LDA-ID:An LDA-Based Framework for Real-Time Network Intrusion Detection

Network intrusion poses a severe threat to the Internet.However,existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap.In addition,efficient real-time detection is an urgent problem.To address the two above problems,we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection(LDA-ID),consisting of static and online LDA-ID.The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection.Thus,the detection is based on the latent topic features.To achieve efficient real-time detection,we design an online computing mode for static LDA-ID,in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information.Furthermore,we design two matching mechanisms to accommodate the static and online LDA-ID,respectively.Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.

A Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System

In recent years,cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things(IoT)and the widespread development of computer infrastructure and systems.It is thus becoming particularly necessary to identify cyber-attacks or irregularities in the system and develop an efficient intrusion detection framework that is integral to security.Researchers have worked on developing intrusion detection models that depend on machine learning(ML)methods to address these security problems.An intelligent intrusion detection device powered by data can exploit artificial intelligence(AI),and especially ML,techniques.Accordingly,we propose in this article an intrusion detection model based on a Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System(RTS-DELM-CSIDS)security model.The proposed model initially determines the rating of security aspects contributing to their significance and then develops a comprehensive intrusion detection framework focused on the essential characteristics.Furthermore,we investigated the feasibility of our proposed RTS-DELM-CSIDS framework by performing dataset evaluations and calculating accuracy parameters to validate.The experimental findings demonstrate that the RTS-DELM-CSIDS framework outperforms conventional algorithms.Furthermore,the proposed approach has not only research significance but also practical significance.

A Method for Detecting Intrusion on Networks in Real-time Based on IP Weight

A new rule to detect intrusion based on IP weight, which is also well implemented in the rule base of author’s NMS, is presented. Compared with traditional ones, intrusion detecting based on IP weight enhanced analysis to packet content. The method also provides a real-time efficient way to analyze traffic on high-speed network and can help to increase valid usage rates of network resources. Practical implementation as a rule in the rule base of our NMS has verified that the rule can detect not only attacks on network, but also other unusual behaviors.

Real-Time Network Intrusion Prevention System Using Incremental Feature Generation

Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.

Building Real-Time Network Intrusion Detection System Based on Parallel Time-Series Mining Techniques

A new real-time model based on parallel time-series mining is proposed to improve the accuracy and efficiency of the network intrusion detection systems. In this model, multidimensional dataset is constructed to describe network events, and sliding window updating algorithm is used to maintain network stream. Moreover, parallel frequent patterns and frequent episodes mining algorithms are applied to implement parallel time-series mining engineer which can intelligently generate rules to distinguish intrusions from normal activities. Analysis and study on the basis of DAWNING 3000 indicate that this parallel time-series mining-based model provides a more accurate and efficient way to building real-time NIDS.

Real-Time Multi Fractal Trust Evaluation Model for Efficient Intrusion Detection in Cloud

Handling service access in a cloud environment has been identified as a critical challenge in the modern internet world due to the increased rate of intrusion attacks.To address such threats towards cloud services,numerous techniques exist that mitigate the service threats according to different metrics.The rule-based approaches are unsuitable for new threats,whereas trust-based systems estimate trust value based on behavior,flow,and other features.However,the methods suffer from mitigating intrusion attacks at a higher rate.This article presents a novel Multi Fractal Trust Evaluation Model(MFTEM)to overcome these deficiencies.The method involves analyzing service growth,network growth,and quality of service growth.The process estimates the user’s trust in various ways and the support of the user in achieving higher service performance by calculating Trusted Service Support(TSS).Also,the user’s trust in supporting network stream by computing Trusted Network Support(TNS).Similarly,the user’s trust in achieving higher throughput is analyzed by computing Trusted QoS Support(TQS).Using all these measures,the method adds the Trust User Score(TUS)value to decide on the clearance of user requests.The proposed MFTEM model improves intrusion detection accuracy with higher performance.

IDS-INT:Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.

A Data Intrusion Tolerance Model Based on an Improved Evolutionary Game Theory for the Energy Internet

Malicious attacks against data are unavoidable in the interconnected,open and shared Energy Internet(EI),Intrusion tolerant techniques are critical to the data security of EI.Existing intrusion tolerant techniques suffered from problems such as low adaptability,policy lag,and difficulty in determining the degree of tolerance.To address these issues,we propose a novel adaptive intrusion tolerance model based on game theory that enjoys two-fold ideas:(1)it constructs an improved replica of the intrusion tolerance model of the dynamic equation evolution game to induce incentive weights;and (2)it combines a tournament competition model with incentive weights to obtain optimal strategies for each stage of the game process.Extensive experiments are conducted in the IEEE 39-bus system,whose results demonstrate the feasibility of the incentive weights,confirm the proposed strategy strengthens the system’s ability to tolerate aggression,and improves the dynamic adaptability and response efficiency of the aggression-tolerant system in the case of limited resources.

Feature extraction for machine learning-based intrusion detection in IoT networks

A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.

A Hybrid Intrusion Detection Method Based on Convolutional Neural Network and AdaBoost

To solve the problem of poor detection and limited application range of current intrusion detection methods,this paper attempts to use deep learning neural network technology to study a new type of intrusion detection method.Hence,we proposed an intrusion detection algorithm based on convolutional neural network(CNN)and AdaBoost algorithm.This algorithm uses CNN to extract the characteristics of network traffic data,which is particularly suitable for the analysis of continuous and classified attack data.The AdaBoost algorithm is used to classify network attack data that improved the detection effect of unbalanced data classification.We adopt the UNSW-NB15 dataset to test of this algorithm in the PyCharm environment.The results show that the detection rate of algorithm is99.27%and the false positive rate is lower than 0.98%.Comparative analysis shows that this algorithm has advantages over existing methods in terms of detection rate and false positive rate for small proportion of attack data.

An Intelligent SDN-IoT Enabled Intrusion Detection System for Healthcare Systems Using a Hybrid Deep Learning and Machine Learning Approach

The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during these situations.Also,the security issues in the Internet of Medical Things(IoMT)used in these service,make the situation even more critical because cyberattacks on the medical devices might cause treatment delays or clinical failures.Hence,services in the healthcare ecosystem need rapid,uninterrupted,and secure facilities.The solution provided in this research addresses security concerns and services availability for patients with critical health in remote areas.This research aims to develop an intelligent Software Defined Networks(SDNs)enabled secure framework for IoT healthcare ecosystem.We propose a hybrid of machine learning and deep learning techniques(DNN+SVM)to identify network intrusions in the sensor-based healthcare data.In addition,this system can efficiently monitor connected devices and suspicious behaviours.Finally,we evaluate the performance of our proposed framework using various performance metrics based on the healthcare application scenarios.the experimental results show that the proposed approach effectively detects and mitigates attacks in the SDN-enabled IoT networks and performs better that other state-of-art-approaches.

基于Real-time PCR法检测乳粉中牛源性成分定量研究

基于Real-timePCR建立了乳粉中牛源性成分相对定量检测方法,并对牛的特异性引物与探针进行了特异性、灵敏度和稳定性测试。通过模拟不同浓度牛乳粉与马乳粉混合样本,根据其△Ct值的函数关系进行线性拟合进而绘制标准曲线,建立乳粉中牛源性成分的相对定量检测。结果显示,该方法的最低检测限为0.00001 mg/mL,回收率为91.11%~119.2%,组间变异系数≤0.58%、组内变异系数≤1.44%。说明该方法在特异性与稳定性上适用于乳粉中牛源性成分及含量的掺假检测。

A multifunctional shear apparatus for rocks subjected to true triaxial stress and high temperature in real-time

Deep engineering disasters,such as rockbursts and collapses,are more related to the shear slip of rock joints.A novel multifunctional device was developed to study the shear failure mechanism in rocks.Using this device,the complete shearedeformation process and long-term shear creep tests could be performed on rocks under constant normal stiffness(CNS)or constant normal loading(CNL)conditions in real-time at high temperature and true-triaxial stress.During the research and development process,five key technologies were successfully broken through:(1)the ability to perform true-triaxial compressioneshear loading tests on rock samples with high stiffness;(2)a shear box with ultra-low friction throughout the entire stress space of the rock sample during loading;(3)a control system capable of maintaining high stress for a long time and responding rapidly to the brittle fracture of a rock sample as well;(4)a refined ability to measure the volumetric deformation of rock samples subjected to true triaxial shearing;and(5)a heating system capable of maintaining uniform heating of the rock sample over a long time.By developing these technologies,loading under high true triaxial stress conditions was realized.The apparatus has a maximum normal stiffness of 1000 GPa/m and a maximum operating temperature of 300C.The differences in the surface temperature of the sample are constant to within5C.Five types of true triaxial shear tests were conducted on homogeneous sandstone to verify that the apparatus has good performance and reliability.The results show that temperature,lateral stress,normal stress and time influence the shear deformation,failure mode and strength of the sandstone.The novel apparatus can be reliably used to conduct true-triaxial shear tests on rocks subjected to high temperatures and stress.

Network Intrusion Traffic Detection Based on Feature Extraction

With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.

A Novel Intrusion Detection Model of Unknown Attacks Using Convolutional Neural Networks

With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.

Pore-pressure and stress-coupled creep behavior in deep coal:Insights from real-time NMR analysis

Understanding the variations in microscopic pore-fracture structures(MPFS) during coal creep under pore pressure and stress coupling is crucial for coal mining and effective gas treatment. In this manuscript, a triaxial creep test on deep coal at various pore pressures using a test system that combines in-situ mechanical loading with real-time nuclear magnetic resonance(NMR) detection was conducted.Full-scale quantitative characterization, online real-time detection, and visualization of MPFS during coal creep influenced by pore pressure and stress coupling were performed using NMR and NMR imaging(NMRI) techniques. The results revealed that seepage pores and microfractures(SPM) undergo the most significant changes during coal creep, with creep failure gradually expanding from dense primary pore fractures. Pore pressure presence promotes MPFS development primarily by inhibiting SPM compression and encouraging adsorption pores(AP) to evolve into SPM. Coal enters the accelerated creep stage earlier at lower stress levels, resulting in more pronounced creep deformation. The connection between the micro and macro values was established, demonstrating that increased porosity at different pore pressures leads to a negative exponential decay of the viscosity coefficient. The Newton dashpot in the ideal viscoplastic body and the Burgers model was improved using NMR experimental results, and a creep model that considers pore pressure and stress coupling using variable-order fractional operators was developed. The model’s reasonableness was confirmed using creep experimental data. The damagestate adjustment factors ω and β were identified through a parameter sensitivity analysis to characterize the effect of pore pressure and stress coupling on the creep damage characteristics(size and degree of difficulty) of coal.

一种基于real-time PCR技术的TTV检测方法的建立及应用

目的:本研究旨在开发一种具有更高灵敏度和特异性的TTV检测技术,为揭示TTV在多种疾病过程中的作用提供重要的技术支持。方法:为了更精确、灵敏的检测TTV,本研究分析了目前公布的所有亚型的TTV基因序列,在此基础上建立了一种基于UTR区域的real-time PCR检测方法,并与文献报道应用较为广泛的PCR检测方法进行了对比。结果:本研究建立的方法在1×10^(7)~1×10^(1) copies/μL标准品浓度范围内具有良好的线性关系,相关系数为1.000,斜率为-3.446,检测下限为1×10^(1) copies/μL。重复性试验结果显示,组内变异系数为7.22%,表明本方法重复性、稳定性较强。针对30份临床样本,使用本研究建立的real-time PCR检测方法及目前被多个研究所使用的4套引物进行对比。结果表明,本研究所建立的方法灵敏度显著高于文献中报道的4种方法(P<0.01);Sanger测序结果表明,本方法检测出的30份阳性样本均为TTV,检测特异性为100%。结论:本研究采用基于TaqMan探针的real-time PCR检测方法,检测灵敏性高、覆盖基因型范围广,尤其对于TTV病毒载量较低的情况下能够进行定量检测,对于TTV病毒的致病性及作为免疫标志物的应用提供重要的技术支持。

Igneous intrusion contact metamorphic system and its reservoir characteristics:A case study of Paleogene Shahejie Formation in Nanpu sag of Bohai Bay Basin,China

Taking the Paleogene Shahejie Formation in Nanpu sag of Bohai Bay Basin as an example,this study comprehensively utilizes seismic,mud logging,well logging,physical property analysis and core thin section data to investigate the metamorphic reservoir formed by contact metamorphism after igneous rock intrusion.(1)A geological model of the igneous intrusion contact met amorphic system is proposed,which can be divided into five structural layers vertically:the intrusion,upper metamorphic aureole,lower metamorphic aureole,normal sedimentary layers on the roof and floor.(2)The intrusion is characterized by xenoliths indicating intrusive facies at the top,regular changes in rock texture and mineral crystallization from the center to the edge on a microscopic scale,and low-angle oblique penetrations of the intrusion through sedimentary strata on a macroscopic scale.The metamorphic aureole has characteristics such as sedimentary rocks as the host rock,typical palimpsest textures developed,various low-temperature thermal metamorphic minerals developed,and medium-low grade thermal metamorphic rocks as the lithology.(3)The reservoir in contact metamorphic aureole has two types of reservoir spaces:matrix pores and fractures.The matrix pores are secondary"intergranular pores"distributed around metamorphic minerals after thermal metamorphic transformation in metasandstones.The fractures are mainly structural fractures and intrusive compressive fractures in metamudstones.The reservoirs generally have three spatial distribution characteristics:layered,porphyritic and hydrocarbon impregnation along fracture.(4)The distribution of reservoirs in the metamorphic aureole is mainly controlled by the intensity of thermal baking.Furthermore,the distribution of favorable reservoirs is controlled by the coupling of favorable lithofacies and thermal contact metamorphism,intrusive compression and hydrothermal dissolution.The proposal and application of the geological model of the intrusion contact metamorphic system are expected to promote the discovery of exploration targets of contact metamorphic rock in Nanpu sag,and provide a reference for the study and exploration of deep contact metamorphic rock reservoirs in the Bohai Bay Basin.

Influence of typhoon MITAG on the Kuroshio intrusion in the Luzon Strait during early fall 2019

Typhoons in the western Pacific have a significant impact on the transport of heat,salt and particles through the Luzon Strait.However,there are very limited field observations of this impact because of extreme difficulties and even dangers for ship-based measurements during the rough weather.Here,we present the preliminary results from analyzing a dataset collected by a glider deployed west of the Luzon Strait a few days prior to the arrival of typhoon MITAG.The gilder data revealed an abnormally salinity(>34.8)subsurface water apparently sourced from Kuroshio intrusion during the typhoon.When typhoon MITAG traveled on the east of the Luzon Strait,the positive wind stress curl strengthened the cyclonic eddy and weakened the anti-cyclonic eddy.This led to a slowdown of Kuroshio and made its intrusion easier.The main axis of the Kuroshio at the northern part of the strait shifted westward after the typhoon and did not return to its original position until a week later.The Ekman transport from persistent northerly wind of typhoon MITAG was significant,but its importance in enhancing the Kuroshio intrusion is only secondary relative to the eddies variations.

Strengthening Network Security: Deep Learning Models for Intrusion Detectionwith Optimized Feature Subset and Effective Imbalance Handling

In recent years,frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security.This paper presents a novel intrusion detection system consisting of a data prepro-cessing stage and a deep learning model for accurately identifying network attacks.We have proposed four deep neural network models,which are constructed using architectures such as Convolutional Neural Networks(CNN),Bi-directional Long Short-Term Memory(BiLSTM),Bidirectional Gate Recurrent Unit(BiGRU),and Attention mechanism.These models have been evaluated for their detection performance on the NSL-KDD dataset.To enhance the compatibility between the data and the models,we apply various preprocessing techniques and employ the particle swarm optimization algorithm to perform feature selection on the NSL-KDD dataset,resulting in an optimized feature subset.Moreover,we address class imbalance in the dataset using focal loss.Finally,we employ the BO-TPE algorithm to optimize the hyperparameters of the four models,maximizing their detection performance.The test results demonstrate that the proposed model is capable of extracting the spatiotemporal features of network traffic data effectively.In binary and multiclass experiments,it achieved accuracy rates of 0.999158 and 0.999091,respectively,surpassing other state-of-the-art methods.