1
|
Strickland C, Zakar M, Saha C, Soltani Nejad S, Tasnim N, Lizotte DJ, Haque A. DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection. SENSORS (BASEL, SWITZERLAND) 2024; 24:2746. [PMID: 38732852 PMCID: PMC11086058 DOI: 10.3390/s24092746] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 04/01/2024] [Revised: 04/19/2024] [Accepted: 04/23/2024] [Indexed: 05/13/2024]
Abstract
Our increasingly connected world continues to face an ever-growing number of network-based attacks. An Intrusion Detection System (IDS) is an essential security technology used for detecting these attacks. Although numerous Machine Learning-based IDSs have been proposed for the detection of malicious network traffic, the majority have difficulty properly detecting and classifying the more uncommon attack types. In this paper, we implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our GAN model is trained on the NSL-KDD dataset, a publicly available collection of labeled network traffic data specifically designed to support the evaluation and benchmarking of IDSs. Ultimately, our findings demonstrate that training the DRL model on synthetic datasets generated by specific GAN models can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.
Collapse
|
2
|
Dhiman P, Saini N, Gulzar Y, Turaev S, Kaur A, Nisa KU, Hamid Y. A Review and Comparative Analysis of Relevant Approaches of Zero Trust Network Model. SENSORS (BASEL, SWITZERLAND) 2024; 24:1328. [PMID: 38400486 PMCID: PMC10892953 DOI: 10.3390/s24041328] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/17/2023] [Revised: 11/20/2023] [Accepted: 12/21/2023] [Indexed: 02/25/2024]
Abstract
The Zero Trust safety architecture emerged as an intriguing approach for overcoming the shortcomings of standard network security solutions. This extensive survey study provides a meticulous explanation of the underlying principles of Zero Trust, as well as an assessment of the many strategies and possibilities for effective implementation. The survey begins by examining the role of authentication and access control within Zero Trust Architectures, and subsequently investigates innovative authentication, as well as access control solutions across different scenarios. It more deeply explores traditional techniques for encryption, micro-segmentation, and security automation, emphasizing their importance in achieving a secure Zero Trust environment. Zero Trust Architecture is explained in brief, along with the Taxonomy of Zero Trust Network Features. This review article provides useful insights into the Zero Trust paradigm, its approaches, problems, and future research objectives for scholars, practitioners, and policymakers. This survey contributes to the growth and implementation of secure network architectures in critical infrastructures by developing a deeper knowledge of Zero Trust.
Collapse
|
3
|
Kang H, Liu G, Wang Q, Meng L, Liu J. Theory and Application of Zero Trust Security: A Brief Survey. ENTROPY (BASEL, SWITZERLAND) 2023; 25:1595. [PMID: 38136475 PMCID: PMC10742574 DOI: 10.3390/e25121595] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/18/2023] [Revised: 11/18/2023] [Accepted: 11/24/2023] [Indexed: 12/24/2023]
Abstract
As cross-border access becomes more frequent, traditional perimeter-based network security models can no longer cope with evolving security requirements. Zero trust is a novel paradigm for cybersecurity based on the core concept of "never trust, always verify". It attempts to protect against security risks related to internal threats by eliminating the demarcations between the internal and external network of traditional network perimeters. Nevertheless, research on the theory and application of zero trust is still in its infancy, and more extensive research is necessary to facilitate a deeper understanding of the paradigm in academia and the industry. In this paper, trust in cybersecurity is discussed, following which the origin, concepts, and principles related to zero trust are elaborated on. The characteristics, strengths, and weaknesses of the existing research are analysed in the context of zero trust achievements and their technical applications in Cloud and IoT environments. Finally, to support the development and application of zero trust in the future, the concept and its current challenges are analysed.
Collapse
|
4
|
Cassottana B, Roomi MM, Mashima D, Sansavini G. Resilience analysis of cyber-physical systems: A review of models and methods. RISK ANALYSIS : AN OFFICIAL PUBLICATION OF THE SOCIETY FOR RISK ANALYSIS 2023; 43:2359-2379. [PMID: 36646448 DOI: 10.1111/risa.14089] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/17/2023]
Abstract
Cyber-physical systems (CPSs) are monitored and controlled by a computing and communicating core. This cyber layer enables better management of the controlled subsystem, but it also introduces threats to the security and protection of CPSs, as demonstrated by recent cyberattacks. The resulting governance and policy emphasis on cybersecurity is reflected in the academia by a vast body of literature. In this article, we systematize existing knowledge on CPS analysis. Specifically, we focus on the quantitative assessment of CPSs before and after the occurrence of a disruption. Through the systematic analysis of the models and methods adopted in the literature, we develop a CPS resilience assessment framework consisting of three steps, namely, (1) CPS description, (2) disruption scenario identification, and (3) resilience strategy selection. For each step of the framework, we suggest established methods for CPS analysis and suggest four criteria for method selection. The framework proposes a standardized workflow to assess the resilience of CPSs before and after the occurrence of a disruption. The application of the proposed framework is exemplified with reference to a power substation and associated communication network.The case study shows that the proposed framework supports resilience decision making by quantifying the effects of the implementation of resilience strategies.
Collapse
|
5
|
Ramzan M, Shoaib M, Altaf A, Arshad S, Iqbal F, Castilla ÁK, Ashraf I. Distributed Denial of Service Attack Detection in Network Traffic Using Deep Learning Algorithm. SENSORS (BASEL, SWITZERLAND) 2023; 23:8642. [PMID: 37896735 PMCID: PMC10611275 DOI: 10.3390/s23208642] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/13/2023] [Revised: 10/09/2023] [Accepted: 10/19/2023] [Indexed: 10/29/2023]
Abstract
Internet security is a major concern these days due to the increasing demand for information technology (IT)-based platforms and cloud computing. With its expansion, the Internet has been facing various types of attacks. Viruses, denial of service (DoS) attacks, distributed DoS (DDoS) attacks, code injection attacks, and spoofing are the most common types of attacks in the modern era. Due to the expansion of IT, the volume and severity of network attacks have been increasing lately. DoS and DDoS are the most frequently reported network traffic attacks. Traditional solutions such as intrusion detection systems and firewalls cannot detect complex DDoS and DoS attacks. With the integration of artificial intelligence-based machine learning and deep learning methods, several novel approaches have been presented for DoS and DDoS detection. In particular, deep learning models have played a crucial role in detecting DDoS attacks due to their exceptional performance. This study adopts deep learning models including recurrent neural network (RNN), long short-term memory (LSTM), and gradient recurrent unit (GRU) to detect DDoS attacks on the most recent dataset, CICDDoS2019, and a comparative analysis is conducted with the CICIDS2017 dataset. The comparative analysis contributes to the development of a competent and accurate method for detecting DDoS attacks with reduced execution time and complexity. The experimental results demonstrate that models perform equally well on the CICDDoS2019 dataset with an accuracy score of 0.99, but there is a difference in execution time, with GRU showing less execution time than those of RNN and LSTM.
Collapse
|
6
|
Alrayes FS, Zakariah M, Driss M, Boulila W. Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis. SENSORS (BASEL, SWITZERLAND) 2023; 23:8362. [PMID: 37896456 PMCID: PMC10610875 DOI: 10.3390/s23208362] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/31/2023] [Revised: 10/02/2023] [Accepted: 10/06/2023] [Indexed: 10/29/2023]
Abstract
Intrusion detection systems, also known as IDSs, are widely regarded as one of the most essential components of an organization's network security. This is because IDSs serve as the organization's first line of defense against several cyberattacks and are accountable for accurately detecting any possible network intrusions. Several implementations of IDSs accomplish the detection of potential threats throughout flow-based network traffic analysis. Traditional IDSs frequently struggle to provide accurate real-time intrusion detection while keeping up with the changing landscape of threat. Innovative methods used to improve IDSs' performance in network traffic analysis are urgently needed to overcome these drawbacks. In this study, we introduced a model called a deep neural decision forest (DNDF), which allows the enhancement of classification trees with the power of deep networks to learn data representations. We essentially utilized the CICIDS 2017 dataset for network traffic analysis and extended our experiments to evaluate the DNDF model's performance on two additional datasets: CICIDS 2018 and a custom network traffic dataset. Our findings showed that DNDF, a combination of deep neural networks and decision forests, outperformed reference approaches with a remarkable precision of 99.96% by using the CICIDS 2017 dataset while creating latent representations in deep layers. This success can be attributed to improved feature representation, model optimization, and resilience to noisy and unbalanced input data, emphasizing DNDF's capabilities in intrusion detection and network security solutions.
Collapse
|
7
|
Mahalingam A, Perumal G, Subburayalu G, Albathan M, Altameem A, Almakki RS, Hussain A, Abbas Q. ROAST-IoT: A Novel Range-Optimized Attention Convolutional Scattered Technique for Intrusion Detection in IoT Networks. SENSORS (BASEL, SWITZERLAND) 2023; 23:8044. [PMID: 37836874 PMCID: PMC10575244 DOI: 10.3390/s23198044] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/04/2023] [Revised: 09/17/2023] [Accepted: 09/22/2023] [Indexed: 10/15/2023]
Abstract
The Internet of Things (IoT) has significantly benefited several businesses, but because of the volume and complexity of IoT systems, there are also new security issues. Intrusion detection systems (IDSs) guarantee both the security posture and defense against intrusions of IoT devices. IoT systems have recently utilized machine learning (ML) techniques widely for IDSs. The primary deficiencies in existing IoT security frameworks are their inadequate intrusion detection capabilities, significant latency, and prolonged processing time, leading to undesirable delays. To address these issues, this work proposes a novel range-optimized attention convolutional scattered technique (ROAST-IoT) to protect IoT networks from modern threats and intrusions. This system uses the scattered range feature selection (SRFS) model to choose the most crucial and trustworthy properties from the supplied intrusion data. After that, the attention-based convolutional feed-forward network (ACFN) technique is used to recognize the intrusion class. In addition, the loss function is estimated using the modified dingo optimization (MDO) algorithm to ensure the maximum accuracy of classifier. To evaluate and compare the performance of the proposed ROAST-IoT system, we have utilized popular intrusion datasets such as ToN-IoT, IoT-23, UNSW-NB 15, and Edge-IIoT. The analysis of the results shows that the proposed ROAST technique did better than all existing cutting-edge intrusion detection systems, with an accuracy of 99.15% on the IoT-23 dataset, 99.78% on the ToN-IoT dataset, 99.88% on the UNSW-NB 15 dataset, and 99.45% on the Edge-IIoT dataset. On average, the ROAST-IoT system achieved a high AUC-ROC of 0.998, demonstrating its capacity to distinguish between legitimate data and attack traffic. These results indicate that the ROAST-IoT algorithm effectively and reliably detects intrusion attacks mechanism against cyberattacks on IoT systems.
Collapse
|
8
|
Abu Bakar R, Kijsirikul B. Enhancing Network Visibility and Security with Advanced Port Scanning Techniques. SENSORS (BASEL, SWITZERLAND) 2023; 23:7541. [PMID: 37687997 PMCID: PMC10490701 DOI: 10.3390/s23177541] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/13/2023] [Revised: 08/17/2023] [Accepted: 08/27/2023] [Indexed: 09/10/2023]
Abstract
Network security is paramount in today's digital landscape, where cyberthreats continue to evolve and pose significant risks. We propose a DPDK-based scanner based on a study on advanced port scanning techniques to improve network visibility and security. The traditional port scanning methods suffer from speed, accuracy, and efficiency limitations, hindering effective threat detection and mitigation. In this paper, we develop and implement advanced techniques such as protocol-specific probes and evasive scan techniques to enhance the visibility and security of networks. We also evaluate network scanning performance and scalability using programmable hardware, including smart NICs and DPDK-based frameworks, along with in-network processing, data parallelization, and hardware acceleration. Additionally, we leverage application-level protocol parsing to accelerate network discovery and mapping, analyzing protocol-specific information. In our experimental evaluation, our proposed DPDK-based scanner demonstrated a significant improvement in target scanning speed, achieving a 2× speedup compared to other scanners in a target scanning environment. Furthermore, our scanner achieved a high accuracy rate of 99.5% in identifying open ports. Notably, our solution also exhibited a lower CPU and memory utilization, with an approximately 40% reduction compared to alternative scanners. These results highlight the effectiveness and efficiency of our proposed scanning techniques in enhancing network visibility and security. The outcomes of this research contribute to the field by providing insights and innovations to improve network security, identify vulnerabilities, and optimize network performance.
Collapse
|
9
|
Yang J, Jiang X, Liang G, Li S, Ma Z. Malicious Traffic Identification with Self-Supervised Contrastive Learning. SENSORS (BASEL, SWITZERLAND) 2023; 23:7215. [PMID: 37631752 PMCID: PMC10459182 DOI: 10.3390/s23167215] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/16/2023] [Revised: 08/04/2023] [Accepted: 08/10/2023] [Indexed: 08/27/2023]
Abstract
As the demand for Internet access increases, malicious traffic on the Internet has soared also. In view of the fact that the existing malicious-traffic-identification methods suffer from low accuracy, this paper proposes a malicious-traffic-identification method based on contrastive learning. The proposed method is able to overcome the shortcomings of traditional methods that rely on labeled samples and is able to learn data feature representations carrying semantic information from unlabeled data, thus improving the model accuracy. In this paper, a new malicious traffic feature extraction model based on a Transformer is proposed. Employing a self-attention mechanism, the proposed feature extraction model can extract the bytes features of malicious traffic by performing calculations on the malicious traffic, thereby realizing the efficient identification of malicious traffic. In addition, a bidirectional GLSTM is introduced to extract the timing features of malicious traffic. The experimental results show that the proposed method is superior to the latest published methods in terms of accuracy and F1 score.
Collapse
|
10
|
Guo Y, Wang Y, Khan F, Al-Atawi AA, Abdulwahid AA, Lee Y, Marapelli B. Traffic Management in IoT Backbone Networks Using GNN and MAB with SDN Orchestration. SENSORS (BASEL, SWITZERLAND) 2023; 23:7091. [PMID: 37631627 PMCID: PMC10458845 DOI: 10.3390/s23167091] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/13/2023] [Revised: 08/05/2023] [Accepted: 08/08/2023] [Indexed: 08/27/2023]
Abstract
Traffic management is a critical task in software-defined IoT networks (SDN-IoTs) to efficiently manage network resources and ensure Quality of Service (QoS) for end-users. However, traditional traffic management approaches based on queuing theory or static policies may not be effective due to the dynamic and unpredictable nature of network traffic. In this paper, we propose a novel approach that leverages Graph Neural Networks (GNNs) and multi-arm bandit algorithms to dynamically optimize traffic management policies based on real-time network traffic patterns. Specifically, our approach uses a GNN model to learn and predict network traffic patterns and a multi-arm bandit algorithm to optimize traffic management policies based on these predictions. We evaluate the proposed approach on three different datasets, including a simulated corporate network (KDD Cup 1999), a collection of network traffic traces (CAIDA), and a simulated network environment with both normal and malicious traffic (NSL-KDD). The results demonstrate that our approach outperforms other state-of-the-art traffic management methods, achieving higher throughput, lower packet loss, and lower delay, while effectively detecting anomalous traffic patterns. The proposed approach offers a promising solution to traffic management in SDNs, enabling efficient resource management and QoS assurance.
Collapse
|
11
|
Du X, Ding X, Tao F. Network Security Situation Prediction Based on Optimized Clock-Cycle Recurrent Neural Network for Sensor-Enabled Networks. SENSORS (BASEL, SWITZERLAND) 2023; 23:6087. [PMID: 37447936 DOI: 10.3390/s23136087] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/06/2023] [Revised: 06/28/2023] [Accepted: 06/28/2023] [Indexed: 07/15/2023]
Abstract
We propose an optimized Clockwork Recurrent Neural Network (CW-RNN) based approach to address temporal dynamics and nonlinearity in network security situations, improving prediction accuracy and real-time performance. By leveraging the clock-cycle RNN, we enable the model to capture both short-term and long-term temporal features of network security situations. Additionally, we utilize the Grey Wolf Optimization (GWO) algorithm to optimize the hyperparameters of the network, thus constructing an enhanced network security situation prediction model. The introduction of a clock-cycle for hidden units allows the model to learn short-term information from high-frequency update modules while retaining long-term memory from low-frequency update modules, thereby enhancing the model's ability to capture data patterns. Experimental results demonstrate that the optimized clock-cycle RNN outperforms other network models in extracting the temporal and nonlinear features of network security situations, leading to improved prediction accuracy. Furthermore, our approach has low time complexity and excellent real-time performance, ideal for monitoring large-scale network traffic in sensor networks.
Collapse
|
12
|
Paracha MA, Sadiq M, Liang J, Durad MH, Sheeraz M. Multi-Layered Filtration Framework for Efficient Detection of Network Attacks Using Machine Learning. SENSORS (BASEL, SWITZERLAND) 2023; 23:5829. [PMID: 37447678 DOI: 10.3390/s23135829] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/10/2023] [Revised: 06/12/2023] [Accepted: 06/13/2023] [Indexed: 07/15/2023]
Abstract
The advancements and reliance on digital data necessitates dependence on information technology. The growing amount of digital data and their availability over the Internet have given rise to the problem of information security. With the increase in connectivity among devices and networks, maintaining the information security of an asset has now become essential for an organization. Intrusion detection systems (IDS) are widely used in networks for protection against different network attacks. Several machine-learning-based techniques have been used among researchers for the implementation of anomaly-based IDS (AIDS). In the past, the focus primarily remained on the improvement of the accuracy of the system. Efficiency with respect to time is an important aspect of an IDS, which most of the research has thus far somewhat overlooked. For this purpose, we propose a multi-layered filtration framework (MLFF) for feature reduction using a statistical approach. The proposed framework helps reduce the detection time without affecting the accuracy. We use the CIC-IDS2017 dataset for experiments. The proposed framework contains three filters and is connected in sequential order. The accuracy, precision, recall and F1 score are calculated against the selected machine learning models. In addition, the training time and the detection time are also calculated because these parameters are considered important in measuring the performance of a detection system. Generally, decision tree models, random forest methods, and artificial neural networks show better results in the detection of network attacks with minimum detection time.
Collapse
|
13
|
Sharma RK, Issac B, Xin Q, Gadekallu TR, Nath K. Plant and Salamander Inspired Network Attack Detection and Data Recovery Model. SENSORS (BASEL, SWITZERLAND) 2023; 23:5562. [PMID: 37420729 DOI: 10.3390/s23125562] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/15/2023] [Revised: 04/24/2023] [Accepted: 06/01/2023] [Indexed: 07/09/2023]
Abstract
The number of users of the Internet has been continuously rising, with an estimated 5.1 billion users in 2023, which comprises around 64.7% of the total world population. This indicates the rise of more connected devices to the network. On average, 30,000 websites are hacked daily, and nearly 64% of companies worldwide experience at least one type of cyberattack. As per IDC's 2022 Ransomware study, two-thirds of global organizations were hit by a ransomware attack that year. This creates the desire for a more robust and evolutionary attack detection and recovery model. One aspect of the study is the bio-inspiration models. This is because of the natural ability of living organisms to withstand various odd circumstances and overcome them with an optimization strategy. In contrast to the limitations of machine learning models with the need for quality datasets and computational availability, bio-inspired models can perform in low computational environments, and their performances are designed to evolve naturally with time. This study concentrates on exploring the evolutionary defence mechanism in plants and understanding how plants react to any known external attacks and how the response mechanism changes to unknown attacks. This study also explores how regenerative models, such as salamander limb regeneration, could build a network recovery system where services could be automatically activated after a network attack, and data could be recovered automatically by the network after a ransomware-like attack. The performance of the proposed model is compared to open-source IDS Snort and data recovery systems such as Burp and Casandra.
Collapse
|
14
|
Farooq H, Altaf A, Iqbal F, Galán JC, Aray DG, Ashraf I. DrunkChain: Blockchain-Based IoT System for Preventing Drunk Driving-Related Traffic Accidents. SENSORS (BASEL, SWITZERLAND) 2023; 23:5388. [PMID: 37420557 DOI: 10.3390/s23125388] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/10/2023] [Revised: 06/01/2023] [Accepted: 06/05/2023] [Indexed: 07/09/2023]
Abstract
Traffic accidents present significant risks to human life, leading to a high number of fatalities and injuries. According to the World Health Organization's 2022 worldwide status report on road safety, there were 27,582 deaths linked to traffic-related events, including 4448 fatalities at the collision scenes. Drunk driving is one of the leading causes contributing to the rising count of deadly accidents. Current methods to assess driver alcohol consumption are vulnerable to network risks, such as data corruption, identity theft, and man-in-the-middle attacks. In addition, these systems are subject to security restrictions that have been largely overlooked in earlier research focused on driver information. This study intends to develop a platform that combines the Internet of Things (IoT) with blockchain technology in order to address these concerns and improve the security of user data. In this work, we present a device- and blockchain-based dashboard solution for a centralized police monitoring account. The equipment is responsible for determining the driver's impairment level by monitoring the driver's blood alcohol concentration (BAC) and the stability of the vehicle. At predetermined times, integrated blockchain transactions are executed, transmitting data straight to the central police account. This eliminates the need for a central server, ensuring the immutability of data and the existence of blockchain transactions that are independent of any central authority. Our system delivers scalability, compatibility, and faster execution times by adopting this approach. Through comparative research, we have identified a significant increase in the need for security measures in relevant scenarios, highlighting the importance of our suggested model.
Collapse
|
15
|
Xing L, Wang K, Wu H, Ma H, Zhang X. Intrusion Detection Method for Internet of Vehicles Based on Parallel Analysis of Spatio-Temporal Features. SENSORS (BASEL, SWITZERLAND) 2023; 23:s23094399. [PMID: 37177603 PMCID: PMC10181641 DOI: 10.3390/s23094399] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 04/06/2023] [Revised: 04/26/2023] [Accepted: 04/26/2023] [Indexed: 05/15/2023]
Abstract
The problems with network security that the Internet of Vehicles (IoV) faces are becoming more noticeable as it continues to evolve. Deep learning-based intrusion detection techniques can assist the IoV in preventing network threats. However, previous methods usually employ a single deep learning model to extract temporal or spatial features, or extract spatial features first and then temporal features in a serial manner. These methods usually have the problem of insufficient extraction of spatio-temporal features of the IoV, which affects the performance of intrusion detection and leads to a high false-positive rate. To solve the above problems, this paper proposes an intrusion detection method for IoV based on parallel analysis of spatio-temporal features (PA-STF). First, we built an optimal subset of features based on feature correlations of IoV traffic. Then, we used the temporal convolutional network (TCN) and long short-term memory (LSTM) to extract spatio-temporal features in the IoV traffic in a parallel manner. Finally, we fused the spatio-temporal features extracted in parallel based on the self-attention mechanism and used a multilayer perceptron to detect attacks in the Internet of Vehicles. The experimental results show that the PA-STF method reduces the false-positive rate by 1.95% and 1.57% on the NSL-KDD and UNSW-NB15 datasets, respectively, with the accuracy and F1 score also being superior.
Collapse
|
16
|
Tariq U, Ahmed I, Bashir AK, Shaukat K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. SENSORS (BASEL, SWITZERLAND) 2023; 23:4117. [PMID: 37112457 PMCID: PMC10142206 DOI: 10.3390/s23084117] [Citation(s) in RCA: 3] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 02/28/2023] [Revised: 04/04/2023] [Accepted: 04/14/2023] [Indexed: 06/19/2023]
Abstract
The emergence of the Internet of Things (IoT) technology has brought about tremendous possibilities, but at the same time, it has opened up new vulnerabilities and attack vectors that could compromise the confidentiality, integrity, and availability of connected systems. Developing a secure IoT ecosystem is a daunting challenge that requires a systematic and holistic approach to identify and mitigate potential security threats. Cybersecurity research considerations play a critical role in this regard, as they provide the foundation for designing and implementing security measures that can address emerging risks. To achieve a secure IoT ecosystem, scientists and engineers must first define rigorous security specifications that serve as the foundation for developing secure devices, chipsets, and networks. Developing such specifications requires an interdisciplinary approach that involves multiple stakeholders, including cybersecurity experts, network architects, system designers, and domain experts. The primary challenge in IoT security is ensuring the system can defend against both known and unknown attacks. To date, the IoT research community has identified several key security concerns related to the architecture of IoT systems. These concerns include issues related to connectivity, communication, and management protocols. This research paper provides an all-inclusive and lucid review of the current state of anomalies and security concepts related to the IoT. We classify and analyze prevalent security distresses regarding IoT's layered architecture, including connectivity, communication, and management protocols. We establish the foundation of IoT security by examining the current attacks, threats, and cutting-edge solutions. Furthermore, we set security goals that will serve as the benchmark for assessing whether a solution satisfies the specific IoT use cases.
Collapse
|
17
|
Malone M, Walton R. Comparing Canada’s proposed Critical Cyber Systems Protection Act with cybersecurity legal requirements in the EU. INTERNATIONAL CYBERSECURITY LAW REVIEW 2023; 4:165-196. [PMID: 37153843 PMCID: PMC9975875 DOI: 10.1365/s43439-023-00082-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 12/29/2022] [Accepted: 01/23/2023] [Indexed: 03/05/2023]
Abstract
This article examines the Canadian federal government’s proposed Critical Cyber Systems Protection Act (CCSPA), compares it with existing and proposed cybersecurity legal requirements in the European Union (EU), and sets out recommendations to address shortcomings of the proposed Canadian legislation. One of the cornerstone components of Bill C‑26, the CCSPA seeks to regulate critical cyber systems in federally regulated private sectors. It represents a significant overhaul of Canadian cybersecurity regulation. However, the current proposed legislation exhibits many flaws, including a commitment to, and entrenchment of, a patchwork approach to regulation that focuses on formal registration; a lack of oversight of its confidentiality provisions; a weak penalty scheme that focuses solely on compliance, not deterrence; and diluted conduct, reporting, and mitigation obligations. To repair these flaws, this article reviews the provisions of the proposed law and compares them with the EU’s Directive Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union, the first EU-wide cybersecurity legislation, as well as its proposed successor, the NIS2 Directive. Where relevant, various other cybersecurity regulations in peer states are discussed. Specific recommendations are put forward.
Collapse
|
18
|
D’hooge L, Verkerken M, Wauters T, De Turck F, Volckaert B. Investigating Generalized Performance of Data-Constrained Supervised Machine Learning Models on Novel, Related Samples in Intrusion Detection. SENSORS (BASEL, SWITZERLAND) 2023; 23:1846. [PMID: 36850444 PMCID: PMC9960990 DOI: 10.3390/s23041846] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 12/17/2022] [Revised: 02/02/2023] [Accepted: 02/03/2023] [Indexed: 06/18/2023]
Abstract
Recently proposed methods in intrusion detection are iterating on machine learning methods as a potential solution. These novel methods are validated on one or more datasets from a sparse collection of academic intrusion detection datasets. Their recognition as improvements to the state-of-the-art is largely dependent on whether they can demonstrate a reliable increase in classification metrics compared to similar works validated on the same datasets. Whether these increases are meaningful outside of the training/testing datasets is rarely asked and never investigated. This work aims to demonstrate that strong general performance does not typically follow from strong classification on the current intrusion detection datasets. Binary classification models from a range of algorithmic families are trained on the attack classes of CSE-CIC-IDS2018, a state-of-the-art intrusion detection dataset. After establishing baselines for each class at various points of data access, the same trained models are tasked with classifying samples from the corresponding attack classes in CIC-IDS2017, CIC-DoS2017 and CIC-DDoS2019. Contrary to what the baseline results would suggest, the models have rarely learned a generally applicable representation of their attack class. Stability and predictability of generalized model performance are central issues for all methods on all attack classes. Focusing only on the three best-in-class models in terms of interdataset generalization, reveals that for network-centric attack classes (brute force, denial of service and distributed denial of service), general representations can be learned with flat losses in classification performance (precision and recall) below 5%. Other attack classes vary in generalized performance from stark losses in recall (-35%) with intact precision (98+%) for botnets to total degradation of precision and moderate recall loss for Web attack and infiltration models. The core conclusion of this article is a warning to researchers in the field. Expecting results of proposed methods on the test sets of state-of-the-art intrusion detection datasets to translate to generalized performance is likely a serious overestimation. Four proposals to reduce this overestimation are set out as future work directions.
Collapse
|
19
|
Fang Z, Xu Z. Network Delay and Cache Overflow: A Parameter Estimation Method for Time Window Based Hopping Network. ENTROPY (BASEL, SWITZERLAND) 2023; 25:116. [PMID: 36673257 PMCID: PMC9858253 DOI: 10.3390/e25010116] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/17/2022] [Revised: 12/24/2022] [Accepted: 01/03/2023] [Indexed: 06/17/2023]
Abstract
A basic understanding of delayed packet loss is key to successfully applying it to multi-node hopping networks. Given the problem of delayed data loss due to network delay in a hop network environment, we review early time windowing approaches, for which most contributions focus on end-to-end hopping networks. However, they do not apply to the general hopping network environment, where data transmission from the sending host to the receiving host usually requires forwarding at multiple intermediate nodes due to network latency and network cache overflow, which may result in delayed packet loss. To overcome this challenge, we propose a delay time window and a method for estimating the delay time window. By examining the network delays of different data tasks, we obtain network delay estimates for these data tasks, use them as estimates of the delay time window, and validate the estimated results to verify that the results satisfy the delay distribution law. In addition, simulation tests and a discussion of the results were conducted to demonstrate how to maximize the reception of delay groupings. The analysis shows that the method is more general and applicable to multi-node hopping networks than existing time windowing methods.
Collapse
|
20
|
Muthuvel S, Rajagopal S, Subramaniam SK. Analysis of Security Issues in Wireless Body Area Networks in Heterogeneous Networks. SENSORS (BASEL, SWITZERLAND) 2022; 22:7588. [PMID: 36236687 PMCID: PMC9571783 DOI: 10.3390/s22197588] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 07/24/2022] [Revised: 09/26/2022] [Accepted: 09/28/2022] [Indexed: 06/16/2023]
Abstract
Body Area Network (BAN) is one of the most important techniques for observing patient health in real time and identifying and analyzing diseases. For effective implementation of this technology in practice and to benefit from it, there are some key issues which are to be addressed, and among those issues, security is highly critical. WBAN will have to operate in a cooperative networking model of multiple networks such as those of homogeneous networks, for the purpose of performance and reliability, or those of heterogeneous networks, for the purpose of data transfer and processing from application point of view, with the other networks such as the networks of hospitals, clinics, medical experts, etc. and the patient himself/herself, who may be moving from one network to another. This paper brings out the issues related to security in WBAN in separate networks as well as in multiple networks. For WBAN working in a separate network, the IEEE 802.15.6 standard is considered. For WBANs working in multiple networks, especially heterogeneous networks, the security issues are considered. Considering the advancements of artificial intelligence (AI), the paper describes how AI is addressing some challenges faced by WBAN. The paper describes possible approaches which can be taken to address these issues by modeling a security mechanism using various artificial intelligence techniques. The paper proposes game theory with Stackelberg security equilibrium (GTSSE) for modeling security in heterogeneous networks in WBAN and describes the experiments conducted by the authors and the results proving the suitability of the modeling using GTSSE.
Collapse
|
21
|
Nasir MU, Khan S, Mehmood S, Khan MA, Zubair M, Hwang SO. Network Meddling Detection Using Machine Learning Empowered with Blockchain Technology. SENSORS (BASEL, SWITZERLAND) 2022; 22:6755. [PMID: 36146104 PMCID: PMC9500681 DOI: 10.3390/s22186755] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 06/16/2022] [Revised: 09/01/2022] [Accepted: 09/04/2022] [Indexed: 06/16/2023]
Abstract
The study presents a framework to analyze and detect meddling in real-time network data and identify numerous meddling patterns that may be harmful to various communication means, academic institutes, and other industries. The major challenge was to develop a non-faulty framework to detect meddling (to overcome the traditional ways). With the development of machine learning technology, detecting and stopping the meddling process in the early stages is much easier. In this study, the proposed framework uses numerous data collection and processing techniques and machine learning techniques to train the meddling data and detect anomalies. The proposed framework uses support vector machine (SVM) and K-nearest neighbor (KNN) machine learning algorithms to detect the meddling in a network entangled with blockchain technology to ensure the privacy and protection of models as well as communication data. SVM achieves the highest training detection accuracy (DA) and misclassification rate (MCR) of 99.59% and 0.41%, respectively, and SVM achieves the highest-testing DA and MCR of 99.05% and 0.95%, respectively. The presented framework portrays the best meddling detection results, which are very helpful for various communication and transaction processes.
Collapse
|
22
|
Chen CM, Chen Z, Kumari S, Lin MC. LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things. SENSORS (BASEL, SWITZERLAND) 2022; 22:5401. [PMID: 35891080 PMCID: PMC9320153 DOI: 10.3390/s22145401] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 05/26/2022] [Revised: 07/02/2022] [Accepted: 07/13/2022] [Indexed: 06/15/2023]
Abstract
The Internet of Health Things (IoHT), which is an extension of the Internet of Things (IoT) in healthcare, has provided a new type of telemedicine approach. In IoHT, wearable sensors are used to collect patient health data, and information is transmitted remotely to doctors who can develop accurate treatment plans and provide timely telemedicine services to patients. However, patient health data are transmitted over a public channel, which means that the privacy and medical data of patients are at significant risk of leakage and can be confronted by serious security problems. We proposed a lightweight authentication protocol known as LAP-IoHT for IoHT environments to overcome the various threats that are currently faced by IoHT. We verified the security of LAP-IoHT using a Real-or-Random model and demonstrated its significant performance advantage by conducting a comparative analysis with other similar protocols for a better adaptation to the IoHT environment.
Collapse
|
23
|
Akshay Kumaar M, Samiayya D, Vincent PMDR, Srinivasan K, Chang CY, Ganesh H. A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning. Front Public Health 2022; 9:824898. [PMID: 35096763 PMCID: PMC8790147 DOI: 10.3389/fpubh.2021.824898] [Citation(s) in RCA: 4] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/29/2021] [Accepted: 12/16/2021] [Indexed: 12/01/2022] Open
Abstract
The unbounded increase in network traffic and user data has made it difficult for network intrusion detection systems to be abreast and perform well. Intrusion Systems are crucial in e-healthcare since the patients' medical records should be kept highly secure, confidential, and accurate. Any change in the actual patient data can lead to errors in the diagnosis and treatment. Most of the existing artificial intelligence-based systems are trained on outdated intrusion detection repositories, which can produce more false positives and require retraining the algorithm from scratch to support new attacks. These processes also make it challenging to secure patient records in medical systems as the intrusion detection mechanisms can become frequently obsolete. This paper proposes a hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data. The proposed framework uses multiple feature engineering processes, oversampling methods to improve class balance, and hyper-parameter optimization techniques to achieve high accuracy and performance. The architecture contains <1 million parameters, making it lightweight, fast, and IoT-friendly, suitable for deploying the IDS on medical devices and healthcare systems. The performance of ImmuneNet was benchmarked against several other machine learning algorithms on the Canadian Institute for Cybersecurity's Intrusion Detection System 2017, 2018, and Bell DNS 2021 datasets which contain extensive real-time and latest cyber attack data. Out of all the experiments, ImmuneNet performed the best on the CIC Bell DNS 2021 dataset with about 99.19% accuracy, 99.22% precision, 99.19% recall, and 99.2% ROC-AUC scores, which are comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.
Collapse
|
24
|
Aslam M, Ye D, Tariq A, Asad M, Hanif M, Ndzi D, Chelloug SA, Elaziz MA, Al-Qaness MAA, Jilani SF. Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT. SENSORS 2022; 22:s22072697. [PMID: 35408312 PMCID: PMC9002783 DOI: 10.3390/s22072697] [Citation(s) in RCA: 10] [Impact Index Per Article: 5.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/18/2022] [Revised: 03/25/2022] [Accepted: 03/25/2022] [Indexed: 11/16/2022]
Abstract
The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.
Collapse
|
25
|
Majid M, Habib S, Javed AR, Rizwan M, Srivastava G, Gadekallu TR, Lin JCW. Applications of Wireless Sensor Networks and Internet of Things Frameworks in the Industry Revolution 4.0: A Systematic Literature Review. SENSORS 2022; 22:s22062087. [PMID: 35336261 PMCID: PMC8950945 DOI: 10.3390/s22062087] [Citation(s) in RCA: 46] [Impact Index Per Article: 23.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/09/2022] [Revised: 02/27/2022] [Accepted: 03/02/2022] [Indexed: 11/30/2022]
Abstract
The 21st century has seen rapid changes in technology, industry, and social patterns. Most industries have moved towards automation, and human intervention has decreased, which has led to a revolution in industries, named the fourth industrial revolution (Industry 4.0). Industry 4.0 or the fourth industrial revolution (IR 4.0) relies heavily on the Internet of Things (IoT) and wireless sensor networks (WSN). IoT and WSN are used in various control systems, including environmental monitoring, home automation, and chemical/biological attack detection. IoT devices and applications are used to process extracted data from WSN devices and transmit them to remote locations. This systematic literature review offers a wide range of information on Industry 4.0, finds research gaps, and recommends future directions. Seven research questions are addressed in this article: (i) What are the contributions of WSN in IR 4.0? (ii) What are the contributions of IoT in IR 4.0? (iii) What are the types of WSN coverage areas for IR 4.0? (iv) What are the major types of network intruders in WSN and IoT systems? (v) What are the prominent network security attacks in WSN and IoT? (vi) What are the significant issues in IoT and WSN frameworks? and (vii) What are the limitations and research gaps in the existing work? This study mainly focuses on research solutions and new techniques to automate Industry 4.0. In this research, we analyzed over 130 articles from 2014 until 2021. This paper covers several aspects of Industry 4.0, from the designing phase to security needs, from the deployment stage to the classification of the network, the difficulties, challenges, and future directions.
Collapse
|