited in flexibility or uncertainty in detecting malicious data in system data. This is where machine learning techniques can show their value and provide new insights and higher detection rates. The behavior of botnets that use domain-flux techniques to hide command and control channels was investigated in this research. The machine learning algorithm and text mining used to analyze the network DNS protocol and identify botnets were also described. For this purpose, extracted and labeled domain name datasets containing healthy and infected DGA botnet data were used. Data preprocessing techniques based on a text-mining approach were applied to explore domain name strings with n-gram analysis and PCA. Its performance is improved by extracting statistical features by principal component analysis. The performance of the proposed model has been evaluated using different classifiers of machine learning algorithms such as decision tree, support vector machine, random forest, and logistic regression. Experimental results show that the random forest algorithm can be used effectively in botnet detection and has the best botnet detection accuracy.

Performance Analysis of Identifier Locator Communication Cache Effects on ILNPv6 Stack

Identifier-locator network protocol (ILNP) is a host-based identifier/locator split architecture scheme (ILSA), which depends on address rewriting to support end-to-end mobility and multihoming. The address rewriting is performed by hosts using a network layer logical cache that stores state information related to the communicated hosts, which is called identifier-locator communication cache (ILCC). Since address rewriting is executed on a packet basis in ILNP, ILCC lookups are required at each packet reception and transmission. This leads to a strong correlation between the host’s network stack performance and ILCC performance. This paper presents a study of the effect of ILCC size on network stack performance. Within this paper, a direct comparison of the performance of two ILNP prototypes that differ by ILCC management mechanism is conducted. We present ILCC size measurements and study their effects on the host’s network stack performance. The results show that ILCC growth caused by correspondents increase has a significant effect on the latency of both network and transport layers. The obtained results show that controlling ILCC size through an effective policy strongly enhances ILNP network stack performance.

An Efficient Data Analysis Framework for Online Security Processing

Industrial cloud security and internet of things security represent the most important research directions of cyberspace security. Most existing studies on traditional cloud data security analysis were focused on inspecting techniques for block storage data in the cloud. None of them consider the problem that multidimension online temp data analysis in the cloud may appear as continuous and rapid streams, and the scalable analysis rules are continuous online rules generated by deep learning models. To address this problem, in this paper we propose a new LCN-Index data security analysis framework for large scalable rules in the industrial cloud. LCN-Index uses the MapReduce computing paradigm to deploy large scale online data analysis rules: in the mapping stage, it divides each attribute into a batch of analysis predicate sets which are then deployed onto a mapping node using interval predicate index. In the reducing stage, it merges results from the mapping nodes using multiattribute hash index. By doing so, a stream tuple can be efficiently evaluated by going over the LCN-Index framework. Experiments demonstrate the utility of the proposed method.

Pro NDN : MCDM-Based Interest Forwarding and Cooperative Data Caching for Named Data Networking

Named data networking (NDN), as a specific architecture design of information-centric networking (ICN), has quickly became a promising candidate for future Internet architecture, where communications are driven by data names instead of IP addresses. To realize the NDN communication paradigm in the future Internet, two important features, stateful forwarding and in-network caching, have been proposed to cope with drawbacks of host-based communication protocols. The stateful forwarding is designed to maintain the state of pending Interest packets to guide Data packets back to requesting consumers, while the in-network caching is used to reduce both network traffic and data access delay to improve the overall performance of data access. However, the conventional stateful forwarding approach is not adaptive and responsive to diverse network conditions because it fails to consider multiple network metrics to make Interest forwarding decision. In addition, the default in-network caching strategy relies on storing each received Data packet regardless of various caching constraints and criteria, which causes the routers in the vicinity of data producers to suffer from excessive caching overhead. In this paper, we propose the Pro NDN , a novel stateful forwarding and in-network caching strategy for NDN networks. The Pro NDN consists of multicriteria decision-making (MCDM) based interest forwarding and cooperative data caching. The basic idea of the MCDM-based interest forwarding is to employ Technique for Order Performance by Similarity to Idea Solution (TOPSIS) to dynamically evaluate outgoing interface alternatives based on multiple network metrics and objectively select an optimal outgoing interface to forward the Interest packet. In addition, the cooperative data caching consists of two schemes: CacheData, which caches the data, and CacheFace, which caches the outgoing interface. We conduct extensive simulation experiments for performance evaluation and comparison with prior schemes. The simulation results show that the Pro NDN can improve Interest satisfaction ratio and Interest satisfaction latency as well as reduce hop count and Content Store utilization ratio.

Towards a Scalable and Adaptive Learning Approach for Network Intrusion Detection

This paper introduces a new integrated learning approach towards developing a new network intrusion detection model that is scalable and adaptive nature of learning. The approach can improve the existing trends and difficulties in intrusion detection. An integrated approach of machine learning with knowledge-based system is proposed for intrusion detection. While machine learning algorithm is used to construct a classifier model, knowledge-based system makes the model scalable and adaptive. It is empirically tested with NSL-KDD dataset of 40,558 total instances, by using ten-fold cross validation. Experimental result shows that 99.91% performance is registered after connection. Interestingly, significant knowledge rich learning for intrusion detection differs as a fundamental feature of intrusion detection and prevention techniques. Therefore, security experts are recommended to integrate intrusion detection in their network and computer systems, not only for well-being of their computer systems but also for the sake of improving their working process.