Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attack...Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.展开更多
Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increas...Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.展开更多
With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems...With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems,such as large assets,complex and diverse structures,and lack of computing resources.Traditional network intrusion detection systems cannot meet the security needs of IoT applications.In view of this situation,this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance.Usually,traditional intrusion detection algorithms require considerable time for training,and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes;therefore,it is necessary to study intrusion detection algorithms with low weights,short training time,and high detection accuracy for deployment and application on cloud nodes.An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats.This paper discusses the problems related to IoT intrusion prevention in cloud computing environments.Based on the analysis of cloud computing security threats,this study extensively explores IoT intrusion detection,cloud node monitoring,and intrusion response in cloud computing environments by using cloud computing,an improved extreme learning machine,and other methods.We use the Multi-Feature Extraction Extreme Learning Machine(MFE-ELM)algorithm for cloud computing,which adds a multi-feature extraction process to cloud servers,and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes.In our simulation experiments,a classical dataset for intrusion detection is selected as a test,and test steps such as data preprocessing,feature engineering,model training,and result analysis are performed.The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes.Furthermore,it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time,so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.展开更多
As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respo...As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.展开更多
Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning re...Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning require labelled dataset as a target to train a supervised model.This is unlikely to be the case in production network as the dataset is unstructured and has no label.Hence an unsupervised learning is recommended.Behavioral study is one of the techniques to elicit traffic pattern.However,studies have shown that existing behavioral intrusion detection model had a few issues which had been parameterized into its common characteristics,namely lack of prior information(p(θ)),and reduced parameters(θ).Therefore,this study aims to utilize the previously built Feature Selection Model subsequently to design a Predictive Analytics Model based on Bayesian Network used to improve the analysis prediction.Feature Selection Model is used to learn significant label as a target and Bayesian Network is a sophisticated probabilistic approach to predict intrusion.Finally,the results are extended to evaluate detection,accuracy and false alarm rate of the model against the subject matter expert model,Support Vector Machine(SVM),k nearest neighbor(k-NN)using simulated and ground-truth dataset.The ground-truth dataset from the production traffic of one of the largest healthcare provider in Malaysia is used to promote realism on the real use case scenario.Results have shown that the proposed model consistently outperformed other models.展开更多
Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one...Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one of the biggest issues that arise.Different types of malware are wreaking havoc on the clouds.Attacks on the cloud server are happening from both internal and external sides.This paper has developed a tool to prevent the cloud server from spamming attacks.When an attacker attempts to use different spamming techniques on a cloud server,the attacker will be intercepted through two effective techniques:Cloudflare and K-nearest neighbors(KNN)classification.Cloudflare will block those IP addresses that the attacker will use and prevent spamming attacks.However,the KNN classifiers will determine which area the spammer belongs to.At the end of the article,various prevention techniques for securing cloud servers will be discussed,a comparison will be made with different papers,a conclusion will be drawn based on different results.展开更多
As a large amount of data needs to be processed and speed needs to be improved,edge computing with ultra-low latency and ultra-connectivity is emerging as a new paradigm.These changes can lead to new cyber risks,and s...As a large amount of data needs to be processed and speed needs to be improved,edge computing with ultra-low latency and ultra-connectivity is emerging as a new paradigm.These changes can lead to new cyber risks,and should therefore be considered for a security threat model.To this end,we constructed an edge system to study security in two directions,hardware and software.First,on the hardware side,we want to autonomically defend against hardware attacks such as side channel attacks by configuring field programmable gate array(FPGA)which is suitable for edge computing and identifying communication status to control the communication method according to priority.In addition,on the software side,data collected on the server performs end-to-end encryption via symmetric encryption keys.Also,we modeled autonomous defense systems on the server by using machine learning which targets to incoming and outgoing logs.Server log utilizes existing intrusion detection datasets that should be used in real-world environments.Server log was used to detect intrusion early by modeling an intrusion prevention system to identify behaviors that violate security policy,and to utilize the existing intrusion detection data set that should be used in a real environment.Through this,we designed an efficient autonomous defense system that can provide a stable system by detecting abnormal signals from the device and converting them to an effective method to control edge computing,and to detect and control abnormal intrusions on the server side.展开更多
Fog computing(FC)is a networking paradigm where wireless devices known as fog nodes are placed at the edge of the network(close to the Internet of Things(IoT)devices).Fog nodes provide services in lieu of the cloud.Th...Fog computing(FC)is a networking paradigm where wireless devices known as fog nodes are placed at the edge of the network(close to the Internet of Things(IoT)devices).Fog nodes provide services in lieu of the cloud.Thus,improving the performance of the network and making it attractive to social media-based systems.Security issues are one of the most challenges encountered in FC.In this paper,we propose an anomalybased Intrusion Detection and Prevention System(IDPS)against Man-in-theMiddle(MITM)attack in the fog layer.The system uses special nodes known as Intrusion Detection System(IDS)nodes to detect intrusion in the network.They periodically monitor the behavior of the fog nodes in the network.Any deviation from normal network activity is categorized as malicious,and the suspected node is isolated.ExponentiallyWeighted Moving Average(EWMA)is added to the system to smooth out the noise that is typically found in social media communications.Our results(with 95%confidence)show that the accuracy of the proposed system increases from 80%to 95%after EWMA is added.Also,with EWMA,the proposed system can detect the intrusion from 0.25–0.5 s seconds faster than that without EWMA.However,it affects the latency of services provided by the fog nodes by at least 0.75–1.3 s.Finally,EWMA has not increased the energy overhead of the system,due to its lightweight.展开更多
基金This work was supported in part by the Information Technology Research Center(ITRC)Support Program supervised by the Institute for Information and Communications Technology Planning and Evaluation(IITP)(IITP-2020-2016-0-00313),and in part by and the 2021 Yeungnam University Research Grant.
文摘Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.
文摘Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.
基金funded by the Key Research and Development plan of Jiangsu Province (Social Development)No.BE20217162Jiangsu Modern Agricultural Machinery Equipment and Technology Demonstration and Promotion Project No.NJ2021-19.
文摘With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems,such as large assets,complex and diverse structures,and lack of computing resources.Traditional network intrusion detection systems cannot meet the security needs of IoT applications.In view of this situation,this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance.Usually,traditional intrusion detection algorithms require considerable time for training,and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes;therefore,it is necessary to study intrusion detection algorithms with low weights,short training time,and high detection accuracy for deployment and application on cloud nodes.An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats.This paper discusses the problems related to IoT intrusion prevention in cloud computing environments.Based on the analysis of cloud computing security threats,this study extensively explores IoT intrusion detection,cloud node monitoring,and intrusion response in cloud computing environments by using cloud computing,an improved extreme learning machine,and other methods.We use the Multi-Feature Extraction Extreme Learning Machine(MFE-ELM)algorithm for cloud computing,which adds a multi-feature extraction process to cloud servers,and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes.In our simulation experiments,a classical dataset for intrusion detection is selected as a test,and test steps such as data preprocessing,feature engineering,model training,and result analysis are performed.The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes.Furthermore,it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time,so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.
文摘As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.
基金The work is fully sponsored by the research project grant FRGS/1/2021/ICT07/UITM/02/3。
文摘Due to polymorphic nature of malware attack,a signature-based analysis is no longer sufficient to solve polymorphic and stealth nature ofmalware attacks.On the other hand,state-of-the-art methods like deep learning require labelled dataset as a target to train a supervised model.This is unlikely to be the case in production network as the dataset is unstructured and has no label.Hence an unsupervised learning is recommended.Behavioral study is one of the techniques to elicit traffic pattern.However,studies have shown that existing behavioral intrusion detection model had a few issues which had been parameterized into its common characteristics,namely lack of prior information(p(θ)),and reduced parameters(θ).Therefore,this study aims to utilize the previously built Feature Selection Model subsequently to design a Predictive Analytics Model based on Bayesian Network used to improve the analysis prediction.Feature Selection Model is used to learn significant label as a target and Bayesian Network is a sophisticated probabilistic approach to predict intrusion.Finally,the results are extended to evaluate detection,accuracy and false alarm rate of the model against the subject matter expert model,Support Vector Machine(SVM),k nearest neighbor(k-NN)using simulated and ground-truth dataset.The ground-truth dataset from the production traffic of one of the largest healthcare provider in Malaysia is used to promote realism on the real use case scenario.Results have shown that the proposed model consistently outperformed other models.
文摘Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one of the biggest issues that arise.Different types of malware are wreaking havoc on the clouds.Attacks on the cloud server are happening from both internal and external sides.This paper has developed a tool to prevent the cloud server from spamming attacks.When an attacker attempts to use different spamming techniques on a cloud server,the attacker will be intercepted through two effective techniques:Cloudflare and K-nearest neighbors(KNN)classification.Cloudflare will block those IP addresses that the attacker will use and prevent spamming attacks.However,the KNN classifiers will determine which area the spammer belongs to.At the end of the article,various prevention techniques for securing cloud servers will be discussed,a comparison will be made with different papers,a conclusion will be drawn based on different results.
基金This research was funded by Korea Environmental Industry&Technology Institute(KEITI),Grant Number RE202101551and The APC was funded by Ministry of Environment(ME).
文摘As a large amount of data needs to be processed and speed needs to be improved,edge computing with ultra-low latency and ultra-connectivity is emerging as a new paradigm.These changes can lead to new cyber risks,and should therefore be considered for a security threat model.To this end,we constructed an edge system to study security in two directions,hardware and software.First,on the hardware side,we want to autonomically defend against hardware attacks such as side channel attacks by configuring field programmable gate array(FPGA)which is suitable for edge computing and identifying communication status to control the communication method according to priority.In addition,on the software side,data collected on the server performs end-to-end encryption via symmetric encryption keys.Also,we modeled autonomous defense systems on the server by using machine learning which targets to incoming and outgoing logs.Server log utilizes existing intrusion detection datasets that should be used in real-world environments.Server log was used to detect intrusion early by modeling an intrusion prevention system to identify behaviors that violate security policy,and to utilize the existing intrusion detection data set that should be used in a real environment.Through this,we designed an efficient autonomous defense system that can provide a stable system by detecting abnormal signals from the device and converting them to an effective method to control edge computing,and to detect and control abnormal intrusions on the server side.
基金The Authors would like to acknowledge the support of King Fahd University of Petroleum and Minerals for this research.
文摘Fog computing(FC)is a networking paradigm where wireless devices known as fog nodes are placed at the edge of the network(close to the Internet of Things(IoT)devices).Fog nodes provide services in lieu of the cloud.Thus,improving the performance of the network and making it attractive to social media-based systems.Security issues are one of the most challenges encountered in FC.In this paper,we propose an anomalybased Intrusion Detection and Prevention System(IDPS)against Man-in-theMiddle(MITM)attack in the fog layer.The system uses special nodes known as Intrusion Detection System(IDS)nodes to detect intrusion in the network.They periodically monitor the behavior of the fog nodes in the network.Any deviation from normal network activity is categorized as malicious,and the suspected node is isolated.ExponentiallyWeighted Moving Average(EWMA)is added to the system to smooth out the noise that is typically found in social media communications.Our results(with 95%confidence)show that the accuracy of the proposed system increases from 80%to 95%after EWMA is added.Also,with EWMA,the proposed system can detect the intrusion from 0.25–0.5 s seconds faster than that without EWMA.However,it affects the latency of services provided by the fog nodes by at least 0.75–1.3 s.Finally,EWMA has not increased the energy overhead of the system,due to its lightweight.