1
|
Han F, Yu J, Zhou G, Li S, Sun T. A comparative study on urban waterlogging susceptibility assessment based on multiple data-driven models. JOURNAL OF ENVIRONMENTAL MANAGEMENT 2024; 360:121166. [PMID: 38781876 DOI: 10.1016/j.jenvman.2024.121166] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 01/22/2024] [Revised: 03/19/2024] [Accepted: 05/10/2024] [Indexed: 05/25/2024]
Abstract
Accurate identification of urban waterlogging areas and assessing waterlogging susceptibility are crucial for preventing and controlling hazards. Data-driven models are utilized to forecast waterlogging areas by establishing intricate relationships between explanatory variables and waterlogging states. This approach tackles the constraints of mechanistic models, which are frequently complex and unable to incorporate socio-economic factors. Previous research predominantly employed single-type data-driven models to predict waterlogging locations and evaluation of their effectiveness. There is a scarcity of comprehensive performance comparisons and uncertainty analyses of different types of models, as well as a lack of interpretability analysis. The chosen study area was the central area of Beijing, which is prone to waterlogging. Given the high manpower, time, and economic costs associated with collecting waterlogging information, the waterlogging point distribution map released by the Beijing Water Affairs Bureau was selected as labeled samples. Twelve factors affecting waterlogging susceptibility were chosen as explanatory variables to construct Random Forest (RF), Support Vector Machine with Radial Basis Function (SVM-RBF), Particle Swarm Optimization-Weakly Labeled Support Vector Machine (PSO-WELLSVM), and Maximum Entropy (MaxEnt). The utilization of diverse single evaluation indicators (such as F-score, Kappa, AUC, etc.) to assess the model performance may yield conflicting results. The Distance between Indices of Simulation and Observation (DISO) was chosen as a comprehensive measure to assess the model's performance in predicting waterlogging points. PSO-WELLSVM exhibited the highest performance with a DISOtest value of 0.63, outperforming MaxEnt (0.78), which excelled in identifying areas highly susceptible to waterlogging, including extremely high susceptibility zones. The SVM-RBF and RF models demonstrated suboptimal performance and exhibited overfitting. The examination of waterlogging susceptibility distribution maps predicted by the four models revealed significant spatial differences due to variations in computational principles and input parameter complexities. The integration of four WSAMs based on logistic regression has been shown to significantly decrease the uncertainty of a single data-driven model and identify the most flood-prone areas. To improve the interpretability of the data model, a geographical detector was incorporated to demonstrate the explanatory capacity of 12 variables and the process of waterlogging. Building Density (BD) exhibits the highest explanatory power in relation to explain waterlogging susceptibility (Q value = 0.202), followed by Distance to Road, Frequency of Heavy Rainstorms (FHR), DEM, etc. The interaction between BD and FHR results in a nonlinear increase in the explanatory power of waterlogging susceptibility. The presence of waterlogging susceptibility risk in the research area can be attributed to the interactions of multiple factors.
Collapse
Affiliation(s)
- Feifei Han
- College of Water Sciences, Beijing Normal University, Beijing Key Laboratory of Urban Hydrological Cycle and Sponge City Technology, Beijing 100875, China
| | - Jingshan Yu
- College of Water Sciences, Beijing Normal University, Beijing Key Laboratory of Urban Hydrological Cycle and Sponge City Technology, Beijing 100875, China; State Environmental Protection Key Laboratory of Land and Sea Ecological Governance and Systematic Regulation, Shandong Academy for Environmental Planning, Jinan 250100, China.
| | - Guihuan Zhou
- College of Water Sciences, Beijing Normal University, Beijing Key Laboratory of Urban Hydrological Cycle and Sponge City Technology, Beijing 100875, China
| | - Shuang Li
- College of Water Sciences, Beijing Normal University, Beijing Key Laboratory of Urban Hydrological Cycle and Sponge City Technology, Beijing 100875, China
| | - Tong Sun
- College of Water Sciences, Beijing Normal University, Beijing Key Laboratory of Urban Hydrological Cycle and Sponge City Technology, Beijing 100875, China
| |
Collapse
|
2
|
Wan X, Liu Y, Mei X, Ye J, Zeng C, Chen Y. A novel atrial fibrillation automatic detection algorithm based on ensemble learning and multi-feature discrimination. Med Biol Eng Comput 2024; 62:1809-1820. [PMID: 38388761 DOI: 10.1007/s11517-024-03046-7] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/17/2023] [Accepted: 02/03/2024] [Indexed: 02/24/2024]
Abstract
Atrial fibrillation (AF) is a prevalent cardiac arrhythmia disorder that necessitates long-time electrocardiogram (ECG) data for clinical diagnosis, leading to low detection efficiency. Automatic detection of AF signals within short-time ECG recordings is challenging. To address these issues, this paper proposes a novel algorithm called Ensemble Learning and Multi-Feature Discrimination (ELMD) for the identification and detection of AF signals. Firstly, a robust classifier, BSK-Model, is constructed using ensemble learning. Subsequently, the ECG R-waves are detected, and the ECG signals are segmented into consecutive RR intervals. Time domain, frequency domain, and nonlinear features are extracted from these intervals. Finally, these features are fed into the BSK-Model to discriminate AF. The proposed methodology is evaluated using the MIT-BIH AF database. The results demonstrate that when RR intervals are employed as classification units, the specificity and accuracy of AF detection in long-time ECG data exceed 99%, showcasing a significant improvement over traditional single-model classification. Additionally, the sensitivity and accuracy achieved by testing cardiac segments are both above 96%. With a minimum requirement of only four cardiac segments, AF events can be accurately identified, thereby enabling rapid discrimination of short-time single-lead ECG AF events. Consequently, this approach is suitable for real-time and accurate AF detection using low-computational-power ECG diagnostic analysis devices, such as wearable devices.
Collapse
Affiliation(s)
- Xiangkui Wan
- Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan, 430068, People's Republic of China
- Hubei University of Technology, Room A325, Electrical Building, 28 Nanli Road, Hongshan District, Wuhan, 430000, Hubei Province, China
| | - Yizheng Liu
- Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan, 430068, People's Republic of China
| | - Xiaoyu Mei
- Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan, 430068, People's Republic of China
| | - Jinxing Ye
- Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan, 430068, People's Republic of China
| | - Chunyan Zeng
- Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan, 430068, People's Republic of China
| | - Yunfan Chen
- Hubei Key Laboratory for High-Efficiency Utilization of Solar Energy and Operation Control of Energy Storage System, Hubei University of Technology, Wuhan, 430068, People's Republic of China.
- Hubei University of Technology, Room A325, Electrical Building, 28 Nanli Road, Hongshan District, Wuhan, 430000, Hubei Province, China.
| |
Collapse
|
3
|
Mogollón Gutiérrez Ó, Sancho Núñez JC, Ávila M, Caro A. A detailed study of resampling algorithms for cyberattack classification in engineering applications. PeerJ Comput Sci 2024; 10:e1975. [PMID: 38660195 PMCID: PMC11041950 DOI: 10.7717/peerj-cs.1975] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/12/2023] [Accepted: 03/11/2024] [Indexed: 04/26/2024]
Abstract
The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it's crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one-vs-rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.
Collapse
Affiliation(s)
| | | | - Mar Ávila
- Escuela Politecnica, University of Extremadura, Cáceres, Cáceres, Spain
| | - Andrés Caro
- Escuela Politecnica, University of Extremadura, Cáceres, Cáceres, Spain
| |
Collapse
|
4
|
Alohali MA, Elsadig M, Hilal AM, Mutwakel A. Emerging framework for attack detection in cyber-physical systems using heuristic-based optimization algorithm. PeerJ Comput Sci 2023; 9:e1596. [PMID: 38192469 PMCID: PMC10773567 DOI: 10.7717/peerj-cs.1596] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/02/2023] [Accepted: 08/28/2023] [Indexed: 01/10/2024]
Abstract
In recent days, cyber-physical systems (CPS) have become a new wave generation of human life, exploiting various smart and intelligent uses of automotive systems. In these systems, information is shared through networks, and data is collected from multiple sensor devices. This network has sophisticated control, wireless communication, and high-speed computation. These features are commonly available in CPS, allowing multi-users to access and share information through the network via remote access. Therefore, protecting resources and sensitive information in the network is essential. Many research works have been developed for detecting insecure networks and attacks in the network. This article introduces a framework, namely Deep Bagging Convolutional Neural Network with Heuristic Multiswarm Ant Colony Optimization (DCNN-HMACO), designed to enhance the secure transmission of information, improve efficiency, and provide convenience in Cyber-Physical Systems (CPS). The proposed framework aims to detect attacks in CPS effectively. Compared to existing methods, the DCNN-HMACO framework significantly improves attack detection rates and enhances overall system protection. While the accuracy rates of CNN and FCM are reported as 72.12% and 79.56% respectively, our proposed framework achieves a remarkable accuracy rate of 92.14%.
Collapse
Affiliation(s)
- Manal Abdullah Alohali
- Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia
| | - Muna Elsadig
- Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia
| | - Anwer Mustafa Hilal
- Department of Computer and Self Development, Prince Sattam bin Abdulaziz University, Saudi Arabia, Saudi Arabia, Saudi Arabia
| | - Abdulwahed Mutwakel
- Department of Information Systems, Prince Sattam bin Abdulaziz University, Saudi Arabia, Saudi Arabia, Saudi Arabia
| |
Collapse
|
5
|
Ahsan M, Khusna H, Wibawati, Lee MH. Support vector data description with kernel density estimation (SVDD-KDE) control chart for network intrusion monitoring. Sci Rep 2023; 13:19149. [PMID: 37932421 PMCID: PMC10628185 DOI: 10.1038/s41598-023-46719-3] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/07/2023] [Accepted: 11/03/2023] [Indexed: 11/08/2023] Open
Abstract
Multivariate control charts have been applied in many sectors. One of the sectors that employ this method is network intrusion detection. However, the issue arises when the conventional control chart faces difficulty monitoring the network-traffic data that do not follow a normal distribution as required. Consequently, more false alarms will be found when inspecting network traffic data. To settle this problem, support vector data description (SVDD) is suggested. The control chart based on the SVDD distance can be applied for the non-normal distribution, even the unknown distributions. Kernel density estimation (KDE) is the nonparametric approach that can be applied in estimating the control limit of the non-parametric control charts. Based on these facts, a multivariate chart based on the integrated SVDD and KDE (SVDD-KDE) is proposed to monitor the network's anomaly. Simulation using the synthetic dataset is performed to examine the performance of the SVDD-KDE chart in detecting multivariate data shifts and outliers. Based on the simulation results, the proposed method produces better performance in detecting shifts and higher accuracy in detecting outliers. Further, the proposed method is applied in the intrusion detection system (IDS) to monitor network attacks. The NSL-KDD data is analyzed as the benchmark dataset. A comparison between the SVDD-KDE chart with the other IDS-based-control chart and the machine learning algorithms is executed. Although the it has high computational cost, the results show that the IDS based on the SVDD-KDE chart produces a high accuracy at 0.917 and AUC at 0.915 with a low false positive rate compared to several algorithms.
Collapse
Affiliation(s)
- Muhammad Ahsan
- Department of Statistics, Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia.
| | - Hidayatul Khusna
- Department of Statistics, Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia
| | - Wibawati
- Department of Statistics, Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia
| | - Muhammad Hisyam Lee
- Department of Mathematical Sciences, Universiti Teknologi Malaysia, Johor Bahru, Malaysia
| |
Collapse
|
6
|
Abbas Q, Hina S, Sajjad H, Zaidi KS, Akbar R. Optimization of predictive performance of intrusion detection system using hybrid ensemble model for secure systems. PeerJ Comput Sci 2023; 9:e1552. [PMID: 37705624 PMCID: PMC10496009 DOI: 10.7717/peerj-cs.1552] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/26/2023] [Accepted: 08/03/2023] [Indexed: 09/15/2023]
Abstract
Network intrusion is one of the main threats to organizational networks and systems. Its timely detection is a profound challenge for the security of networks and systems. The situation is even more challenging for small and medium enterprises (SMEs) of developing countries where limited resources and investment in deploying foreign security controls and development of indigenous security solutions are big hurdles. A robust, yet cost-effective network intrusion detection system is required to secure traditional and Internet of Things (IoT) networks to confront such escalating security challenges in SMEs. In the present research, a novel hybrid ensemble model using random forest-recursive feature elimination (RF-RFE) method is proposed to increase the predictive performance of intrusion detection system (IDS). Compared to the deep learning paradigm, the proposed machine learning ensemble method could yield the state-of-the-art results with lower computational cost and less training time. The evaluation of the proposed ensemble machine leaning model shows 99%, 98.53% and 99.9% overall accuracy for NSL-KDD, UNSW-NB15 and CSE-CIC-IDS2018 datasets, respectively. The results show that the proposed ensemble method successfully optimizes the performance of intrusion detection systems. The outcome of the research is significant and contributes to the performance efficiency of intrusion detection systems and developing secure systems and applications.
Collapse
Affiliation(s)
- Qaiser Abbas
- University of Engineering and Technology, Lahore, Pakistan
| | | | - Hamza Sajjad
- University of Engineering and Technology Lahore, Lahore, Pakistan
| | | | - Rehan Akbar
- Computer and Information Sciences Department, Universiti Teknologi PETRONAS, Seri Iskandar, Malaysia
| |
Collapse
|
7
|
Yang M, Tan L, Chen X, Luo Y, Xu Z, Lan X. Laws and regulations tell how to classify your data: A case study on higher education. Inf Process Manag 2023. [DOI: 10.1016/j.ipm.2022.103240] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 12/29/2022]
|
8
|
Bhan R, Pamula R, Faruki P, Gajrani J. Blockchain-enabled secure and efficient data sharing scheme for trust management in healthcare smartphone network. THE JOURNAL OF SUPERCOMPUTING 2023; 79:1-42. [PMID: 37359328 PMCID: PMC10131528 DOI: 10.1007/s11227-023-05272-6] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Accepted: 04/04/2023] [Indexed: 06/28/2023]
Abstract
The Internet of Medical Things (IoMT) is an extended genre of the Internet of Things (IoT) where the Things collaborate to provide remote patient health monitoring, also known as the Internet of Health (IoH). Smartphones and IoMTs are expected to maintain secure and trusted confidential patient record exchange while managing the patient remotely. Healthcare organizations deploy Healthcare Smartphone Networks (HSN) for personal patient data collection and sharing among smartphone users and IoMT nodes. However, attackers gain access to confidential patient data via infected IoMT nodes on the HSN. Additionally, attackers can compromise the entire network via malicious nodes. This article proposes a Hyperledger blockchain-based technique to identify compromised IoMT nodes and safeguard sensitive patient records. Furthermore, the paper presents a Clustered Hierarchical Trust Management System (CHTMS) to block malicious nodes. In addition, the proposal employs Elliptic Curve Cryptography (ECC) to protect sensitive health records and is resilient against Denial-Of-Service (DOS) attacks. Finally, the evaluation results show that integrating blockchains into the HSN system improved detection performance compared to the existing state of the art. Therefore, the simulation results indicate better security and reliability when compared to conventional databases.
Collapse
Affiliation(s)
- Rati Bhan
- Department of Computer Science and Engineering, Indian Institute of Technology (ISM), Dhanbad, Dhanbad, 826004 India
| | - Rajendra Pamula
- Department of Computer Science and Engineering, Indian Institute of Technology (ISM), Dhanbad, Dhanbad, 826004 India
| | - Parvez Faruki
- Department of Technical Education, Govt. of Gujarat, Gandhinagar, India
| | - Jyoti Gajrani
- Department of Computer Science and Engineering, Engineering College Ajmer, Ajmer, India
| |
Collapse
|
9
|
Yao W, Hu L, Hou Y, Li X. A Lightweight Intelligent Network Intrusion Detection System Using One-Class Autoencoder and Ensemble Learning for IoT. SENSORS (BASEL, SWITZERLAND) 2023; 23:4141. [PMID: 37112482 PMCID: PMC10144792 DOI: 10.3390/s23084141] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 03/09/2023] [Revised: 04/12/2023] [Accepted: 04/18/2023] [Indexed: 06/19/2023]
Abstract
Network intrusion detection technology is key to cybersecurity regarding the Internet of Things (IoT). The traditional intrusion detection system targeting Binary or Multi-Classification can detect known attacks, but it is difficult to resist unknown attacks (such as zero-day attacks). Unknown attacks require security experts to confirm and retrain the model, but new models do not keep up to date. This paper proposes a Lightweight Intelligent NIDS using a One-Class Bidirectional GRU Autoencoder and Ensemble Learning. It can not only accurately identify normal and abnormal data, but also identify unknown attacks as the type most similar to known attacks. First, a One-Class Classification model based on a Bidirectional GRU Autoencoder is introduced. This model is trained with normal data, and has high prediction accuracy in the case of abnormal data and unknown attack data. Second, a multi-classification recognition method based on ensemble learning is proposed. It uses Soft Voting to evaluate the results of various base classifiers, and identify unknown attacks (novelty data) as the type most similar to known attacks, so that exception classification becomes more accurate. Experiments are conducted on WSN-DS, UNSW-NB15, and KDD CUP99 datasets, and the recognition rates of the proposed models in the three datasets are raised to 97.91%, 98.92%, and 98.23% respectively. The results verify the feasibility, efficiency, and portability of the algorithm proposed in the paper.
Collapse
Affiliation(s)
- Wenbin Yao
- School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China
| | - Longcan Hu
- Beijing Key Laboratory of Intelligent Telecommunications Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China; (L.H.); (Y.H.)
| | - Yingying Hou
- Beijing Key Laboratory of Intelligent Telecommunications Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China; (L.H.); (Y.H.)
| | - Xiaoyong Li
- School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China;
| |
Collapse
|
10
|
Wu K, Qu H, Huang C. A Network Intrusion Detection Method Incorporating Bayesian Attack Graph and Incremental Learning Part. FUTURE INTERNET 2023. [DOI: 10.3390/fi15040128] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/30/2023] Open
Abstract
For the current stage of complex and changing network environments and correlated and synchronized vulnerability attacks, this study first fuses attack graph technology and Bayesian networks and constructs Bayesian attack graphs toportray the correlation relationships between vulnerabilities and discovering attackers’ intentions. Meanwhile, improving the Bayesian attack graph is difficult because it is difficult to achieve active updates and adapt to the changing network environment and other problems. The study proposed a detection method that integrated the Bayesian attack graph and the XGBoost incremental learning (IL) approach. Experiments showed that the IL model had an accuracy of 0.951, an accuracy of 0.999, a recall of 0.815, an F1 value of 0.898, and an Area Under Curve (AUC) value of 0.907. The prediction ability of this method was better than that of the base model. Bayesian attack graphs fused with IL can detect attacks in the network more efficiently and accurately, so the probability of each node in the network system being attacked can be updated in real time.
Collapse
|
11
|
Catillo M, Pecchia A, Villano U. CPS-GUARD: Intrusion Detection for Cyber-Physical Systems and IoT Devices Using Outlier-Aware Deep Autoencoders. Comput Secur 2023. [DOI: 10.1016/j.cose.2023.103210] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/31/2023]
|
12
|
Han X, Cui S, Liu S, Zhang C, Jiang B, Lu Z. Network intrusion detection based on n-gram frequency and time-aware transformer. Comput Secur 2023. [DOI: 10.1016/j.cose.2023.103171] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/07/2023]
|
13
|
Xiong WD, Luo KL, Li R. AIDTF: Adversarial training framework for network intrusion detection. Comput Secur 2023. [DOI: 10.1016/j.cose.2023.103141] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 02/17/2023]
|
14
|
Zhang T, Chen W, Liu Y, Wu L. An Intrusion Detection Method Based on Stacked Sparse Autoencoder and Improved Gaussian Mixture Model. Comput Secur 2023. [DOI: 10.1016/j.cose.2023.103144] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 02/24/2023]
|
15
|
An effective intrusion detection approach based on ensemble learning for IIoT edge computing. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES 2022. [DOI: 10.1007/s11416-022-00456-9] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 12/15/2022]
|
16
|
Meta-Heuristic Optimization Algorithm-Based Hierarchical Intrusion Detection System. COMPUTERS 2022. [DOI: 10.3390/computers11120170] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
Abstract
Numerous network cyberattacks have been launched due to inherent weaknesses. Network intrusion detection is a crucial foundation of the cybersecurity field. Intrusion detection systems (IDSs) are a type of machine learning (ML) software proposed for making decisions without explicit programming and with little human intervention. Although ML-based IDS advancements have surpassed earlier methods, they still struggle to identify attack types with high detection rates (DR) and low false alarm rates (FAR). This paper proposes a meta-heuristic optimization algorithm-based hierarchical IDS to identify several types of attack and to secure the computing environment. The proposed approach comprises three stages: The first stage includes data preprocessing, feature selection, and the splitting of the dataset into multiple binary balanced datasets. In the second stage, two novel meta-heuristic optimization algorithms are introduced to optimize the hyperparameters of the extreme learning machine during the construction of multiple binary models to detect different attack types. These are combined in the last stage using an aggregated anomaly detection engine in a hierarchical structure on account of the model’s accuracy. We propose a software machine learning IDS that enables multi-class classification. It achieved scores of 98.93, 99.63, 99.19, 99.78, and 0.01, with 0.51 for average accuracy, DR, and FAR in the UNSW-NB15 and CICIDS2017 datasets, respectively.
Collapse
|
17
|
Zhang C, Jia D, Wang L, Wang W, Liu F, Yang A. Comparative Research on Network Intrusion Detection Methods Based on Machine Learning. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102861] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
|
18
|
Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method. Symmetry (Basel) 2022. [DOI: 10.3390/sym14061095] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 12/04/2022] Open
Abstract
Cloud computing facilitates the users with on-demand services over the Internet. The services are accessible from anywhere at any time. Despite the valuable services, the paradigm is, also, prone to security issues. A Distributed Denial of Service (DDoS) attack affects the availability of cloud services and causes security threats to cloud computing. Detection of DDoS attacks is necessary for the availability of services for legitimate users. The topic has been studied by many researchers, with better accuracy for different datasets. This article presents a method for DDoS attack detection in cloud computing. The primary objective of this article is to reduce misclassification error in DDoS detection. In the proposed work, we select the most relevant features, by applying two feature selection techniques, i.e., the Mutual Information (MI) and Random Forest Feature Importance (RFFI) methods. Random Forest (RF), Gradient Boosting (GB), Weighted Voting Ensemble (WVE), K Nearest Neighbor (KNN), and Logistic Regression (LR) are applied to selected features. The experimental results show that the accuracy of RF, GB, WVE, and KNN with 19 features is 0.99. To further study these methods, misclassifications of the methods are analyzed, which lead to more accurate measurements. Extensive experiments conclude that the RF performed well in DDoS attack detection and misclassified only one attack as normal. Comparative results are presented to validate the proposed method.
Collapse
|
19
|
Wu Q, Wang H, Wang S. An efficient approach for discriminant analysis based on adaptive feature augmentation. J STAT COMPUT SIM 2022. [DOI: 10.1080/00949655.2022.2066672] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/18/2022]
Affiliation(s)
- Qiying Wu
- School of Economics and Management, Beihang University, Beijing, People's Republic of China
- Beijing Key Laboratory of Emergence Support Simulation Technologies for City Operations, Beijing, People's Republic of China
| | - Huiwen Wang
- School of Economics and Management, Beihang University, Beijing, People's Republic of China
- Key Laboratory of Complex System Analysis, Management and Decision (Beihang University), Ministry of Education, Beijing, People's Republic of China
| | - Shanshan Wang
- School of Economics and Management, Beihang University, Beijing, People's Republic of China
- Key Laboratory of Complex System Analysis, Management and Decision (Beihang University), Ministry of Education, Beijing, People's Republic of China
| |
Collapse
|
20
|
An Emergency Event Detection Ensemble Model Based on Big Data. BIG DATA AND COGNITIVE COMPUTING 2022. [DOI: 10.3390/bdcc6020042] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 02/01/2023]
Abstract
Emergency events arise when a serious, unexpected, and often dangerous threat affects normal life. Hence, knowing what is occurring during and after emergency events is critical to mitigate the effect of the incident on humans’ life, on the environment and our infrastructures, as well as the inherent financial consequences. Social network utilization in emergency event detection models can play an important role as information is shared and users’ status is updated once an emergency event occurs. Besides, big data proved its significance as a tool to assist and alleviate emergency events by processing an enormous amount of data over a short time interval. This paper shows that it is necessary to have an appropriate emergency event detection ensemble model (EEDEM) to respond quickly once such unfortunate events occur. Furthermore, it integrates Snapchat maps to propose a novel method to pinpoint the exact location of an emergency event. Moreover, merging social networks and big data can accelerate the emergency event detection system: social network data, such as those from Twitter and Snapchat, allow us to manage, monitor, analyze and detect emergency events. The main objective of this paper is to propose a novel and efficient big data-based EEDEM to pinpoint the exact location of emergency events by employing the collected data from social networks, such as “Twitter” and “Snapchat”, while integrating big data (BD) and machine learning (ML). Furthermore, this paper evaluates the performance of five ML base models and the proposed ensemble approach to detect emergency events. Results show that the proposed ensemble approach achieved a very high accuracy of 99.87% which outperform the other base models. Moreover, the proposed base models yields a high level of accuracy: 99.72%, 99.70% for LSTM and decision tree, respectively, with an acceptable training time.
Collapse
|
21
|
Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways. SENSORS 2022; 22:s22020432. [PMID: 35062393 PMCID: PMC8778231 DOI: 10.3390/s22020432] [Citation(s) in RCA: 12] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/03/2021] [Revised: 12/24/2021] [Accepted: 12/27/2021] [Indexed: 02/01/2023]
Abstract
Cyber security has become increasingly challenging due to the proliferation of the Internet of things (IoT), where a massive number of tiny, smart devices push trillion bytes of data to the Internet. However, these devices possess various security flaws resulting from the lack of defense mechanisms and hardware security support, therefore making them vulnerable to cyber attacks. In addition, IoT gateways provide very limited security features to detect such threats, especially the absence of intrusion detection methods powered by deep learning. Indeed, deep learning models require high computational power that exceeds the capacity of these gateways. In this paper, we introduce Realguard, an DNN-based network intrusion detection system (NIDS) directly operated on local gateways to protect IoT devices within the network. The superiority of our proposal is that it can accurately detect multiple cyber attacks in real time with a small computational footprint. This is achieved by a lightweight feature extraction mechanism and an efficient attack detection model powered by deep neural networks. Our evaluations on practical datasets indicate that Realguard could detect ten types of attacks (e.g., port scan, Botnet, and FTP-Patator) in real time with an average accuracy of 99.57%, whereas the best of our competitors is 98.85%. Furthermore, our proposal effectively operates on resource-constraint gateways (Raspberry PI) at a high packet processing rate reported about 10.600 packets per second.
Collapse
|
22
|
CSE-IDS: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems. Comput Secur 2022. [DOI: 10.1016/j.cose.2021.102499] [Citation(s) in RCA: 12] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/23/2022]
|
23
|
Alazzam H, Sharieh A, Sabri KE. A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer. APPL INTELL 2021. [DOI: 10.1007/s10489-021-02621-x] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/29/2022]
|
24
|
Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges. Soft comput 2021. [DOI: 10.1007/s00500-021-05893-0] [Citation(s) in RCA: 7] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/21/2022]
|