The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are ins...The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.展开更多
As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their seri...As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their serious privacy.Based on the SDN(Software Defined Network)technology,this paper proposes a novel event-based anomaly detection approach to identify misbehaviors using non-public industrial communication protocols,and this approach can be installed in SDN switches as a security software appliance in SDN-based control systems.Furthermore,aiming at the unknown protocol specification and message format,this approach first restructures the industrial communication sessions and merges the payloads from industrial communication packets.After that,the feature selection and event sequence extraction can be carried out by using the N-gram model and K-means algorithm.Based on the obtained event sequences,this approach finally trains an event-based HMM(Hidden Markov Model)to identify aberrant industrial communication behaviors.Experimental results clearly show that the proposed approach has obvious advantages of classification accuracy and detection efficiency.展开更多
The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers c...The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers complete data protection from Advanced Persistent Threat(APT)attacks with attack detection and defence mechanisms.The modified lateral movement detection algorithm detects the APT attacks,while the defence is achieved by the Dynamic Deception system that makes use of the belief update algorithm.Before termination,every cyber-attack undergoes multiple stages,with the most prominent stage being Lateral Movement(LM).The LM uses a Remote Desktop protocol(RDP)technique to authenticate the unauthorised host leaving footprints on the network and host logs.An anomaly-based approach leveraging the RDP event logs on Windows is used for detecting the evidence of LM.After extracting various feature sets from the logs,the RDP sessions are classified using machine-learning techniques with high recall and precision.It is found that the AdaBoost classifier offers better accuracy,precision,F1 score and recall recording 99.9%,99.9%,0.99 and 0.98%.Further,a dynamic deception process is used as a defence mechanism to mitigateAPTattacks.A hybrid encryption communication,dynamic(Internet Protocol)IP address generation,timing selection and policy allocation are established based on mathematical models.A belief update algorithm controls the defender’s action.The performance of the proposed system is compared with the state-of-the-art models.展开更多
The rapid growth of the Internet of Things(IoT)in the industrial sector has given rise to a new term:the Industrial Internet of Things(IIoT).The IIoT is a collection of devices,apps,and services that connect physical ...The rapid growth of the Internet of Things(IoT)in the industrial sector has given rise to a new term:the Industrial Internet of Things(IIoT).The IIoT is a collection of devices,apps,and services that connect physical and virtual worlds to create smart,cost-effective,and scalable systems.Although the IIoT has been implemented and incorporated into a wide range of industrial control systems,maintaining its security and privacy remains a significant concern.In the IIoT contexts,an intrusion detection system(IDS)can be an effective security solution for ensuring data confidentiality,integrity,and availability.In this paper,we propose an intelligent intrusion detection technique that uses principal components analysis(PCA)as a feature engineering method to choose the most significant features,minimize data dimensionality,and enhance detection performance.In the classification phase,we use clustering algorithms such as K-medoids and K-means to determine whether a given flow of IIoT traffic is normal or attack for binary classification and identify the group of cyberattacks according to its specific type for multi-class classification.To validate the effectiveness and robustness of our proposed model,we validate the detection method on a new driven IIoT dataset called X-IIoTID.The performance results showed our proposed detection model obtained a higher accuracy rate of 99.79%and reduced error rate of 0.21%when compared to existing techniques.展开更多
The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diver...The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.展开更多
In order to overcome the defects of the existing technology that the detection of ceramic electric kiln faults takes a long time and costs a lot,an electric kiln control and fault detection device was designed.The wor...In order to overcome the defects of the existing technology that the detection of ceramic electric kiln faults takes a long time and costs a lot,an electric kiln control and fault detection device was designed.The working process of the device includes detection module,control module,start⁃stop module and switch module.The detection module detects the resistance circuit and sends a fault signal to the control module.The control module generates stop signal and fault information according to the fault signal,and starts the electric kiln when the fault signal is not received within the preset time.The start⁃stop module can monitor the internal temperature of the electric kiln and control the closing status of the switch module.The switch module is used to control the connection status of AC power and each resistance circuit in the kiln.Based on the 5G DTU or 5G module,the control module could send the information to mobile terminal under the ultra⁃reliable and low⁃latency communication(uRLLC)technical characteristics of 5G communication.展开更多
Frame resolution and physical layer (PHY) protocol type detection are the basis of research and development of intrusion prevention systems for IEEE 802.11 wireless network. Aiming at the problems which cannot be solv...Frame resolution and physical layer (PHY) protocol type detection are the basis of research and development of intrusion prevention systems for IEEE 802.11 wireless network. Aiming at the problems which cannot be solved by the specifications export, this paper proposed a MAC frame analytical method and a PHY protocol type detection algorithm based on parsing the IEEE 802.11packets captured by the library Libpcap. The packet structure and the length of the frame preamble (18 or 26 bytes) are presented. Then the methods of transforming byte-order and resolving sub-fields are given. A detection algorithm of PHY protocol type is proposed based on the experiments and examples are given to verify these methods. This work can be a reference for the R & D related to link layer frame analysis.展开更多
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to...Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.展开更多
The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains...The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains by improving efficiency,productivity,and cost-effectiveness.Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’operation;however,IoT security issues remain a significant challenge.To minimize the risk of cyberattacks on IoT networks,anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks.Although various detection techniques have been proposed in the literature,existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations.In this paper,we propose an intelligent,effective,and lightweight detection approach to detect several IoT attacks.Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model.In the detection phase,we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks.The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%,a precision rate of 99.982%,a recall rate of 99.984%,and an F1-score of 99.983%.展开更多
Due to their unique characteristics, such as the dynamic changing topology, the absence of central management, the cooperative routing mechanisms, and the resources constraints, Mobile ad hoc networks (MANETs) are rel...Due to their unique characteristics, such as the dynamic changing topology, the absence of central management, the cooperative routing mechanisms, and the resources constraints, Mobile ad hoc networks (MANETs) are relatively vulnerable to both active and passive attacks. In MANET, routing attacks try to disrupt the functions of routing protocol by intentionally or unintentionally dropping packets or propagating faked routing messages. However, due to their computation requirements, the prevention mechanisms are not powerful enough to secure MANET. In this paper, we propose a distributed and cooperative scheme using statistical methods to detect routing attacks in MANETs. Our scheme uses both direct and indirect observations to characterize the behaviors of both neighboring and remote nodes. Simple threshold and Grubb’s Test are utilized to propose our new detection methods. The scheme includes innovative methods to compute our proposed measures, Maximum Accusation Number (MAN) and Accusation Number (AN), which are used to make decision about node’s behavior. Experimental results show that our scheme performs well in detecting anomalous events in routing functions.展开更多
The communication mechanism plays an important role in an intrusion detection system, while it has not been paid enough attention. Based on analyzing the actual facts and expatiating upon the requirements a communicat...The communication mechanism plays an important role in an intrusion detection system, while it has not been paid enough attention. Based on analyzing the actual facts and expatiating upon the requirements a communication mechanism needs to meet, a message driven communication mechanism is proposed in this paper. The protocol presented here is divided into three layers: entity level, host level, and network level. The communication processes are also designed in detail. Experiments illustrate that cooperative entities can detect distributed sophisticated attacks accurately. Furthermore, this mechanism has the advantages like high reliability, low time delay and expenses.展开更多
Fairness and stability guarantee among TCP flows is very stubborn in wireless ad hoc networks. There is not a MAC protocol that can fulfill this acquirement until now. In this paper, we firstly reveal the in-depth cau...Fairness and stability guarantee among TCP flows is very stubborn in wireless ad hoc networks. There is not a MAC protocol that can fulfill this acquirement until now. In this paper, we firstly reveal the in-depth causes of the severe TCP unfairness and instability problems in IEEE 802.11-based multihop networks. Then we utilize the collision detection mechanism of the IEEE 802.11 protocol which is often ignored by most of the people to design a novel collision detection mechanism-based MAC (CDMB-MAC) scheme to solve the short-term and long-term fairness and stability issues while providing a good aggregate throughput in many topologies.展开更多
The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the...The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the physical and virtual space in order to provide smart,cost-effective,and scalable systems.Although the IIoT has been deployed and integrated into a wide range of industrial control systems,preserving security and privacy of such a technology remains a big challenge.An anomaly-based Intrusion Detection System(IDS)can be an effective security solution for maintaining the confidentiality,integrity,and availability of data transmitted in IIoT environments.In this paper,we propose an intelligent anomalybased IDS framework in the context of fog-to-things communications to decentralize the cloud-based security solution into a distributed architecture(fog nodes)near the edge of the data source.The anomaly detection system utilizes minimum redundancy maximum relevance and principal component analysis as the featured engineering methods to select the most important features,reduce the data dimensionality,and improve detection performance.In the classification stage,anomaly-based ensemble learning techniques such as bagging,LPBoost,RUSBoost,and Adaboost models are implemented to determine whether a given flow of traffic is normal or malicious.To validate the effectiveness and robustness of our proposed model,we evaluate our anomaly detection approach on a new driven IIoT dataset called XIIoTID,which includes new IIoT protocols,various cyberattack scenarios,and different attack protocols.The experimental results demonstrated that our proposed anomaly detection method achieved a higher accuracy rate of 99.91%and a reduced false alarm rate of 0.1%compared to other recently proposed techniques.展开更多
Collision detection mechanisms in Wireless Sensor Networks (WSNs) have largely been revolving around direct demodulation and decoding of received packets and deciding on a collision based on some form of a frame error...Collision detection mechanisms in Wireless Sensor Networks (WSNs) have largely been revolving around direct demodulation and decoding of received packets and deciding on a collision based on some form of a frame error detection mechanism, such as a CRC check. The obvious drawback of full detection of a received packet is the need to expend a significant amount of energy and processing complexity in order to fully decode a packet, only to discover the packet is illegible due to a collision. In this paper, we propose a suite of novel, yet simple and power-efficient algorithms to detect a collision without the need for full-decoding of the received packet. Our novel algorithms aim at detecting collision through fast examination of the signal statistics of a short snippet of the received packet via a relatively small number of computations over a small number of received IQ samples. Hence, the proposed algorithms operate directly at the output of the receiver's analog-to-digital converter and eliminate the need to pass the signal through the entire. In addition, we present a complexity and power-saving comparison between our novel algorithms and conventional full-decoding (for select coding schemes) to demonstrate the significant power and complexity saving advantage of our algorithms.展开更多
Cooperative wireless sensor networks have drastically grown due to node co-opera- tive in unaltered environment. Various real time applications are developed and deployed under cooperative network, which controls and ...Cooperative wireless sensor networks have drastically grown due to node co-opera- tive in unaltered environment. Various real time applications are developed and deployed under cooperative network, which controls and coordinates the flow to and from the nodes to the base station. Though nodes are interlinked to give expected state behavior, it is vital to monitor the malicious activities in the network. There is a high end probability to compromise the node behavior that leads to catastrophes. To overcome this issue a Novel Context Aware-IDS approach named Context Aware Nodal Deployment-IDS (CAND-IDS) is framed. During data transmission based on node properties and behavior CAND-IDS detects and eliminates the malicious nodes in the explored path. Also during network deployment and enhancement, node has to follow Context Aware Cooperative Routing Protocol (CCRP), to ensure the reliability of the network. CAND-IDS are programmed and simulated using Network Simulator software and the performance is verified and evaluated. The simulation result shows significant improvements in the throughput, energy consumption and delay made when compared with the existing system.展开更多
针对高动态无人机自组网中节点之间链路生存时间(Link Live Time,LLT)短和节点遭遇路由空洞次数多的问题,提出了一种基于空洞节点检测的可靠无人机自组网路由协议——GPSR-HND(Greedy Perimeter Stateless Routing Based on Hollow Node...针对高动态无人机自组网中节点之间链路生存时间(Link Live Time,LLT)短和节点遭遇路由空洞次数多的问题,提出了一种基于空洞节点检测的可靠无人机自组网路由协议——GPSR-HND(Greedy Perimeter Stateless Routing Based on Hollow Node Detection)。GPSR-HND协议中,转发节点通过空洞节点检测机制检测邻居节点状态,将有效邻居节点加入待选邻居节点集;然后基于层次分析法(Analytic Hierarchy Process,AHP)的多度量下一跳节点选择机制从待选邻居节点集中选择权重最大的邻居节点贪婪转发数据;如果待选邻居节点集为空,则从空洞邻居节点集中选择权重最大的空洞节点启动改进的周边转发机制,寻找可恢复贪婪转发模式的节点。与GPSR-NS协议和GPSR协议相比,GPSR-HND协议表现出了更好的性能,包括平均端到端时延和丢包率的改善,以及吞吐量的提高。展开更多
DNS over HTTPS(DoH)协议是一种针对域名系统(DNS)的最新改进方案,然而用户可使用第三方DoH服务规避内网原有的监管,所以异常流量检测方法不再适用于检测DoH流量。针对该问题提出了一种DTESI算法。首先,基于信息熵将DoH流量作为异常流...DNS over HTTPS(DoH)协议是一种针对域名系统(DNS)的最新改进方案,然而用户可使用第三方DoH服务规避内网原有的监管,所以异常流量检测方法不再适用于检测DoH流量。针对该问题提出了一种DTESI算法。首先,基于信息熵将DoH流量作为异常流量从全部网络流量中筛选出来;然后,利用DoH服务器与同一客户端建立TLS连接时响应方式总是相同的特性,用指纹识别检测客户端与DoH服务器之间的TLS协商,确定DoH服务器身份;最后,使用Top-K抽样算法选出一定时段内网络中前K台活跃主机着重进行流量检测,使算法能应用于中大型组织的网络。实验结果表明,针对发现的异常流量,DTESI算法检测出的DoH服务提供商准确率超过94%。在此基础上比较了在不同K值下的算法检测时间和对网络中全部DoH流量的检测覆盖率,结果表明合理选择K值可以提升算法的整体效能。展开更多
文摘The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.
基金This work is supported by the Hainan Provincial Natural Science Foundation of China(618QN219)the National Natural Science Foundation of China(Grant No.61501447)the General Project of Scientific Research of Liaoning Provincial Department of Education(LYB201616).
文摘As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their serious privacy.Based on the SDN(Software Defined Network)technology,this paper proposes a novel event-based anomaly detection approach to identify misbehaviors using non-public industrial communication protocols,and this approach can be installed in SDN switches as a security software appliance in SDN-based control systems.Furthermore,aiming at the unknown protocol specification and message format,this approach first restructures the industrial communication sessions and merges the payloads from industrial communication packets.After that,the feature selection and event sequence extraction can be carried out by using the N-gram model and K-means algorithm.Based on the obtained event sequences,this approach finally trains an event-based HMM(Hidden Markov Model)to identify aberrant industrial communication behaviors.Experimental results clearly show that the proposed approach has obvious advantages of classification accuracy and detection efficiency.
文摘The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers complete data protection from Advanced Persistent Threat(APT)attacks with attack detection and defence mechanisms.The modified lateral movement detection algorithm detects the APT attacks,while the defence is achieved by the Dynamic Deception system that makes use of the belief update algorithm.Before termination,every cyber-attack undergoes multiple stages,with the most prominent stage being Lateral Movement(LM).The LM uses a Remote Desktop protocol(RDP)technique to authenticate the unauthorised host leaving footprints on the network and host logs.An anomaly-based approach leveraging the RDP event logs on Windows is used for detecting the evidence of LM.After extracting various feature sets from the logs,the RDP sessions are classified using machine-learning techniques with high recall and precision.It is found that the AdaBoost classifier offers better accuracy,precision,F1 score and recall recording 99.9%,99.9%,0.99 and 0.98%.Further,a dynamic deception process is used as a defence mechanism to mitigateAPTattacks.A hybrid encryption communication,dynamic(Internet Protocol)IP address generation,timing selection and policy allocation are established based on mathematical models.A belief update algorithm controls the defender’s action.The performance of the proposed system is compared with the state-of-the-art models.
文摘The rapid growth of the Internet of Things(IoT)in the industrial sector has given rise to a new term:the Industrial Internet of Things(IIoT).The IIoT is a collection of devices,apps,and services that connect physical and virtual worlds to create smart,cost-effective,and scalable systems.Although the IIoT has been implemented and incorporated into a wide range of industrial control systems,maintaining its security and privacy remains a significant concern.In the IIoT contexts,an intrusion detection system(IDS)can be an effective security solution for ensuring data confidentiality,integrity,and availability.In this paper,we propose an intelligent intrusion detection technique that uses principal components analysis(PCA)as a feature engineering method to choose the most significant features,minimize data dimensionality,and enhance detection performance.In the classification phase,we use clustering algorithms such as K-medoids and K-means to determine whether a given flow of IIoT traffic is normal or attack for binary classification and identify the group of cyberattacks according to its specific type for multi-class classification.To validate the effectiveness and robustness of our proposed model,we validate the detection method on a new driven IIoT dataset called X-IIoTID.The performance results showed our proposed detection model obtained a higher accuracy rate of 99.79%and reduced error rate of 0.21%when compared to existing techniques.
文摘The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.
文摘In order to overcome the defects of the existing technology that the detection of ceramic electric kiln faults takes a long time and costs a lot,an electric kiln control and fault detection device was designed.The working process of the device includes detection module,control module,start⁃stop module and switch module.The detection module detects the resistance circuit and sends a fault signal to the control module.The control module generates stop signal and fault information according to the fault signal,and starts the electric kiln when the fault signal is not received within the preset time.The start⁃stop module can monitor the internal temperature of the electric kiln and control the closing status of the switch module.The switch module is used to control the connection status of AC power and each resistance circuit in the kiln.Based on the 5G DTU or 5G module,the control module could send the information to mobile terminal under the ultra⁃reliable and low⁃latency communication(uRLLC)technical characteristics of 5G communication.
文摘Frame resolution and physical layer (PHY) protocol type detection are the basis of research and development of intrusion prevention systems for IEEE 802.11 wireless network. Aiming at the problems which cannot be solved by the specifications export, this paper proposed a MAC frame analytical method and a PHY protocol type detection algorithm based on parsing the IEEE 802.11packets captured by the library Libpcap. The packet structure and the length of the frame preamble (18 or 26 bytes) are presented. Then the methods of transforming byte-order and resolving sub-fields are given. A detection algorithm of PHY protocol type is proposed based on the experiments and examples are given to verify these methods. This work can be a reference for the R & D related to link layer frame analysis.
基金the National High Technology Development "863" Program of China (2006AA01Z436, 2007AA01Z452)the National Natural Science Foundation of China(60702042).
文摘Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.
文摘The Internet of Things(IoT)has been deployed in diverse critical sectors with the aim of improving quality of service and facilitating human lives.The IoT revolution has redefined digital services in different domains by improving efficiency,productivity,and cost-effectiveness.Many service providers have adapted IoT systems or plan to integrate them as integral parts of their systems’operation;however,IoT security issues remain a significant challenge.To minimize the risk of cyberattacks on IoT networks,anomaly detection based on machine learning can be an effective security solution to overcome a wide range of IoT cyberattacks.Although various detection techniques have been proposed in the literature,existing detection methods address limited cyberattacks and utilize outdated datasets for evaluations.In this paper,we propose an intelligent,effective,and lightweight detection approach to detect several IoT attacks.Our proposed model includes a collaborative feature selection method that selects the best distinctive features and eliminates unnecessary features to build an effective and efficient detection model.In the detection phase,we also proposed an ensemble of learning techniques to improve classification for predicting several different types of IoT attacks.The experimental results show that our proposed method can effectively and efficiently predict several IoT attacks with a higher accuracy rate of 99.984%,a precision rate of 99.982%,a recall rate of 99.984%,and an F1-score of 99.983%.
文摘Due to their unique characteristics, such as the dynamic changing topology, the absence of central management, the cooperative routing mechanisms, and the resources constraints, Mobile ad hoc networks (MANETs) are relatively vulnerable to both active and passive attacks. In MANET, routing attacks try to disrupt the functions of routing protocol by intentionally or unintentionally dropping packets or propagating faked routing messages. However, due to their computation requirements, the prevention mechanisms are not powerful enough to secure MANET. In this paper, we propose a distributed and cooperative scheme using statistical methods to detect routing attacks in MANETs. Our scheme uses both direct and indirect observations to characterize the behaviors of both neighboring and remote nodes. Simple threshold and Grubb’s Test are utilized to propose our new detection methods. The scheme includes innovative methods to compute our proposed measures, Maximum Accusation Number (MAN) and Accusation Number (AN), which are used to make decision about node’s behavior. Experimental results show that our scheme performs well in detecting anomalous events in routing functions.
基金Supported by the Science and Technique Founda-tion of Beijing Jiaotong University (2006RC012)
文摘The communication mechanism plays an important role in an intrusion detection system, while it has not been paid enough attention. Based on analyzing the actual facts and expatiating upon the requirements a communication mechanism needs to meet, a message driven communication mechanism is proposed in this paper. The protocol presented here is divided into three layers: entity level, host level, and network level. The communication processes are also designed in detail. Experiments illustrate that cooperative entities can detect distributed sophisticated attacks accurately. Furthermore, this mechanism has the advantages like high reliability, low time delay and expenses.
文摘Fairness and stability guarantee among TCP flows is very stubborn in wireless ad hoc networks. There is not a MAC protocol that can fulfill this acquirement until now. In this paper, we firstly reveal the in-depth causes of the severe TCP unfairness and instability problems in IEEE 802.11-based multihop networks. Then we utilize the collision detection mechanism of the IEEE 802.11 protocol which is often ignored by most of the people to design a novel collision detection mechanism-based MAC (CDMB-MAC) scheme to solve the short-term and long-term fairness and stability issues while providing a good aggregate throughput in many topologies.
文摘The rapid development of the Internet of Things(IoT)in the industrial domain has led to the new term the Industrial Internet of Things(IIoT).The IIoT includes several devices,applications,and services that connect the physical and virtual space in order to provide smart,cost-effective,and scalable systems.Although the IIoT has been deployed and integrated into a wide range of industrial control systems,preserving security and privacy of such a technology remains a big challenge.An anomaly-based Intrusion Detection System(IDS)can be an effective security solution for maintaining the confidentiality,integrity,and availability of data transmitted in IIoT environments.In this paper,we propose an intelligent anomalybased IDS framework in the context of fog-to-things communications to decentralize the cloud-based security solution into a distributed architecture(fog nodes)near the edge of the data source.The anomaly detection system utilizes minimum redundancy maximum relevance and principal component analysis as the featured engineering methods to select the most important features,reduce the data dimensionality,and improve detection performance.In the classification stage,anomaly-based ensemble learning techniques such as bagging,LPBoost,RUSBoost,and Adaboost models are implemented to determine whether a given flow of traffic is normal or malicious.To validate the effectiveness and robustness of our proposed model,we evaluate our anomaly detection approach on a new driven IIoT dataset called XIIoTID,which includes new IIoT protocols,various cyberattack scenarios,and different attack protocols.The experimental results demonstrated that our proposed anomaly detection method achieved a higher accuracy rate of 99.91%and a reduced false alarm rate of 0.1%compared to other recently proposed techniques.
文摘Collision detection mechanisms in Wireless Sensor Networks (WSNs) have largely been revolving around direct demodulation and decoding of received packets and deciding on a collision based on some form of a frame error detection mechanism, such as a CRC check. The obvious drawback of full detection of a received packet is the need to expend a significant amount of energy and processing complexity in order to fully decode a packet, only to discover the packet is illegible due to a collision. In this paper, we propose a suite of novel, yet simple and power-efficient algorithms to detect a collision without the need for full-decoding of the received packet. Our novel algorithms aim at detecting collision through fast examination of the signal statistics of a short snippet of the received packet via a relatively small number of computations over a small number of received IQ samples. Hence, the proposed algorithms operate directly at the output of the receiver's analog-to-digital converter and eliminate the need to pass the signal through the entire. In addition, we present a complexity and power-saving comparison between our novel algorithms and conventional full-decoding (for select coding schemes) to demonstrate the significant power and complexity saving advantage of our algorithms.
文摘Cooperative wireless sensor networks have drastically grown due to node co-opera- tive in unaltered environment. Various real time applications are developed and deployed under cooperative network, which controls and coordinates the flow to and from the nodes to the base station. Though nodes are interlinked to give expected state behavior, it is vital to monitor the malicious activities in the network. There is a high end probability to compromise the node behavior that leads to catastrophes. To overcome this issue a Novel Context Aware-IDS approach named Context Aware Nodal Deployment-IDS (CAND-IDS) is framed. During data transmission based on node properties and behavior CAND-IDS detects and eliminates the malicious nodes in the explored path. Also during network deployment and enhancement, node has to follow Context Aware Cooperative Routing Protocol (CCRP), to ensure the reliability of the network. CAND-IDS are programmed and simulated using Network Simulator software and the performance is verified and evaluated. The simulation result shows significant improvements in the throughput, energy consumption and delay made when compared with the existing system.
文摘针对高动态无人机自组网中节点之间链路生存时间(Link Live Time,LLT)短和节点遭遇路由空洞次数多的问题,提出了一种基于空洞节点检测的可靠无人机自组网路由协议——GPSR-HND(Greedy Perimeter Stateless Routing Based on Hollow Node Detection)。GPSR-HND协议中,转发节点通过空洞节点检测机制检测邻居节点状态,将有效邻居节点加入待选邻居节点集;然后基于层次分析法(Analytic Hierarchy Process,AHP)的多度量下一跳节点选择机制从待选邻居节点集中选择权重最大的邻居节点贪婪转发数据;如果待选邻居节点集为空,则从空洞邻居节点集中选择权重最大的空洞节点启动改进的周边转发机制,寻找可恢复贪婪转发模式的节点。与GPSR-NS协议和GPSR协议相比,GPSR-HND协议表现出了更好的性能,包括平均端到端时延和丢包率的改善,以及吞吐量的提高。
文摘DNS over HTTPS(DoH)协议是一种针对域名系统(DNS)的最新改进方案,然而用户可使用第三方DoH服务规避内网原有的监管,所以异常流量检测方法不再适用于检测DoH流量。针对该问题提出了一种DTESI算法。首先,基于信息熵将DoH流量作为异常流量从全部网络流量中筛选出来;然后,利用DoH服务器与同一客户端建立TLS连接时响应方式总是相同的特性,用指纹识别检测客户端与DoH服务器之间的TLS协商,确定DoH服务器身份;最后,使用Top-K抽样算法选出一定时段内网络中前K台活跃主机着重进行流量检测,使算法能应用于中大型组织的网络。实验结果表明,针对发现的异常流量,DTESI算法检测出的DoH服务提供商准确率超过94%。在此基础上比较了在不同K值下的算法检测时间和对网络中全部DoH流量的检测覆盖率,结果表明合理选择K值可以提升算法的整体效能。