Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning re...Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning require labelled dataset as a target to train a supervised model.This is unlikely to be the case in production network as the dataset is unstructured and has no label.Hence an unsupervised learning is recommended.Behavioral study is one of the techniques to elicit traffic pattern.However,studies have shown that existing behavioral intrusion detection model had a few issues which had been parameterized into its common characteristics,namely lack of prior information(p(θ)),and reduced parameters(θ).Therefore,this study aims to utilize the previously built Feature Selection Model subsequently to design a Predictive Analytics Model based on Bayesian Network used to improve the analysis prediction.Feature Selection Model is used to learn significant label as a target and Bayesian Network is a sophisticated probabilistic approach to predict intrusion.Finally,the results are extended to evaluate detection,accuracy and false alarm rate of the model against the subject matter expert model,Support Vector Machine(SVM),k nearest neighbor(k-NN)using simulated and ground-truth dataset.The ground-truth dataset from the production traffic of one of the largest healthcare provider in Malaysia is used to promote realism on the real use case scenario.Results have shown that the proposed model consistently outperformed other models.展开更多
With the progress of advanced technology in the industrial revolution encompassing the Internet of Things(IoT)and cloud computing,cyberattacks have been increasing rapidly on a large scale.The rapid expansion of IoT a...With the progress of advanced technology in the industrial revolution encompassing the Internet of Things(IoT)and cloud computing,cyberattacks have been increasing rapidly on a large scale.The rapid expansion of IoT and networks in many forms generates massive volumes of data,which are vulnerable to security risks.As a result,cyberattacks have become a prevalent and danger to society,including its infrastructures,economy,and citizens’privacy,and pose a national security risk worldwide.Therefore,cyber security has become an increasingly important issue across all levels and sectors.Continuous progress is being made in developing more sophisticated and efficient intrusion detection and defensive methods.As the scale of complexity of the cyber-universe is increasing,advanced machine learning methods are the most appropriate solutions for predicting cyber threats.In this study,a fused machine learning-based intelligent model is proposed to detect intrusion in the early stage and thus secure networks from harmful attacks.Simulation results confirm the effectiveness of the proposed intrusion detection model,with 0.909 accuracy and a miss rate of 0.091.展开更多
The simulation of this process and the effects of protection projects lays the foundation of its effective control and defence. The mathematical model of the problem and upwind splitting alternating direction method w...The simulation of this process and the effects of protection projects lays the foundation of its effective control and defence. The mathematical model of the problem and upwind splitting alternating direction method were presented. Using this method, the numerical simulation of seawater intrusion in Laizhou Bay Area of Shandong Provivce was finished. The numerical results turned out to be identical with the real measurements, so the prediction of the consequences of protection projectects is reasonable.展开更多
Accurate prediction of magmatic intrusion into a coal bed is illustrated using the method of seismic spectral decomposition.The characteristics of coal seismic reflections are first analyzed and the effect of variable...Accurate prediction of magmatic intrusion into a coal bed is illustrated using the method of seismic spectral decomposition.The characteristics of coal seismic reflections are first analyzed and the effect of variable time windows and domain frequencies on the spectral decomposition are examined.The higher domain frequency of coal bed reflections using the narrower STFT time window,or the smaller ST scale factor,are acceptable.When magmatic rock intrudes from the bottom of the coal bed the domain frequency of the reflections is decreased slightly,the frequency bandwidth is narrowed correspondingly,and the response from spectral decomposition is significantly reduced.Intrusion by a very thin magmatic rock gives a spectral decomposition response that is just slightly less than what is seen from a normal coal bed.Results from an actual mining area were used to validate the method.Predicting the boundary of magmatic intrusions with the method discussed herein was highly accurate and has been validated by observations from underground mining.展开更多
A new rule to detect intrusion based on IP weight, which is also well implemented in the rule base of author’s NMS, is presented. Compared with traditional ones, intrusion detecting based on IP weight enhanced analys...A new rule to detect intrusion based on IP weight, which is also well implemented in the rule base of author’s NMS, is presented. Compared with traditional ones, intrusion detecting based on IP weight enhanced analysis to packet content. The method also provides a real-time efficient way to analyze traffic on high-speed network and can help to increase valid usage rates of network resources. Practical implementation as a rule in the rule base of our NMS has verified that the rule can detect not only attacks on network, but also other unusual behaviors.展开更多
This study was aimed at mapping the subsurface extent of saline water intrusions into aquifers at the eastern part of Dahomey basin, Nigeria. The study adopted geoelectric sounding methods. 108 vertical electrical sou...This study was aimed at mapping the subsurface extent of saline water intrusions into aquifers at the eastern part of Dahomey basin, Nigeria. The study adopted geoelectric sounding methods. 108 vertical electrical soundings (VES) and 9 induced polarization soundings (IPS) data were acquired using Schlumberger array technique. Three aquifer units were delineated across the study area. The resistivity of the first, second and third aquifer layers varies from 0.2 to 1569 ohm-m, 0.5 to 904 ohm-m and 0.4 to 665 ohm-m respectively, while depth to the top of first, second and third aquifer varies respectively from 0.7 to 151.5 m, 1.4 to 305.5 m and 12.9 to 452.9 m. The depth to the first aquifer layer is shallow (less than 5 m) in the coastal area which makes this area to be highly vulnerable to anthropogenic pollution while their proximity to Atlantic Ocean makes them susceptible to saline water intrusion. In all the three aquifer units, the coastal area, Agbabu and other few locations in the mainland are characterized by low resistivity values (below 60 ohm-m) indicating possible presence of brackish or saline water. IP sounding results showed that all the low resistive layers in the mainland are characterized by clayey materials. The integration of VES and IPS results enabled the delineation of the saline water lateral extent across the study area. There is a strong direct correlation (r2 = 0.8564) between location distance from the saline water source and depth to saline water in the study area. This can therefore serve as a predictive model to determine depth to saline water at any location within the saline water zone in the study area.展开更多
Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection ag...Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection agents were designed, which have the distributed architecture,cooperate with the agents in intrusion detection in a loose-coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self-protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network-based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network-based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks exist ing in some system service process and back-door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.展开更多
By using netflow traffic collecting technology, some traffic data for analysis are collected from a next generation network (NGN) operator. To build a wavelet basis neural network (NN), the Sigmoid function is rep...By using netflow traffic collecting technology, some traffic data for analysis are collected from a next generation network (NGN) operator. To build a wavelet basis neural network (NN), the Sigmoid function is replaced with the wavelet in NN. Then the wavelet multiresolution analysis method is used to decompose the traffic signal, and the decomposed component sequences are employed to train the NN. By using the methods, an NGN traffic prediction model is built to predict one day's traffic. The experimental results show that the traffic prediction method of wavelet NN is more accurate than that without using wavelet in the NGN traffic forecasting.展开更多
This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactic...This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.展开更多
基金The work is fully sponsored by the research project grant FRGS/1/2021/ICT07/UITM/02/3。
文摘Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning require labelled dataset as a target to train a supervised model.This is unlikely to be the case in production network as the dataset is unstructured and has no label.Hence an unsupervised learning is recommended.Behavioral study is one of the techniques to elicit traffic pattern.However,studies have shown that existing behavioral intrusion detection model had a few issues which had been parameterized into its common characteristics,namely lack of prior information(p(θ)),and reduced parameters(θ).Therefore,this study aims to utilize the previously built Feature Selection Model subsequently to design a Predictive Analytics Model based on Bayesian Network used to improve the analysis prediction.Feature Selection Model is used to learn significant label as a target and Bayesian Network is a sophisticated probabilistic approach to predict intrusion.Finally,the results are extended to evaluate detection,accuracy and false alarm rate of the model against the subject matter expert model,Support Vector Machine(SVM),k nearest neighbor(k-NN)using simulated and ground-truth dataset.The ground-truth dataset from the production traffic of one of the largest healthcare provider in Malaysia is used to promote realism on the real use case scenario.Results have shown that the proposed model consistently outperformed other models.
基金This project was funded(grant no.G:432-611-1443)by the Deanship of Scientific Research(DSR)at King Abdulaziz University(KAU),Jeddah,Saudi Arabia.
文摘With the progress of advanced technology in the industrial revolution encompassing the Internet of Things(IoT)and cloud computing,cyberattacks have been increasing rapidly on a large scale.The rapid expansion of IoT and networks in many forms generates massive volumes of data,which are vulnerable to security risks.As a result,cyberattacks have become a prevalent and danger to society,including its infrastructures,economy,and citizens’privacy,and pose a national security risk worldwide.Therefore,cyber security has become an increasingly important issue across all levels and sectors.Continuous progress is being made in developing more sophisticated and efficient intrusion detection and defensive methods.As the scale of complexity of the cyber-universe is increasing,advanced machine learning methods are the most appropriate solutions for predicting cyber threats.In this study,a fused machine learning-based intelligent model is proposed to detect intrusion in the early stage and thus secure networks from harmful attacks.Simulation results confirm the effectiveness of the proposed intrusion detection model,with 0.909 accuracy and a miss rate of 0.091.
文摘The simulation of this process and the effects of protection projects lays the foundation of its effective control and defence. The mathematical model of the problem and upwind splitting alternating direction method were presented. Using this method, the numerical simulation of seawater intrusion in Laizhou Bay Area of Shandong Provivce was finished. The numerical results turned out to be identical with the real measurements, so the prediction of the consequences of protection projectects is reasonable.
基金provided by the National Natural Science Foundation of China (Nos. 40804026 and 40874054)the Postdoctoral Science Foundation of China (No. 20100471003)+2 种基金the Postdoctoral Science Foundation of Jiangsu Province (No.1002023B)the Open Projects of State Key Laboratory of Coal Resources and Mine Safety (No. 10KF05)the Youth Foundation of CUMT,are gratefully acknowledged
文摘Accurate prediction of magmatic intrusion into a coal bed is illustrated using the method of seismic spectral decomposition.The characteristics of coal seismic reflections are first analyzed and the effect of variable time windows and domain frequencies on the spectral decomposition are examined.The higher domain frequency of coal bed reflections using the narrower STFT time window,or the smaller ST scale factor,are acceptable.When magmatic rock intrudes from the bottom of the coal bed the domain frequency of the reflections is decreased slightly,the frequency bandwidth is narrowed correspondingly,and the response from spectral decomposition is significantly reduced.Intrusion by a very thin magmatic rock gives a spectral decomposition response that is just slightly less than what is seen from a normal coal bed.Results from an actual mining area were used to validate the method.Predicting the boundary of magmatic intrusions with the method discussed herein was highly accurate and has been validated by observations from underground mining.
文摘A new rule to detect intrusion based on IP weight, which is also well implemented in the rule base of author’s NMS, is presented. Compared with traditional ones, intrusion detecting based on IP weight enhanced analysis to packet content. The method also provides a real-time efficient way to analyze traffic on high-speed network and can help to increase valid usage rates of network resources. Practical implementation as a rule in the rule base of our NMS has verified that the rule can detect not only attacks on network, but also other unusual behaviors.
文摘This study was aimed at mapping the subsurface extent of saline water intrusions into aquifers at the eastern part of Dahomey basin, Nigeria. The study adopted geoelectric sounding methods. 108 vertical electrical soundings (VES) and 9 induced polarization soundings (IPS) data were acquired using Schlumberger array technique. Three aquifer units were delineated across the study area. The resistivity of the first, second and third aquifer layers varies from 0.2 to 1569 ohm-m, 0.5 to 904 ohm-m and 0.4 to 665 ohm-m respectively, while depth to the top of first, second and third aquifer varies respectively from 0.7 to 151.5 m, 1.4 to 305.5 m and 12.9 to 452.9 m. The depth to the first aquifer layer is shallow (less than 5 m) in the coastal area which makes this area to be highly vulnerable to anthropogenic pollution while their proximity to Atlantic Ocean makes them susceptible to saline water intrusion. In all the three aquifer units, the coastal area, Agbabu and other few locations in the mainland are characterized by low resistivity values (below 60 ohm-m) indicating possible presence of brackish or saline water. IP sounding results showed that all the low resistive layers in the mainland are characterized by clayey materials. The integration of VES and IPS results enabled the delineation of the saline water lateral extent across the study area. There is a strong direct correlation (r2 = 0.8564) between location distance from the saline water source and depth to saline water in the study area. This can therefore serve as a predictive model to determine depth to saline water at any location within the saline water zone in the study area.
文摘Static secure techniques, such as firewall, hierarchy filtering, distributed disposing,layer management, autonomy agent, secure communication, were introduced in distributed intrusion detection. The self-protection agents were designed, which have the distributed architecture,cooperate with the agents in intrusion detection in a loose-coupled manner, protect the security of intrusion detection system, and respond to the intrusion actively. A prototype self-protection agent was implemented by using the packet filter in operation system kernel. The results show that all the hosts with the part of network-based intrusion detection system and the whole intrusion detection system are invisible from the outside and network scanning, and cannot apperceive the existence of network-based intrusion detection system. The communication between every part is secure. In the low layer, the packet streams are controlled to avoid the buffer leaks exist ing in some system service process and back-door programs, so as to prevent users from misusing and vicious attack like Trojan Horse effectively.
文摘By using netflow traffic collecting technology, some traffic data for analysis are collected from a next generation network (NGN) operator. To build a wavelet basis neural network (NN), the Sigmoid function is replaced with the wavelet in NN. Then the wavelet multiresolution analysis method is used to decompose the traffic signal, and the decomposed component sequences are employed to train the NN. By using the methods, an NGN traffic prediction model is built to predict one day's traffic. The experimental results show that the traffic prediction method of wavelet NN is more accurate than that without using wavelet in the NGN traffic forecasting.
文摘This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted?self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.
