Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 ...Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.展开更多
Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traff...Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks.This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods,IDS techniques,IDS placement strategies,and traffic data analysis techniques.This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions.Specifically,the Knowledge Discovery in Databases(KDD)Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network(WN).The paper starts with a review of various intrusion detection techniques,data collection methods and placement methods.The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment.Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities.So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment.The main wireless environments to look into would be Wireless Sensor Networks(WSN),Mobile Ad Hoc Networks(MANET)and IoT as this are the future trends and a lot of attacks have been targeted into these networks.So it is very crucial to design an IDS specifically to target on the wireless networks.展开更多
Machine learning is a technique that is widely employed in both the academic and industrial sectors all over the world.Machine learning algorithms that are intuitive can analyse risks and respond swiftly to breaches a...Machine learning is a technique that is widely employed in both the academic and industrial sectors all over the world.Machine learning algorithms that are intuitive can analyse risks and respond swiftly to breaches and security issues.It is crucial in offering a proactive security system in the field of cybersecurity.In real time,cybersecurity protects information,information systems,and networks from intruders.In the recent decade,several assessments on security and privacy estimates have noted a rapid growth in both the incidence and quantity of cybersecurity breaches.At an increasing rate,intruders are breaching information security.Anomaly detection,software vulnerability diagnosis,phishing page identification,denial of service assaults,and malware identification are the foremost cyber-security concerns that require efficient clarifications.Practitioners have tried a variety of approaches to address the present cybersecurity obstacles and concerns.In a similar vein,the goal of this research is to assess the idealness of machine learning-based intrusion detection systems under fuzzy conditions using a Multi-Criteria Decision Making(MCDM)-based Analytical Hierarchy Process(AHP)and a Technique for Order of Preference by Similarity to Ideal-Solutions(TOPSIS).Fuzzy sets are ideal for dealing with decision-making scenarios in which experts are unsure of the best course of action.The projected work would support practitioners in identifying,prioritising,and selecting cybersecurityrelated attributes for intrusion detection systems,allowing them to design more optimal and effective intrusion detection systems.展开更多
Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approache...Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approaches for data extraction and machine learning to find anomalies.In terms of feature selection,NIDS is far more effective.This is accurate since anomaly identification uses a number of time-consuming features.Because of this,the feature selec-tion method influences how long it takes to analyze movement patterns and how clear it is.The goal of the study is to provide NIDS with an attribute selection approach.PSO has been used for that purpose.The Network Intrusion Detection System that is being developed will be able to identify any malicious activity in the network or any unusual behavior in the network,allowing the identification of the illegal activities and safeguarding the enormous amounts of confidential data belonging to the customers from being compromised.In the research,datasets were produced utilising both a network infrastructure and a simulation network.Wireshark is used to gather data packets whereas Cisco Packet Tracer is used to build a network in a simulated environment.Additionally,a physical network consisting of six node MCUs connected to a laptop and a mobile hotspot,has been built and communication packets are being recorded using the Wireshark tool.To train several machine learning models,all the datasets that were gatheredcre-ated datasets from our own studies as well as some common datasets like NSDL and UNSW acquired from Kaggle-were employed.Additionally,PsO,which is an optimization method,has been used with these ML algorithms for feature selection.In the research,KNN,decision trees,and ANN have all been combined with PSO for a specific case study.And it was found demonstrated the classification methods PSO+ANN outperformed PSO+KNN and PSO+DT in this case study.展开更多
The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Gener...The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.展开更多
Wireless Sensor Network(WSN),whichfinds as one of the major components of modern electronic and wireless systems.A WSN consists of numerous sensor nodes for the discovery of sensor networks to leverage features like d...Wireless Sensor Network(WSN),whichfinds as one of the major components of modern electronic and wireless systems.A WSN consists of numerous sensor nodes for the discovery of sensor networks to leverage features like data sensing,data processing,and communication.In thefield of medical health care,these network plays a very vital role in transmitting highly sensitive data from different geographic regions and collecting this information by the respective network.But the fear of different attacks on health care data typically increases day by day.In a very short period,these attacks may cause adversarial effects to the WSN nodes.Furthermore,the existing Intrusion Detection System(IDS)suffers from the drawbacks of limited resources,low detection rate,and high computational overhead and also increases the false alarm rates in detecting the different attacks.Given the above-mentioned problems,this paper proposes the novel MegaBAT optimized Long Short Term Memory(MBOLT)-IDS for WSNs for the effective detection of different attacks.In the proposed framework,hyperpara-meters of deep Long Short-Term Memory(LSTM)were optimized by the meta-heuristic megabat algorithm to obtain a low computational overhead and high performance.The experimentations have been carried out using(Wireless Sensor NetworkDetection System)WSN-DS datasets and performance metrics such as accuracy,recall,precision,specificity,and F1-score are calculated and compared with the other existing intelligent IDS.The proposed framework provides outstanding results in detecting the black hole,gray hole,scheduling,flooding attacks and significantly reduces the time complexity,which makes this system suitable for resource-constraint WSNs.展开更多
Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,f...Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.展开更多
The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati...The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.展开更多
Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economi...Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economic losses and even endanger national security.It is hoped that an effective security method can systematically classify intrusion data in order to avoid leakage of important data or misuse of data.As machine learning technology matures,deep learning is widely used in various industries.Combining deep learning with network security and intrusion detection is the current trend.In this paper,the problem of data classification in intrusion detection system is studied.We propose an intrusion detection model based on stack bidirectional long short-term memory(LSTM),introduce stack bidirectional LSTM into the field of intrusion detection and apply it to the intrusion detection.In order to determine the appropriate parameters and structure of stack bidirectional LSTM network,we have carried out experiments on various network structures and parameters and analyzed the experimental results.The classic KDD Cup’1999 dataset was selected for experiments so that we can obtain convincing and comparable results.Experimental results derived from the KDD Cup’1999 dataset show that the network with three hidden layers containing 80 LSTM cells is superior to other algorithms in computational cost and detection performance due to stack bidirectional LSTM model’s ability to review time and correlate with connected records continuously.The experiment shows the effectiveness of stack bidirectional LSTM network in intrusion detection.展开更多
Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in c...Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.展开更多
As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respo...As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.展开更多
The static nature of cyber defense systems gives attackers a sufficient amount of time to explore and further exploit the vulnerabilities of information technology systems.In this paper,we investigate a problem where ...The static nature of cyber defense systems gives attackers a sufficient amount of time to explore and further exploit the vulnerabilities of information technology systems.In this paper,we investigate a problem where multiagent sys-tems sensing and acting in an environment contribute to adaptive cyber defense.We present a learning strategy that enables multiple agents to learn optimal poli-cies using multiagent reinforcement learning(MARL).Our proposed approach is inspired by the multiarmed bandits(MAB)learning technique for multiple agents to cooperate in decision making or to work independently.We study a MAB approach in which defenders visit a system multiple times in an alternating fash-ion to maximize their rewards and protect their system.We find that this game can be modeled from an individual player’s perspective as a restless MAB problem.We discover further results when the MAB takes the form of a pure birth process,such as a myopic optimal policy,as well as providing environments that offer the necessary incentives required for cooperation in multiplayer projects.展开更多
基金supported by National Natural Science Foundation of China (No. 60873208)
文摘Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.
基金The authors acknowledge Jouf University,Saudi Arabia for his funding support.
文摘Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks.This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods,IDS techniques,IDS placement strategies,and traffic data analysis techniques.This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions.Specifically,the Knowledge Discovery in Databases(KDD)Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network(WN).The paper starts with a review of various intrusion detection techniques,data collection methods and placement methods.The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment.Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities.So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment.The main wireless environments to look into would be Wireless Sensor Networks(WSN),Mobile Ad Hoc Networks(MANET)and IoT as this are the future trends and a lot of attacks have been targeted into these networks.So it is very crucial to design an IDS specifically to target on the wireless networks.
基金Funding for this study was received fromthe Ministry of Education and Deanship of Scientific Research at King Abdulaziz University,Kingdom of Saudi Arabia under the Grant No.IFPHI-268-611-2020.
文摘Machine learning is a technique that is widely employed in both the academic and industrial sectors all over the world.Machine learning algorithms that are intuitive can analyse risks and respond swiftly to breaches and security issues.It is crucial in offering a proactive security system in the field of cybersecurity.In real time,cybersecurity protects information,information systems,and networks from intruders.In the recent decade,several assessments on security and privacy estimates have noted a rapid growth in both the incidence and quantity of cybersecurity breaches.At an increasing rate,intruders are breaching information security.Anomaly detection,software vulnerability diagnosis,phishing page identification,denial of service assaults,and malware identification are the foremost cyber-security concerns that require efficient clarifications.Practitioners have tried a variety of approaches to address the present cybersecurity obstacles and concerns.In a similar vein,the goal of this research is to assess the idealness of machine learning-based intrusion detection systems under fuzzy conditions using a Multi-Criteria Decision Making(MCDM)-based Analytical Hierarchy Process(AHP)and a Technique for Order of Preference by Similarity to Ideal-Solutions(TOPSIS).Fuzzy sets are ideal for dealing with decision-making scenarios in which experts are unsure of the best course of action.The projected work would support practitioners in identifying,prioritising,and selecting cybersecurityrelated attributes for intrusion detection systems,allowing them to design more optimal and effective intrusion detection systems.
文摘Network Intrusion Detection Systems(NIDS)are utilized to find hostile network connections.This can be accom-plished by looking at traffic network activity,but it takes a lot of work.The NIDS heavily utilizes approaches for data extraction and machine learning to find anomalies.In terms of feature selection,NIDS is far more effective.This is accurate since anomaly identification uses a number of time-consuming features.Because of this,the feature selec-tion method influences how long it takes to analyze movement patterns and how clear it is.The goal of the study is to provide NIDS with an attribute selection approach.PSO has been used for that purpose.The Network Intrusion Detection System that is being developed will be able to identify any malicious activity in the network or any unusual behavior in the network,allowing the identification of the illegal activities and safeguarding the enormous amounts of confidential data belonging to the customers from being compromised.In the research,datasets were produced utilising both a network infrastructure and a simulation network.Wireshark is used to gather data packets whereas Cisco Packet Tracer is used to build a network in a simulated environment.Additionally,a physical network consisting of six node MCUs connected to a laptop and a mobile hotspot,has been built and communication packets are being recorded using the Wireshark tool.To train several machine learning models,all the datasets that were gatheredcre-ated datasets from our own studies as well as some common datasets like NSDL and UNSW acquired from Kaggle-were employed.Additionally,PsO,which is an optimization method,has been used with these ML algorithms for feature selection.In the research,KNN,decision trees,and ANN have all been combined with PSO for a specific case study.And it was found demonstrated the classification methods PSO+ANN outperformed PSO+KNN and PSO+DT in this case study.
文摘The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.
文摘Wireless Sensor Network(WSN),whichfinds as one of the major components of modern electronic and wireless systems.A WSN consists of numerous sensor nodes for the discovery of sensor networks to leverage features like data sensing,data processing,and communication.In thefield of medical health care,these network plays a very vital role in transmitting highly sensitive data from different geographic regions and collecting this information by the respective network.But the fear of different attacks on health care data typically increases day by day.In a very short period,these attacks may cause adversarial effects to the WSN nodes.Furthermore,the existing Intrusion Detection System(IDS)suffers from the drawbacks of limited resources,low detection rate,and high computational overhead and also increases the false alarm rates in detecting the different attacks.Given the above-mentioned problems,this paper proposes the novel MegaBAT optimized Long Short Term Memory(MBOLT)-IDS for WSNs for the effective detection of different attacks.In the proposed framework,hyperpara-meters of deep Long Short-Term Memory(LSTM)were optimized by the meta-heuristic megabat algorithm to obtain a low computational overhead and high performance.The experimentations have been carried out using(Wireless Sensor NetworkDetection System)WSN-DS datasets and performance metrics such as accuracy,recall,precision,specificity,and F1-score are calculated and compared with the other existing intelligent IDS.The proposed framework provides outstanding results in detecting the black hole,gray hole,scheduling,flooding attacks and significantly reduces the time complexity,which makes this system suitable for resource-constraint WSNs.
文摘Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.
文摘The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.
基金This work was supported by Scientific Research Starting Project of SWPU[Zheng,D.,No.0202002131604]Major Science and Technology Project of Sichuan Province[Zheng,D.,No.8ZDZX0143]+1 种基金Ministry of Education Collaborative Education Project of China[Zheng,D.,No.952]Fundamental Research Project[Zheng,D.,Nos.549,550].
文摘Nowadays,Internet has become an indispensable part of daily life and is used in many fields.Due to the large amount of Internet traffic,computers are subject to various security threats,which may cause serious economic losses and even endanger national security.It is hoped that an effective security method can systematically classify intrusion data in order to avoid leakage of important data or misuse of data.As machine learning technology matures,deep learning is widely used in various industries.Combining deep learning with network security and intrusion detection is the current trend.In this paper,the problem of data classification in intrusion detection system is studied.We propose an intrusion detection model based on stack bidirectional long short-term memory(LSTM),introduce stack bidirectional LSTM into the field of intrusion detection and apply it to the intrusion detection.In order to determine the appropriate parameters and structure of stack bidirectional LSTM network,we have carried out experiments on various network structures and parameters and analyzed the experimental results.The classic KDD Cup’1999 dataset was selected for experiments so that we can obtain convincing and comparable results.Experimental results derived from the KDD Cup’1999 dataset show that the network with three hidden layers containing 80 LSTM cells is superior to other algorithms in computational cost and detection performance due to stack bidirectional LSTM model’s ability to review time and correlate with connected records continuously.The experiment shows the effectiveness of stack bidirectional LSTM network in intrusion detection.
文摘Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.
文摘As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.
基金This work is funded by the Deanship of Scientific Research(DSR)the University of Jeddah,under Grant No.(UJ-22-DR-1).
文摘The static nature of cyber defense systems gives attackers a sufficient amount of time to explore and further exploit the vulnerabilities of information technology systems.In this paper,we investigate a problem where multiagent sys-tems sensing and acting in an environment contribute to adaptive cyber defense.We present a learning strategy that enables multiple agents to learn optimal poli-cies using multiagent reinforcement learning(MARL).Our proposed approach is inspired by the multiarmed bandits(MAB)learning technique for multiple agents to cooperate in decision making or to work independently.We study a MAB approach in which defenders visit a system multiple times in an alternating fash-ion to maximize their rewards and protect their system.We find that this game can be modeled from an individual player’s perspective as a restless MAB problem.We discover further results when the MAB takes the form of a pure birth process,such as a myopic optimal policy,as well as providing environments that offer the necessary incentives required for cooperation in multiplayer projects.