Low visibility episodes (visibility < 1000 m) were studied by applying the anomaly-based weather analysis method. A regional episode of low visibility associated with a coastal fog that occurred from 27 to 28 Janua...Low visibility episodes (visibility < 1000 m) were studied by applying the anomaly-based weather analysis method. A regional episode of low visibility associated with a coastal fog that occurred from 27 to 28 January 2016 over Ningbo- Zhoushan Port, Zhejiang Province, East China, was first examined. Some basic features from the anomalous weather analysis for this case were identified:(1) the process of low visibility mainly caused by coastal fog was a direct response to anomalous temperature inversion in the lower troposphere, with a warm center around the 925 hPa level, which was formed by a positive geopotential height (GPH) anomaly in the upper troposphere and a negative GPH anomaly near the surface;(2) the positive humidity anomaly was conducive to the formation of coastal fog and rain;(3) regional coastal fog formed at the moment when the southwesterly wind anomalies transferred to northeasterly wind anomalies. Other cases confirmed that the low visibility associated with coastal fog depends upon low-level inversion, a positive humidity anomaly, and a change of wind anomalies from southwesterly to northeasterly, rain and stratus cloud amount. The correlation coefficients of six-hourly inversion, 850?925-hPa-averaged temperature, GPH and humidity anomalies against visibility are ?0.31, 0.40 and ?0.48, respectively, reaching the 99% confidence level in the first half-years of 2015 and 2016. By applying the anomaly-based weather analysis method to medium-range model output products, such as ensemble prediction systems, the anomalous temperature?pressure pattern and humidity?wind pattern can be used to predict the process of low visibility associated with coastal fog at several days in advance.展开更多
The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are ins...The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.展开更多
The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains...The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains by improving efficiency,productivity,and cost-effectiveness.Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’operation;however,IoT security issues remain a significant challenge.To minimize the risk of cyberattacks on IoT networks,anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks.Although various detection techniques have been proposed in the literature,existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations.In this paper,we propose an intelligent,effective,and lightweight detection approach to detect several IoT attacks.Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model.In the detection phase,we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks.The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%,a precision rate of 99.982%,a recall rate of 99.984%,and an F1-score of 99.983%.展开更多
The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diver...The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.展开更多
The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the...The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the physical and virtual space in order to provide smart,cost-effective,and scalable systems.Although the IIoT has been deployed and integrated into a wide range of industrial control systems,preserving security and privacy of such a technology remains a big challenge.An anomaly-based Intrusion Detection System(IDS)can be an effective security solution for maintaining the confidentiality,integrity,and availability of data transmitted in IIoT environments.In this paper,we propose an intelligent anomalybased IDS framework in the context of fog-to-things communications to decentralize the cloud-based security solution into a distributed architecture(fog nodes)near the edge of the data source.The anomaly detection system utilizes minimum redundancy maximum relevance and principal component analysis as the featured engineering methods to select the most important features,reduce the data dimensionality,and improve detection performance.In the classification stage,anomaly-based ensemble learning techniques such as bagging,LPBoost,RUSBoost,and Adaboost models are implemented to determine whether a given flow of traffic is normal or malicious.To validate the effectiveness and robustness of our proposed model,we evaluate our anomaly detection approach on a new driven IIoT dataset called XIIoTID,which includes new IIoT protocols,various cyberattack scenarios,and different attack protocols.The experimental results demonstrated that our proposed anomaly detection method achieved a higher accuracy rate of 99.91%and a reduced false alarm rate of 0.1%compared to other recently proposed techniques.展开更多
The rapid growth of the Internet of Things(IoT)in the industrial sector has given rise to a new term:the Industrial Internet of Things(IIoT).The IIoT is a collection of devices,apps,and services that connect physical ...The rapid growth of the Internet of Things(IoT)in the industrial sector has given rise to a new term:the Industrial Internet of Things(IIoT).The IIoT is a collection of devices,apps,and services that connect physical and virtual worlds to create smart,cost-effective,and scalable systems.Although the IIoT has been implemented and incorporated into a wide range of industrial control systems,maintaining its security and privacy remains a significant concern.In the IIoT contexts,an intrusion detection system(IDS)can be an effective security solution for ensuring data confidentiality,integrity,and availability.In this paper,we propose an intelligent intrusion detection technique that uses principal components analysis(PCA)as a feature engineering method to choose the most significant features,minimize data dimensionality,and enhance detection performance.In the classification phase,we use clustering algorithms such as K-medoids and K-means to determine whether a given flow of IIoT traffic is normal or attack for binary classification and identify the group of cyberattacks according to its specific type for multi-class classification.To validate the effectiveness and robustness of our proposed model,we validate the detection method on a new driven IIoT dataset called X-IIoTID.The performance results showed our proposed detection model obtained a higher accuracy rate of 99.79%and reduced error rate of 0.21%when compared to existing techniques.展开更多
Designing and developing distributed cyber-physical production systems(CPPS)is a time-consuming,complex,and error-prone process.These systems are typically heterogeneous,i.e.,they consist of multiple components implem...Designing and developing distributed cyber-physical production systems(CPPS)is a time-consuming,complex,and error-prone process.These systems are typically heterogeneous,i.e.,they consist of multiple components implemented with different languages and development tools.One of the main problems nowadays in CPPS implementation is enabling security mechanisms by design while reducing the complexity and increasing the system’s maintainability.Adopting the IEC 61499 standard is an excellent approach to tackle these challenges by enabling the design,deployment,and management of CPPS in a model-based engineering methodology.We propose a method for CPPS design based on the IEC 61499 standard.The method allows designers to embed a bio-inspired anomaly-based host intrusion detection system(A-HIDS)in Edge devices.This A-HIDS is based on the incremental Dendritic Cell Algorithm(iDCA)and can analyze OPC UA network data exchanged between the Edge devices and detect attacks that target the CPPS’Edge layer.This study’s findings have practical implications on the industrial security community by making novel contributions to the intrusion detection problem in CPPS considering immune-inspired solutions,and cost-effective security by design system implementation.According to the experimental data,the proposed solution can dramatically reduce design and code complexity while improving application maintainability and successfully detecting network attacks without negatively impacting the performance of the CPPS Edge devices.展开更多
基金financed by the National Natural Science Foundation of China (Grant No. 41775067)
文摘Low visibility episodes (visibility < 1000 m) were studied by applying the anomaly-based weather analysis method. A regional episode of low visibility associated with a coastal fog that occurred from 27 to 28 January 2016 over Ningbo- Zhoushan Port, Zhejiang Province, East China, was first examined. Some basic features from the anomalous weather analysis for this case were identified:(1) the process of low visibility mainly caused by coastal fog was a direct response to anomalous temperature inversion in the lower troposphere, with a warm center around the 925 hPa level, which was formed by a positive geopotential height (GPH) anomaly in the upper troposphere and a negative GPH anomaly near the surface;(2) the positive humidity anomaly was conducive to the formation of coastal fog and rain;(3) regional coastal fog formed at the moment when the southwesterly wind anomalies transferred to northeasterly wind anomalies. Other cases confirmed that the low visibility associated with coastal fog depends upon low-level inversion, a positive humidity anomaly, and a change of wind anomalies from southwesterly to northeasterly, rain and stratus cloud amount. The correlation coefficients of six-hourly inversion, 850?925-hPa-averaged temperature, GPH and humidity anomalies against visibility are ?0.31, 0.40 and ?0.48, respectively, reaching the 99% confidence level in the first half-years of 2015 and 2016. By applying the anomaly-based weather analysis method to medium-range model output products, such as ensemble prediction systems, the anomalous temperature?pressure pattern and humidity?wind pattern can be used to predict the process of low visibility associated with coastal fog at several days in advance.
文摘The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.
文摘The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains by improving efficiency,productivity,and cost-effectiveness.Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’operation;however,IoT security issues remain a significant challenge.To minimize the risk of cyberattacks on IoT networks,anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks.Although various detection techniques have been proposed in the literature,existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations.In this paper,we propose an intelligent,effective,and lightweight detection approach to detect several IoT attacks.Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model.In the detection phase,we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks.The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%,a precision rate of 99.982%,a recall rate of 99.984%,and an F1-score of 99.983%.
文摘The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.
文摘The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the physical and virtual space in order to provide smart,cost-effective,and scalable systems.Although the IIoT has been deployed and integrated into a wide range of industrial control systems,preserving security and privacy of such a technology remains a big challenge.An anomaly-based Intrusion Detection System(IDS)can be an effective security solution for maintaining the confidentiality,integrity,and availability of data transmitted in IIoT environments.In this paper,we propose an intelligent anomalybased IDS framework in the context of fog-to-things communications to decentralize the cloud-based security solution into a distributed architecture(fog nodes)near the edge of the data source.The anomaly detection system utilizes minimum redundancy maximum relevance and principal component analysis as the featured engineering methods to select the most important features,reduce the data dimensionality,and improve detection performance.In the classification stage,anomaly-based ensemble learning techniques such as bagging,LPBoost,RUSBoost,and Adaboost models are implemented to determine whether a given flow of traffic is normal or malicious.To validate the effectiveness and robustness of our proposed model,we evaluate our anomaly detection approach on a new driven IIoT dataset called XIIoTID,which includes new IIoT protocols,various cyberattack scenarios,and different attack protocols.The experimental results demonstrated that our proposed anomaly detection method achieved a higher accuracy rate of 99.91%and a reduced false alarm rate of 0.1%compared to other recently proposed techniques.
文摘The rapid growth of the Internet of Things(IoT)in the industrial sector has given rise to a new term:the Industrial Internet of Things(IIoT).The IIoT is a collection of devices,apps,and services that connect physical and virtual worlds to create smart,cost-effective,and scalable systems.Although the IIoT has been implemented and incorporated into a wide range of industrial control systems,maintaining its security and privacy remains a significant concern.In the IIoT contexts,an intrusion detection system(IDS)can be an effective security solution for ensuring data confidentiality,integrity,and availability.In this paper,we propose an intelligent intrusion detection technique that uses principal components analysis(PCA)as a feature engineering method to choose the most significant features,minimize data dimensionality,and enhance detection performance.In the classification phase,we use clustering algorithms such as K-medoids and K-means to determine whether a given flow of IIoT traffic is normal or attack for binary classification and identify the group of cyberattacks according to its specific type for multi-class classification.To validate the effectiveness and robustness of our proposed model,we validate the detection method on a new driven IIoT dataset called X-IIoTID.The performance results showed our proposed detection model obtained a higher accuracy rate of 99.79%and reduced error rate of 0.21%when compared to existing techniques.
文摘Designing and developing distributed cyber-physical production systems(CPPS)is a time-consuming,complex,and error-prone process.These systems are typically heterogeneous,i.e.,they consist of multiple components implemented with different languages and development tools.One of the main problems nowadays in CPPS implementation is enabling security mechanisms by design while reducing the complexity and increasing the system’s maintainability.Adopting the IEC 61499 standard is an excellent approach to tackle these challenges by enabling the design,deployment,and management of CPPS in a model-based engineering methodology.We propose a method for CPPS design based on the IEC 61499 standard.The method allows designers to embed a bio-inspired anomaly-based host intrusion detection system(A-HIDS)in Edge devices.This A-HIDS is based on the incremental Dendritic Cell Algorithm(iDCA)and can analyze OPC UA network data exchanged between the Edge devices and detect attacks that target the CPPS’Edge layer.This study’s findings have practical implications on the industrial security community by making novel contributions to the intrusion detection problem in CPPS considering immune-inspired solutions,and cost-effective security by design system implementation.According to the experimental data,the proposed solution can dramatically reduce design and code complexity while improving application maintainability and successfully detecting network attacks without negatively impacting the performance of the CPPS Edge devices.
