The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational neces...The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.展开更多
Although Android becomes a leading operating system in market,Android users suffer from security threats due to malwares.To protect users from the threats,the solutions to detect and identify the malware variant are e...Although Android becomes a leading operating system in market,Android users suffer from security threats due to malwares.To protect users from the threats,the solutions to detect and identify the malware variant are essential.However,modern malware evades existing solutions by applying code obfuscation and native code.To resolve this problem,we introduce an ensemble-based malware classification algorithm using malware family grouping.The proposed family grouping algorithm finds the optimal combination of families belonging to the same group while the total number of families is fixed to the optimal total number.It also adopts unified feature extraction technique for handling seamless both bytecode and native code.We propose a unique feature selection algorithm that improves classification performance and time simultaneously.2-gram based features are generated from the instructions and segments,and then selected by using multiple filters to choose most effective features.Through extensive simulation with many obfuscated and native code malware applications,we confirm that it can classify malwares with high accuracy and short processing time.Most existing approaches failed to achieve classification speed and detection time simultaneously.Therefore,the approach can help Android users to keep themselves safe from various and evolving cyber-attacks very effectively.展开更多
The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection...The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection has increased significantly in recent years and many detection systems have been proposed.Despite these efforts,however,most systems can be thwarted by sophisticated Androidmalware adopting obfuscation or native code to avoid discovery by anti-virus tools.In this paper,we propose a new static analysis technique to address the problems of obfuscating and native malware applications.The proposed system provides a unified technique for extracting features from applications and native libraries using a selection algorithm that can extract a small set of unique and effective features for detecting malware applications rapidly and with a high detection rate.Evaluation using large Android malware detection datasets obtained from various sources confirmed that the proposed approach achieves very promising results in terms of improved accuracy,low false positive rate,and high detection rate.展开更多
Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attack...Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.展开更多
基金This work was supported by the National Research Foundation of Korea(NRF)NRF-2022R1A2C1011774.
文摘The network infrastructure has evolved rapidly due to the everincreasing volume of users and data.The massive number of online devices and users has forced the network to transform and facilitate the operational necessities of consumers.Among these necessities,network security is of prime significance.Network intrusion detection systems(NIDS)are among the most suitable approaches to detect anomalies and assaults on a network.However,keeping up with the network security requirements is quite challenging due to the constant mutation in attack patterns by the intruders.This paper presents an effective and prevalent framework for NIDS by merging image processing with convolution neural networks(CNN).The proposed framework first converts non-image data from network traffic into images and then further enhances those images by using the Gabor filter.The images are then classified using a CNN classifier.To assess the efficacy of the recommended method,four benchmark datasets i.e.,CSE-CIC-IDS2018,CIC-IDS-2017,ISCX-IDS 2012,and NSL-KDD were used.The proposed approach showed higher precision in contrast with the recent work on the mentioned datasets.Further,the proposed method is compared with the recent well-known image processing methods for NIDS.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(NRF-2019R1F1A1062320).
文摘Although Android becomes a leading operating system in market,Android users suffer from security threats due to malwares.To protect users from the threats,the solutions to detect and identify the malware variant are essential.However,modern malware evades existing solutions by applying code obfuscation and native code.To resolve this problem,we introduce an ensemble-based malware classification algorithm using malware family grouping.The proposed family grouping algorithm finds the optimal combination of families belonging to the same group while the total number of families is fixed to the optimal total number.It also adopts unified feature extraction technique for handling seamless both bytecode and native code.We propose a unique feature selection algorithm that improves classification performance and time simultaneously.2-gram based features are generated from the instructions and segments,and then selected by using multiple filters to choose most effective features.Through extensive simulation with many obfuscated and native code malware applications,we confirm that it can classify malwares with high accuracy and short processing time.Most existing approaches failed to achieve classification speed and detection time simultaneously.Therefore,the approach can help Android users to keep themselves safe from various and evolving cyber-attacks very effectively.
基金This work was supported in part by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(NRF-2019R1F1A1062320)the Information Technology Research Center(ITRC)Support Program supervised by the Institute for Information and Communications Technology Planning and Evaluation(IITP)(IITP-2021-2016-0-00313).
文摘The Android operating system has become a leading smartphone platform for mobile and other smart devices,which in turn has led to a diversity of malware applications.The amount of research on Android malware detection has increased significantly in recent years and many detection systems have been proposed.Despite these efforts,however,most systems can be thwarted by sophisticated Androidmalware adopting obfuscation or native code to avoid discovery by anti-virus tools.In this paper,we propose a new static analysis technique to address the problems of obfuscating and native malware applications.The proposed system provides a unified technique for extracting features from applications and native libraries using a selection algorithm that can extract a small set of unique and effective features for detecting malware applications rapidly and with a high detection rate.Evaluation using large Android malware detection datasets obtained from various sources confirmed that the proposed approach achieves very promising results in terms of improved accuracy,low false positive rate,and high detection rate.
基金This work was supported in part by the Information Technology Research Center(ITRC)Support Program supervised by the Institute for Information and Communications Technology Planning and Evaluation(IITP)(IITP-2020-2016-0-00313),and in part by and the 2021 Yeungnam University Research Grant.
文摘Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.
