Fig 1 - available from: Journal of Big Data
This content is subject to copyright. Terms and conditions apply.
Source publication
![Fig. 1 SVM [6]. Shows the main concept of SVM. Its margins and support...](publication/343997587/figure/fig1/AS:937356299341825@1600494565860/SVM-6-Shows-the-main-concept-of-SVM-Its-margins-and-support-vectors_Q320.jpg)
![Fig. 3 LSTM architecture [39]. Shows in details architecture of long...](publication/343997587/figure/fig2/AS:937356299337730@1600494565977/LSTM-architecture-39-Shows-in-details-architecture-of-long-short-term-memory_Q320.jpg)
![Fig. 6 Statistics about NSL-KDD testing dataset [3]. Shows Statistics...](publication/343997587/figure/fig3/AS:937356303552512@1600494566008/Statistics-about-NSL-KDD-testing-dataset-3-Shows-Statistics-about-NSL-KDD-training_Q320.jpg)
![Fig. 9 Big data with deep learning performance optimization [36, 37]....](publication/343997587/figure/fig4/AS:937356303544320@1600494566035/Big-data-with-deep-learning-performance-optimization-36-37-Shows-performance_Q320.jpg)
Abstract Anomaly-based Intrusion Detection System (IDS) has been a hot research topic because of its ability to detect new threats rather than only memorized signatures threats of signature-based IDS. Especially after the availability of advanced technologies that increase the number of hacking tools and increase the risk impact of an attack. The p...
Context in source publication
Context 1
... studying how to increase the performance on small datasets, which is very important because the insights we can get from such researches can be implemented in big data researches. This paper is considered under the second way. We propose implementing deep learning instead of traditional learning. We choose to compare our works with SVM, shown in Fig. 1. Because SVM is the most popular traditional learning model used in network security and intrusion detection systems along years even in the era of big data. SVM has received a lot of interest in IDS optimization domain because it has proved by lots [6]. Shows the main concept of SVM. Its margins and support vectors Al Jallad et al. J ...
Similar publications
A monitoring system that can identify and assess abnormal activity is known as an intrusion detection system (IDS), and it is crucial in protecting the network against attacks. In an imbalanced dataset, the classification accuracy of the predictive model will decrease and the training time will be relatively long. The Hybrid Seagull Optimized ResNe...
Intrusion Detection Systems (IDS) plays a crucial role in the security of modern computer systems and networks. They continuously monitor the activity on a network, looking for any signs of unauthorized access or malicious behavior. Therefore, the main objective of developers is the improvement of Intrusion Detection Systems to control network secu...
The evolution of cybersecurity is undoubtedly associated and intertwined with the development and improvement of artificial intelligence (AI). As a key tool for realizing more cybersecure ecosystems, Intrusion Detection Systems (IDSs) have evolved tremendously in recent years by integrating machine learning (ML) techniques for the detection of incr...
With vast amounts of data being generated daily and the ever increasing interconnectivity of the world's internet infrastructures, a machine learning based Intrusion Detection Systems (IDS) has become a vital component to protect our economic and national security. Previous shallow learning and deep learning strategies adopt the single learning mod...
The train communication Ethernet (TCE) of modern intelligent trains is under an ever-increasing threat of serious network attacks. Denial of service (DoS) and man in the middle (MITM), the two most destructive attacks against TCE, are difficult to detect by conventional methods. Aiming at their highly time-correlated properties, a novel dynamic tem...
Citations
... For instance, a legitimate but uncommon use of network resources or atypical but authorized system configurations might be incorrectly perceived as intrusions. These false positives can lead to unnecessary disruptions and require additional resources to investigate and address, which can strain the security team's resources and potentially divert attention from genuine threats [35,36]. ...
... Kwon et al. [22] observed that the growing aspects of machine learning i.e. volume, variety, and velocity, veracity, value, variability, and venue are delineated and highlighted that these characteristics are ambiguous when the data being used for machine learning purposes. Al Jallad et al. [23] proposed the approach in which the four methods including fourteen benchmarks to systematically profile the datasets gathered from various devices in order to differentiate the devices and record their positive and negative impacts. Anomaly detection is an emerging technique and plays a significant role in securing the network [24]. ...
The exposure of zero trust security in the Industrial Internet of Things (IIoT) increased in importance in the era where there is a huge risk of injection of malicious entities and owning the device by an unauthorized user. The gap in the existing approach of zero trust security is that continuous verification of devices is a time-consuming process and adversely affects the promising nature of the zero-trust model. Every time the node enters, even if the node is a member of the network, authorization of the node is necessary to ensure authenticity. This verification section of zero trust hinders the seamless working of the IIoT infrastructure. Therefore, the main objective of this paper is to propose the solution for the above-mentioned problem by enabling “device profiling” via deep reinforcement learning so that the same device can be identified and permitted access without hindering the working of Industrial Internet of Things infrastructure. The overall proposed approach works in different phases including the compression function for ensuring data confidentiality and integrity, then the device profiling is performed based on the features a device possesses, and lastly, deep reinforcement learning for anomaly detection. To test and validate the proposed approach, extensive experimentations were performed using measures such as false positive rate, data confidentiality rate, data integrity rate, and network access time, and results showed that the proposed technique titled “MMODPAD-DRL” outperforms the existing approaches in false positive rate by 27%, data confidentiality rate by 4% and data integrity rate by 3%, in addition, lessen the network access time by 20%.
... Various machine learning algorithms are available, often enabling higher detection rates and optimal computation in intrusion detection systems [4,5]. However, machine learning-based intrusion detection system is used with caution because they can suffer from a high number of false positives [4,6,7]. ...
... Various machine learning algorithms are available, often enabling higher detection rates and optimal computation in intrusion detection systems [4,5]. However, machine learning-based intrusion detection system is used with caution because they can suffer from a high number of false positives [4,6,7]. The key to developing such an IDS is the ability to efficiently extract and select features that truly represent network traffic. ...
The increasing demand for communication between networked devices connected either through an intranet or the internet increases the need for a reliable and accurate network defense mechanism. Network intrusion detection systems (NIDSs), which are used to detect malicious or anomalous network traffic, are an integral part of network defense. This research aims to address some of the issues faced by anomaly-based network intrusion detection systems. In this research, we first identify some limitations of the legacy NIDS datasets, including a recent CICIDS2017 dataset, which lead us to develop our novel dataset, CIPMAIDS2023-1. Then, we propose a stacking-based ensemble approach that outperforms the overall state of the art for NIDS. Various attack scenarios were implemented along with benign user traffic on the network topology created using graphical network simulator-3 (GNS-3). Key flow features are extracted using cicflowmeter for each attack and are evaluated to analyze their behavior. Several different machine learning approaches are applied to the features extracted from the traffic data, and their performance is compared. The results show that the stacking-based ensemble approach is the most promising and achieves the highest weighted F1-score of 98.24%.
... The continuous-time nature of the system enables the reservoir to process input signals in real-time without discretization, which is particularly useful in applications where the input signal is a continuous data stream. However, it can be more difficult to train and optimize than discrete-time RC due to the complexity of the reservoir dynamics [8,10]. The proposed CTRC's system parameters are optimized using the RL method to overcome these challenges. ...
Cybersecurity systems have become increasingly important as businesses and individuals rely more on technology. However, the increasing complexity of these systems and the evolving nature of cyber threats require innovative solutions to protect against cyber attacks. One promising approach is the idea of autonomous self-learning and auto-training neural architectures. Autonomous self-learning refers to the ability of the system to adapt to new threats and learn from past experiences without human intervention. Auto-training, on the other hand, refers to the ability of the system to improve its performance over time by automatically adjusting its parameters and algorithms. This research proposes an autonomous Self-Learning and Self-Adversarial Training (SLSAT) neural architecture for intelligent and resilient cyber security systems. It is an extension of the next-generation Continuous-Time Reservoir Computing (CTRC) that was proposed by the authors recently. The CTRC is a time-series anomaly detection system controlled by time-varying differential equations. It uses Reinforcement Learning (RL) to dynamically fine-tune the reservoir computing parameters in order to identify the aberrant changes in the data. The proposed method in this research improves the CTRC’s architecture by including a Conditional Tabular Generative Adversarial Network (CTGAN). Specifically, including CTGAN allows the SLSAT architecture to generate synthetic data based on the identified abnormalities to improve the model’s performance and adapt to new and evolving threats without manual intervention. This, as proved experimentally, helps the model identify aberrant changes in the data and fend off poison and zero-day attacks.KeywordsReservoir ComputingContinuous-Time Reservoir ComputingCyber DefenseTime Series Analysis
... In big data, the anomalies are detected and reduced the FPR by developing a DL approach in [19]. ML and DL methods were compared in the study. ...
... In NIDS, various ML/DL techniques are used for detection, therefore, RF [18,21] and classic CNN [16,17,19] along with Bidirectional Long Short-Term Memory (B-LSTM) [17] networks are considered as existing techniques for comparison performance, which is shown in Table 3 and Figure 4. In NSL-KDD dataset, the performance of all classification techniques are not really good, the major reason is that number of samples is very less in the attacks categories during training sets. ...
The widespread development of the Internet of Things (IoT) is known throughout the world. The 2016 Dyn cyberattack revealed significant flaws among smart grids. IoT security has become one of the top concerns. The security of the entire IoT environment is affected by the affected networks that are connected to the risks posed by contacts. Nowadays, the diversity and complexity are evolved by defense attack vectors in recent times. It is one of the important things to prevent, identify or detect the new attacks in the IoT environment by analyzing the techniques. Therefore, network intrusion detection systems (NIDS) play an important role in protecting computer networks. Detection of security-related events using machine learning approaches has been extensively explored in the past. In particular, machine learning-based web browsing detection has attracted a lot of attention due to its ability to detect unknown attacks. Many classification techniques such as Decision tree (DT), Support Vector Machine (SVM) have been used for that purpose, but they were mostly classical schemes, like final trees. In this study, the use of deep learning technique is explored for NIDS. Initially, the noise samples are minimized in the majority segment by using One-Sided Selection (OSS) and then, Synthetic Minority Over-sampling Technique (SMOTE) is used to develop the minority samples for creating the balanced datasets. In this way, the research work is used to fully understand the characteristics of minority models and greatly reduce the sample training time. Second, we use a one-dimensional convolutional neural network (1D-CNN) with the Chimp optimization algorithm (COA) to extract the features, creating a hierarchical network model (HNM). The research work tested the classification accuracy of CNN-COA with existing techniques and its performance is verified by experiments in the NSL-KDD database. The proposed model achieved 87.19% of accuracy, 88% to 89% of precision and recall, where the existing model CNN achieved 81.75% of accuracy and 82% of precision and recall.
... The comparison between ANTA and BANTA is based on the following factors that are considered in a comprehensive evaluation of this use case [30]: ...
Network traffic analysis can raise privacy concerns due to its ability to reveal sensitive information about individuals and organizations. This paper proposes a privacy-preserving Block-chained AutoML Network Traffic Analyzer (BANTA). The system securely stores network traffic logs in a decentralized manner, providing transparency and security. Differential privacy algorithms protect sensitive information in the network flow logs while allowing administrators to analyze network traffic without the risk of leakages. The BANTA uses blockchain technology, where smart contracts automate the process of network traffic analysis, and a multi-signature system ensures the system's security, safety, and reliability. The proposed approach was evaluated using a real-world network traffic dataset. The results demonstrate the system's high accuracy and real-time anomaly detection capabilities, which makes it well-suited for scalable cybersecurity operations. The system's privacy protection, decentralized storage, automation, multi-signature system, and real-world effectiveness ensure that the organization's data is private, secure, and effectively protected from cyber threats, which are the most vexing issue of modern cyber-physical systems.
... It is critical to protect endpoint devices from tampering and data manipulation, which could result in inaccurate event reporting. When abnormal behaviour is detected [42], [43], a wide range of actions should be taken as part of an overall system security policy, such as revoking device credentials or quarantining an IoT device. This automatic monitoranalyze-act cycle can be run in real-time or later to identify usage patterns and potential attack scenarios [44]. 5. Management of the security lifecycle. ...
Thanks to rapid technological developments, new innovative solutions and practical applications of the Industrial Internet of Things (IIoT) are being created, upgrading the structures of many industrial enterprises. IIoT brings the physical and digital environment together with minimal human intervention and profoundly transforms the economy and modern business. Data flowing through IIoT feed artificial intelligence tools, which perform intelligent functions such as performance tuning of interconnected machines, error correction, and preventive maintenance. However, IIoT deployments are vulnerable to sophisticated security threats at various levels of the connectivity and communications infrastructure they incorporate. The complex and often heterogeneous nature of chaotic IIoT infrastructures means that availability, confidentiality and integrity are difficult to guarantee. This can lead to potential mistrust of network operations, concerns about privacy breaches or loss of vital personal data and sensitive information of network end-users. This paper examines the privacy requirements of an IIoT ecosystem in industry standards. Specifically, it describes the industry privacy dimensions of the protection of natural persons through the processing of personal data by competent authorities for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. In addition, it presents an overview of the state-of-the-art methodologies and solutions for industrial privacy threats. Finally, it analyses the privacy requirements and suggestions for an ideal secure and private IIoT environment.
... or in legacy, outdated or non-updated systems that lack the prevention capabilities to defend them against known vulnerabilities. However, they're plagued by the high number of false-positive detection rates [4]. Regarding vulnerabilities, there has been a shift in how cyber-attackers attack and compromise systems. ...
Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.
... Besides, selecting the most represented features for the training significantly affects the DDoS attack identification efficiency of the non-model-based methods [48]. Furthermore, machine learning methods often suffer from a long detection time and high rates of false positives because anomaly-based methods usually classify unseen patterns as threats where they may be normal but not included in the training dataset [49]. However, on the other sides, because the dynamic models of the ECB system are well-known, it provides an excellent chance to utilize the models to generate an expert system for anomalies detection. ...
Leveraging cloud computing resources and previews in intelligent transportation systems to improve electric city buses (ECBs) energy system performance is an emerging topic. However, internet connectivity will expose the ECB to cyberattacks, which will cause service interruption and downstream financial implications. In this study, detection and protection systems are designed under a proposed architecture for ECBs with Vehicle-to-Cloud connectivity to address the denial-of-service (DDoS) attack. The analysis conducted in this paper shows that the distributed DDoS attack is most crucial because it is easy to be launched and hard to be defended. By overwhelming traffics with spam, DDoS attacks can easily cut off the vehicle connection to cloud servers and disable all (compromised and surviving) ECBs that rely on vehicle-to-cloud connectivity. The simulation results indicate that, even though 99.9% of ECBs in the system are compromised and converted to attacking sources, with the proposed security systems in the cloud, the blocking probability between servers and surviving filed devices is kept below 28.08%. Besides, for a surviving field device protected by the proposed approach, harsh DDoS attacks only degrade the energy efficiency and battery life performance of the tested energy management system by 0.2288% when compared to the benchmark results.
... Second, the simple behavior patterns of the IoT devices make anomaly detection effective. In conventional systems, anomaly-detection mechanisms may have high false-positive rates [26]. The reason is that general-purpose systems run many different applications, which have often complex behaviors difficult to profile and predict. ...
This chapter focuses on techniques to detect attacks on internet of things (IoT) devices. It reviews intrusion detection systems (IDSes) proposed for IoT devices and categorizes the IDSes according to the research challenges they aim to address and their core techniques. The chapter also categorizes the IDSes based on the threats that they aim to prevent, such as routing attacks in IPv6 over low‐power wireless personal area networks (6LoWPAN). It describes the IDSes concerning: from where the IDS collects logs to be analyzed (i.e. host‐based or network‐based); the type of architectures the IDS uses (i.e. centralized, decentralized, or distributed); and the type of detection mechanism that the IDS relies on (i.e. signature‐based, anomaly‐based, or hybrid). The IDSes that deal with complex attacks should enable the protection of IoT devices from advanced threats.
