Machine Learning Models for Heterogenous Network Security Anomaly Detection

The increasing amount and intricacy of network traffic in the modern digital era have worsened the difficulty of identifying abnormal behaviours that may indicate potential security breaches or operational interruptions. Conventional detection approaches face challenges in keeping up with the ever-changing strategies of cyber-attacks, resulting in heightened susceptibility and significant harm to network infrastructures. In order to tackle this urgent issue, this project focused on developing an effective anomaly detection system that utilizes Machine Learning technology. The suggested model utilizes contemporary machine learning algorithms and frameworks to autonomously detect deviations from typical network behaviour. It promptly identifies anomalous activities that may indicate security breaches or performance difficulties. The solution entails a multi-faceted approach encompassing data collection, preprocessing, feature engineering, model training, and evaluation. By utilizing machine learning methods, the model is trained on a wide range of datasets that include both regular and abnormal network traffic patterns. This training ensures that the model can adapt to numerous scenarios. The main priority is to ensure that the system is functional and efficient, with a particular emphasis on reducing false positives to avoid unwanted alerts. Additionally, efforts are directed on improving anomaly detection accuracy so that the model can consistently distinguish between potentially harmful and benign activity. This project aims to greatly strengthen network security by addressing emerging cyber threats and improving their resilience and reliability.

Game theory in network security for digital twins in industry

To ensure the safe operation of industrial digital twins network and avoid the harm to the system caused by hacker invasion,a series of discussions on network security issues are carried out based on game theory.From the perspective of the life cycle of network vulnerabilities,mining and repairing vulnerabilities are analyzed by applying evolutionary game theory.The evolution process of knowledge sharing among white hats under various conditions is simulated,and a game model of the vulnerability patch cooperative development strategy among manufacturers is constructed.On this basis,the differential evolution is introduced into the update mechanism of the Wolf Colony Algorithm(WCA)to produce better replacement individuals with greater probability from the perspective of both attack and defense.Through the simulation experiment,it is found that the convergence speed of the probability(X)of white Hat 1 choosing the knowledge sharing policy is related to the probability(x0)of white Hat 2 choosing the knowledge sharing policy initially,and the probability(y0)of white hat 2 choosing the knowledge sharing policy initially.When y0?0.9,X converges rapidly in a relatively short time.When y0 is constant and x0 is small,the probability curve of the“cooperative development”strategy converges to 0.It is concluded that the higher the trust among the white hat members in the temporary team,the stronger their willingness to share knowledge,which is conducive to the mining of loopholes in the system.The greater the probability of a hacker attacking the vulnerability before it is fully disclosed,the lower the willingness of manufacturers to choose the"cooperative development"of vulnerability patches.Applying the improved wolf colonyco-evolution algorithm can obtain the equilibrium solution of the"attack and defense game model",and allocate the security protection resources according to the importance of nodes.This study can provide an effective solution to protect the network security for digital twins in the industry.

System Architecture and Key Technologies of Network Security Situation Awareness System YHSAS

Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.

Security Model Research Based on Trusted Computing in Ad Hoc Network

With the rapid development of wireless networks,the Ad Hoc networks are widely used in many fields,but the current network security solutions for the Ad Hoc network are not competitive enough.So the critical technology of Ad Hoc network applications shall be how to implement the security scheme.Here the discussions are focused on the specific solution against the security threats which the Ad Hoc networks will face,the methodology of a management model which uses trusted computing technology to solve Ad Hoc network security problems,and the analysis and verification for the security of this model.

A network security situation prediction model based on wavelet neural network with optimized parameters

The security incidents ion networks are sudden and uncertain, it is very hard to precisely predict the network security situation by traditional methods. In order to improve the prediction accuracy of the network security situation, we build a network security situation prediction model based on Wavelet Neural Network （WNN） with optimized parameters by the Improved Niche Genetic Algorithm （INGA）. The proposed model adopts WNN which has strong nonlinear ability and fault-tolerance performance. Also, the parameters for WNN are optimized through the adaptive genetic algorithm （GA） so that WNN searches more effectively. Considering the problem that the adaptive GA converges slowly and easily turns to the premature problem, we introduce a novel niche technology with a dynamic fuzzy clustering and elimination mechanism to solve the premature convergence of the GA. Our final simulation results show that the proposed INGA-WNN prediction model is more reliable and effective, and it achieves faster convergence-speed and higher prediction accuracy than the Genetic Algorithm-Wavelet Neural Network （GA-WNN）. Genetic Algorithm-Back Propagation Neural Network （GA-BPNN） and WNN.

Multilevel security model for ad hoc networks

Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.

A New Model for Network Security Situation Assessment of the Industrial Internet

To address the problem of network security situation assessment in the Industrial Internet,this paper adopts the evidential reasoning(ER)algorithm and belief rule base(BRB)method to establish an assessment model.First,this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge.Second,the evaluation indicators are fused with expert knowledge and the ER algorithm.According to the fusion results,a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established,and the projection covariance matrix adaptive evolution strategy(P-CMA-ES)is used to optimize the model parameters.This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion.Moreover,it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data.Finally,a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method.The research results showthat this method has strong applicability to the network security situation assessment of complex Industrial Internet systems.It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures,thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.

Network Security Enhanced with Deep Neural Network-Based Intrusion Detection System

This study describes improving network security by implementing and assessing an intrusion detection system(IDS)based on deep neural networks(DNNs).The paper investigates contemporary technical ways for enhancing intrusion detection performance,given the vital relevance of safeguarding computer networks against harmful activity.The DNN-based IDS is trained and validated by the model using the NSL-KDD dataset,a popular benchmark for IDS research.The model performs well in both the training and validation stages,with 91.30%training accuracy and 94.38%validation accuracy.Thus,the model shows good learning and generalization capabilities with minor losses of 0.22 in training and 0.1553 in validation.Furthermore,for both macro and micro averages across class 0(normal)and class 1(anomalous)data,the study evaluates the model using a variety of assessment measures,such as accuracy scores,precision,recall,and F1 scores.The macro-average recall is 0.9422,the macro-average precision is 0.9482,and the accuracy scores are 0.942.Furthermore,macro-averaged F1 scores of 0.9245 for class 1 and 0.9434 for class 0 demonstrate the model’s ability to precisely identify anomalies precisely.The research also highlights how real-time threat monitoring and enhanced resistance against new online attacks may be achieved byDNN-based intrusion detection systems,which can significantly improve network security.The study underscores the critical function ofDNN-based IDS in contemporary cybersecurity procedures by setting the foundation for further developments in this field.Upcoming research aims to enhance intrusion detection systems by examining cooperative learning techniques and integrating up-to-date threat knowledge.

Fuzzy Risk Assessment Method for Airborne Network Security Based on AHP-TOPSIS

With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.

Cutting-Edge Challenges in Communication Technology and Computer Network Security

The rapid development of communication technology and computer networks has brought a lot of convenience to production and life,but it also increases the security problem.Information security has become one of the severe challenges faced by people in the digital age.Currently,the security problems facing the field of communication technology and computer networks in China mainly include the evolution of offensive technology,the risk of large-scale data transmission,the potential vulnerabilities introduced by emerging technology,and the dilemma of user identity verification.This paper analyzes the frontier challenges of communication technology and computer network security,and puts forward corresponding solutions,hoping to provide ideas for coping with the security challenges of communication technology and computer networks.

Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study

Society is becoming increasingly dependent on cyberspace for both business and pleasure. Cyber attackers continue to attack organizational computer networks, as those same computer networks become increasing critical to organizational business process. Strategic planning and managing IT security risks play an important role in the business and government planning process. Deploying defense in depth security measures can ensure that organizations continue to function in times of crisis. This quantitative study explores whether the Latin Square Design (LSD) model can be effectively applied to the prioritization of cybersecurity threats and to the linking of information assurance defense in-depth measures to those threats. The methods used in this study consisted of scanning 10 Cybersecurity Websites such as the Department of Homeland Security US CERT (United States-Computer Emergency Readiness Team [1]) and the SANS Institute (SysAdmin, Audit, Network and Security [2]) using the Likert Scale Model for the Website’s top ten list of cyber threats facing organizations and the network defense in depth measures to fight those threats. A comparison of each cybersecurity threats was then made using LSD to determine whether the Likert scale and the LSD model could be effectively applied to prioritize information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that LSD does not affect the relationship between the ranking of 10 Cybersecurity websites top ten cybersecurity threats dependent variables and the independent variables of defense in depth measures used in protecting organizational devices against cyber-attacks.

Application-Transparent Live Migration for Virtual Machine on Network Security Enhanced Hypervisor

As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.

Assessing the Risk Situation of Network Security for Active Defense

The risk situation assessment and forecast technique of network security is a basic method of active defense techniques. In order to assess the risk of network security two methods were used to define the index of risk and forecast index in time series, they were analytical hierarchy process （AHP） and support vector regression （SVR）. The module framework applied the methods above was also discussed. Experiment results showed the forecast values were so close to actual values and so it proved the approach is correct.

Network Security Incidents Frequency Prediction Based on Improved Genetic Algorithm and LSSVM

Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.

Network Security Situation Prediction Based on TCAN-BiGRU Optimized by SSA and IQPSO

The accuracy of historical situation values is required for traditional network security situation prediction(NSSP).There are discrepancies in the correlation and weighting of the various network security elements.To solve these problems,a combined prediction model based on the temporal convolution attention network(TCAN)and bi-directional gate recurrent unit(BiGRU)network is proposed,which is optimized by singular spectrum analysis(SSA)and improved quantum particle swarmoptimization algorithm(IQPSO).This model first decomposes and reconstructs network security situation data into a series of subsequences by SSA to remove the noise from the data.Furthermore,a prediction model of TCAN-BiGRU is established respectively for each subsequence.TCAN uses the TCN to extract features from the network security situation data and the improved channel attention mechanism(CAM)to extract important feature information from TCN.BiGRU learns the before-after status of situation data to extract more feature information from sequences for prediction.Besides,IQPSO is proposed to optimize the hyperparameters of BiGRU.Finally,the prediction results of the subsequence are superimposed to obtain the final predicted value.On the one hand,IQPSO compares with other optimization algorithms in the experiment,whose performance can find the optimum value of the benchmark function many times,showing that IQPSO performs better.On the other hand,the established prediction model compares with the traditional prediction methods through the simulation experiment,whose coefficient of determination is up to 0.999 on both sets,indicating that the combined prediction model established has higher prediction accuracy.

Key Technologies of Wireless Heterogeneous Network Security

Convergence and collaboration of heterogeneous networks in the next generation public mobile networks will be a subject of universal significance. Convergence of heterogeneous networks, as an effective approach to improve the coverage and capacity of public mobile network, to enable communication services, to provide Internet access and to enable mobile computing from everywhere, has drawn widespread attention for its good prospects in application. Construction of security system for wireless heterogeneous networks and development of new security models, key security techniques and approaches are critical and mandatory in heterogeneous networks development. Key technology of wireless heterogeneous networks security covers security routing protocol, access authentication, intrusion detection system, cooperative communication between nodes, etc.

Study on Network Security Architecture for Power Systems

The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

Research on the Construction of Computer Network Security System in Middle School Campus Network

In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.

Application of mobile scanning agent in the network security

To enhance the security of network systems, puts forward a kind of software agent is put forward, which has the induction ability of network frameworks and the ability of behavior independence. It is mobile scanning agent. More attentions is paid to expound how to design and realize mobile scanning agent. Besides, it is also explained the programs of mobile scanning agent system. In the end, it expects mobile scanning agent.

A network security situation awareness method based on layered attack graph

The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.