FEW-NNN: A Fuzzy Entropy Weighted Natural Nearest Neighbor Method for Flow-Based Network Traffic Attack Detection

Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.

DDoS Attack Detection Scheme Based on Entropy and PSO-BP Neural Network in SDN

SDN (Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a difficult point and focus of SDN security research. Based on the characteristics of SDN, a DDoS attack detection method combining generalized entropy and PSOBP neural network is proposed. The traffic is pre-detected by the generalized entropy method deployed on the switch, and the detection result is divided into normal and abnormal. Locate the switch that issued the abnormal alarm. The controller uses the PSO-BP neural network to detect whether a DDoS attack occurs by further extracting the flow features of the abnormal switch. Experiments show that compared with other methods, the detection accurate rate is guaranteed while the CPU load of the controller is reduced, and the detection capability is better.

Secure Network Coding Against Intra/Inter-Generation Pollution Attacks

By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.

A Novel Attack Graph Posterior Inference Model Based on Bayesian Network

Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further used to perform security state posterior inference (i.e. inference based on observation experience). In this area, Bayesian network is an ideal mathematic tool, however it can not be directly applied for the following three reasons: 1) in a network attack graph, there may exist directed cycles which are never permitted in a Bayesian network, 2) there may exist temporal partial ordering relations among intrusion evidence that can-not be easily modeled in a Bayesian network, and 3) just one Bayesian network cannot be used to infer both the current and the future security state of a network. In this work, we improve an approximate Bayesian posterior inference algorithm–the likelihood-weighting algorithm to resolve the above obstacles. We give out all the pseudocodes of the algorithm and use several examples to demonstrate its benefit. Based on this, we further propose a network security assessment and enhancement method along with a small network scenario to exemplify its usage.

Wormhole Attack Behaviour in Monte-Carlo Localization for Mobile Sensor Networks

Localization is the basic requirement for network management in Wireless Sensor Networks as it helps nodes find their absolute position coordinates and in gathering information relevant to their locations. A localization algorithm has to be dynamic, scalable and should not impose high computation or communication overhead. The localization systems are also prone to attacks. We target a localization scheme for mobile sensor networks called Monte-Carlo Localization, which study its behavior under the most dangerous attack on localization called Wormhole Attack, also known as Collusion Attack and propose a modified algorithm that can help the localization system retain its accuracy level even in the presence of attacks. Our algorithm has communication cost almost equal to that of original localization algorithm (in this case MCL) in the absence of attacks.

Enhancement of scale-free network attack tolerance

Despite the large size of most communication and transportation systems, there are short paths between nodes in these networks which guarantee the efficient information, data and passenger delivery; furthermore these networks have a surprising tolerance under random errors thanks to their inherent scale-free topology. However, their scale-free topology also makes them fragile under intentional attacks, leaving us a challenge on how to improve the network robustness against intentional attacks without losing their strong tolerance under random errors and high message and passenger delivering capacity. Here We propose two methods （SL method and SH method） to enhance scale-free network＇s tolerance under attack in different conditions.

Anomaly Detection Based on Data-Mining for Routing Attacks in Wireless Sensor Networks

With the increasing deployment of wireless sensordevices and networks,security becomes a criticalchallenge for sensor networks.In this paper,a schemeusing data mining is proposed for routing anomalydetection in wireless sensor networks.The schemeuses the Apriori algorithm to extract traffic patternsfrom both routing table and network traffic packetsand subsequently the K-means cluster algorithmadaptively generates a detection model.Through thecombination of these two algorithms,routing attackscan be detected effectively and automatically.Themain advantage of the proposed approach is that it isable to detect new attacks that have not previouslybeen seen.Moreover,the proposed detection schemeis based on no priori knowledge and then can beapplied to a wide range of different sensor networksfor a variety of routing attacks.

Performance analysis of mobile ad hoc networks under flooding attacks

Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service （DoS） attacks launched by intruders. The effects of flooding attacks in network simulation 2 （NS2） and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.

An Effective Classifier Model for Imbalanced Network Attack Data

Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.

Network resource allocation attack detection with long range dependence

The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately. The technique that we adopted is inspired by long range dependence ideas. We use the number of packet arrivals of a flow in fixed-length time intervals as the signal and attempt to extend traffic invariant “self-similarity”. We validate the effectiveness of the approach with simulation and trace analysis.

Network security equipment evaluation based on attack tree with risk fusion

Network security equipment is crucial to information systems, and a proper evaluation model can ensure the quality of network security equipment. However, there is only a few models of comprehensive models nowadays. An index system for network security equipment was established and a model based on attack tree with risk fusion was proposed to obtain the score of qualitative indices. The proposed model implements attack tree model and controlled interval and memory(CIM) model to solve the problem of quantifying qualitative indices, and thus improves the accuracy of the evaluation.

Attacks and Countermeasures in Social Network Data Publishing

With the increasing prevalence of social networks, more and more social network data are published for many applications, such as social network analysis and data mining. However, this brings privacy problems. For example, adversaries can get sensitive information of some individuals easily with little background knowledge. How to publish social network data for analysis purpose while preserving the privacy of individuals has raised many concerns. Many algorithms have been proposed to address this issue. In this paper, we discuss this privacy problem from two aspects： attack models and countermeasures. We analyse privacy conceres, model the background knowledge that adversary may utilize and review the recently developed attack models. We then survey the state-of-the-art privacy preserving methods in two categories： anonymization methods and differential privacy methods. We also provide research directions in this area.

TDOA-based Sybil attack detection scheme for wireless sensor networks

As wireless sensor networks （WSN） are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node with multiple non-existent identities （ID） will cause harmful effects on decision-making or resource allocation in these applications. In this paper, we present an efficient and lightweight solution for Sybil attack detection based on the time difference of arrival （TDOA） between the source node and beacon nodes. This solution can detect the existence of Sybil attacks, and locate the Sybil nodes. We demonstrate efficiency of the solution through experiments. The experiments show that this solution can detect all Sybil attack cases without missing.

An Optimal Hybrid Learning Approach for Attack Detection in Linear Networked Control Systems

A novel learning-based attack detection and estimation scheme is proposed for linear networked control systems(NCS),wherein the attacks on the communication network in the feedback loop are expected to increase network induced delays and packet losses,thus changing the physical system dynamics.First,the network traffic flow is modeled as a linear system with uncertain state matrix and an optimal Q-learning based control scheme over finite-horizon is utilized to stabilize the flow.Next,an adaptive observer is proposed to generate the detection residual,which is subsequently used to determine the onset of an attack when it exceeds a predefined threshold,followed by an estimation scheme for the signal injected by the attacker.A stochastic linear system after incorporating network-induced random delays and packet losses is considered as the uncertain physical system dynamics.The attack detection scheme at the physical system uses the magnitude of the state vector to detect attacks both on the sensor and the actuator.The maximum tolerable delay that the physical system can tolerate due to networked induced delays and packet losses is also derived.Simulations have been performed to demonstrate the effectiveness of the proposed schemes.

Preventing Dropping Packets Attack in Sensor Networks:A Game Theory Approach

Focusing on dropping packets attacks in sensor networks, we propose a model of dropping packets attack-resistance as a repeated game based on such an assumption that sensor nodes are rational. The model prevents malicious nodes from attacking by establishing punishment mechanism, and impels sensor networks to reach a collaborative Nash equilibrium. Simulation results show that the devised model can effectively resist the dropping packets attacks（DPA） by choosing reasonable configuration parameters.

A Comparison of Link Layer Attacks on Wireless Sensor Networks

Wireless sensor networks (WSNs) have many potential applications [1,2] and unique challenges. They usually consist of hundreds or thousands of small sensor nodes such as MICA2, which operate autonomously;conditions such as cost, invisible deployment and many application domains, lead to small size and resource limited sensors [3]. WSNs are susceptible to many types of link layer attacks [1] and most of traditional network security techniques are unusable on WSNs [3];This is due to wireless and shared nature of communication channel, untrusted transmissions, deployment in open environments, unattended nature and limited resources [1]. Therefore security is a vital requirement for these networks;but we have to design a proper security mechanism that attends to WSN’s constraints and requirements. In this paper, we focus on security of WSNs, divide it (the WSNs security) into four categories and will consider them, include: an overview of WSNs, security in WSNs, the threat model on WSNs, a wide variety of WSNs’ link layer attacks and a comparison of them. This work enables us to identify the purpose and capabilities of the attackers;furthermore, the goal and effects of the link layer attacks on WSNs are introduced. Also, this paper discusses known approaches of security detection and defensive mechanisms against the link layer attacks;this would enable IT security managers to manage the link layer attacks of WSNs more effectively.

Five Basic Types of Insider DoS Attacks of Code Dissemination in Wireless Sensor Networks

Code dissemination is one of the important services of wireless sensor networks (WSNs). Securing the process of code dissemination is essential in some certain WSNs applications, state-of-the-art secure code dissemination protocols for WSNs aim for the efficient source authentication and integrity verification of code image, however, due to the resource constrains of WSNs and the epidemic behavior of the code dissemination system, existing secure code dissemination protocols are vulnerable to Denial of Service (DoS) attacks when sensor nodes can be compromised (insider DoS attacks). In this paper, we identify five different basic types of DoS attacks exploiting the epidemic propagation strategies used by Deluge. They are (1) Higher-version Advertisement attack, (2) False Request attack, (3) Larger-numbered Page attack, (4) Lower-version Adv attack, and (5) Same-version Adv attack. Simulation shows these susceptibilities caused by above insider DoS attacks. Some simple models are also proposed which promote understanding the problem of insider DoS attacks and attempt to quantify the severity of these attacks in the course of code dissemination in WSNs.

Efficient Selfish Attack Detection in Cognitive Radio Network

The main intention of developing cognitive radio technology is to solve the spectrum deficiency problem by allocating the spectrum dynamically to the unlicensed clients. An important aim of any wireless network is to secure communication. It is to help the unlicensed clients to utilize the maximum available licensed bandwidth, and the cognitive network is designed for opportunistic communication technology. Selfish attacks cause serious security problem because they significantly deteriorate the performance of a cognitive network. In this paper, the selfish attacks have been identified using cooperative neighboring cognitive radio ad hoc network (COOPON). A novel technique has been proposed as ICOOPON (improvised COOPON), which shows improved performance in selfish attack detection as compared to existing technique. A comparative study has been presented to find the efficiency of proposed technique. The parameters used are throughput, packet delivery ratio and end to end delay.

Flooding attack and defence in Ad hoc networks

Mobile ad hoc networks are particularly vulnerable to denial of service （DOS） attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack（AHFA）, is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention （FAP）, a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.

Protecting LLMs against Privacy Attacks While Preserving Utility

The recent interest in the deployment of Generative AI applications that use large language models (LLMs) has brought to the forefront significant privacy concerns, notably the leakage of Personally Identifiable Information (PII) and other confidential or protected information that may have been memorized during training, specifically during a fine-tuning or customization process. This inadvertent leakage of sensitive information typically occurs when the models are subjected to black-box attacks. To address the growing concerns of safeguarding private and sensitive information while simultaneously preserving its utility, we analyze the performance of Targeted Catastrophic Forgetting (TCF). TCF involves preserving targeted pieces of sensitive information within datasets through an iterative pipeline which significantly reduces the likelihood of such information being leaked or reproduced by the model during black-box attacks, such as the autocompletion attack in our case. The experiments conducted using TCF evidently demonstrate its capability to reduce the extraction of PII while still preserving the context and utility of the target application.