An effective intrusion detection approach using SVM with naïve Bayes feature embedding

A comparative study on urban waterlogging susceptibility assessment based on multiple data-driven models

Accurate identification of urban waterlogging areas and assessing waterlogging susceptibility are crucial for preventing and controlling hazards. Data-driven models are utilized to forecast waterlogging areas by establishing intricate relationships between explanatory variables and waterlogging states. This approach tackles the constraints of mechanistic models, which are frequently complex and unable to incorporate socio-economic factors. Previous research predominantly employed single-type data-driven models to predict waterlogging locations and evaluation of their effectiveness. There is a scarcity of comprehensive performance comparisons and uncertainty analyses of different types of models, as well as a lack of interpretability analysis. The chosen study area was the central area of Beijing, which is prone to waterlogging. Given the high manpower, time, and economic costs associated with collecting waterlogging information, the waterlogging point distribution map released by the Beijing Water Affairs Bureau was selected as labeled samples. Twelve factors affecting waterlogging susceptibility were chosen as explanatory variables to construct Random Forest (RF), Support Vector Machine with Radial Basis Function (SVM-RBF), Particle Swarm Optimization-Weakly Labeled Support Vector Machine (PSO-WELLSVM), and Maximum Entropy (MaxEnt). The utilization of diverse single evaluation indicators (such as F-score, Kappa, AUC, etc.) to assess the model performance may yield conflicting results. The Distance between Indices of Simulation and Observation (DISO) was chosen as a comprehensive measure to assess the model's performance in predicting waterlogging points. PSO-WELLSVM exhibited the highest performance with a DISOtest value of 0.63, outperforming MaxEnt (0.78), which excelled in identifying areas highly susceptible to waterlogging, including extremely high susceptibility zones. The SVM-RBF and RF models demonstrated suboptimal performance and exhibited overfitting. The examination of waterlogging susceptibility distribution maps predicted by the four models revealed significant spatial differences due to variations in computational principles and input parameter complexities. The integration of four WSAMs based on logistic regression has been shown to significantly decrease the uncertainty of a single data-driven model and identify the most flood-prone areas. To improve the interpretability of the data model, a geographical detector was incorporated to demonstrate the explanatory capacity of 12 variables and the process of waterlogging. Building Density (BD) exhibits the highest explanatory power in relation to explain waterlogging susceptibility (Q value = 0.202), followed by Distance to Road, Frequency of Heavy Rainstorms (FHR), DEM, etc. The interaction between BD and FHR results in a nonlinear increase in the explanatory power of waterlogging susceptibility. The presence of waterlogging susceptibility risk in the research area can be attributed to the interactions of multiple factors.

A novel atrial fibrillation automatic detection algorithm based on ensemble learning and multi-feature discrimination

Atrial fibrillation (AF) is a prevalent cardiac arrhythmia disorder that necessitates long-time electrocardiogram (ECG) data for clinical diagnosis, leading to low detection efficiency. Automatic detection of AF signals within short-time ECG recordings is challenging. To address these issues, this paper proposes a novel algorithm called Ensemble Learning and Multi-Feature Discrimination (ELMD) for the identification and detection of AF signals. Firstly, a robust classifier, BSK-Model, is constructed using ensemble learning. Subsequently, the ECG R-waves are detected, and the ECG signals are segmented into consecutive RR intervals. Time domain, frequency domain, and nonlinear features are extracted from these intervals. Finally, these features are fed into the BSK-Model to discriminate AF. The proposed methodology is evaluated using the MIT-BIH AF database. The results demonstrate that when RR intervals are employed as classification units, the specificity and accuracy of AF detection in long-time ECG data exceed 99%, showcasing a significant improvement over traditional single-model classification. Additionally, the sensitivity and accuracy achieved by testing cardiac segments are both above 96%. With a minimum requirement of only four cardiac segments, AF events can be accurately identified, thereby enabling rapid discrimination of short-time single-lead ECG AF events. Consequently, this approach is suitable for real-time and accurate AF detection using low-computational-power ECG diagnostic analysis devices, such as wearable devices.

A detailed study of resampling algorithms for cyberattack classification in engineering applications

The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it's crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one-vs-rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.

Emerging framework for attack detection in cyber-physical systems using heuristic-based optimization algorithm

In recent days, cyber-physical systems (CPS) have become a new wave generation of human life, exploiting various smart and intelligent uses of automotive systems. In these systems, information is shared through networks, and data is collected from multiple sensor devices. This network has sophisticated control, wireless communication, and high-speed computation. These features are commonly available in CPS, allowing multi-users to access and share information through the network via remote access. Therefore, protecting resources and sensitive information in the network is essential. Many research works have been developed for detecting insecure networks and attacks in the network. This article introduces a framework, namely Deep Bagging Convolutional Neural Network with Heuristic Multiswarm Ant Colony Optimization (DCNN-HMACO), designed to enhance the secure transmission of information, improve efficiency, and provide convenience in Cyber-Physical Systems (CPS). The proposed framework aims to detect attacks in CPS effectively. Compared to existing methods, the DCNN-HMACO framework significantly improves attack detection rates and enhances overall system protection. While the accuracy rates of CNN and FCM are reported as 72.12% and 79.56% respectively, our proposed framework achieves a remarkable accuracy rate of 92.14%.

Support vector data description with kernel density estimation (SVDD-KDE) control chart for network intrusion monitoring

Multivariate control charts have been applied in many sectors. One of the sectors that employ this method is network intrusion detection. However, the issue arises when the conventional control chart faces difficulty monitoring the network-traffic data that do not follow a normal distribution as required. Consequently, more false alarms will be found when inspecting network traffic data. To settle this problem, support vector data description (SVDD) is suggested. The control chart based on the SVDD distance can be applied for the non-normal distribution, even the unknown distributions. Kernel density estimation (KDE) is the nonparametric approach that can be applied in estimating the control limit of the non-parametric control charts. Based on these facts, a multivariate chart based on the integrated SVDD and KDE (SVDD-KDE) is proposed to monitor the network's anomaly. Simulation using the synthetic dataset is performed to examine the performance of the SVDD-KDE chart in detecting multivariate data shifts and outliers. Based on the simulation results, the proposed method produces better performance in detecting shifts and higher accuracy in detecting outliers. Further, the proposed method is applied in the intrusion detection system (IDS) to monitor network attacks. The NSL-KDD data is analyzed as the benchmark dataset. A comparison between the SVDD-KDE chart with the other IDS-based-control chart and the machine learning algorithms is executed. Although the it has high computational cost, the results show that the IDS based on the SVDD-KDE chart produces a high accuracy at 0.917 and AUC at 0.915 with a low false positive rate compared to several algorithms.

Optimization of predictive performance of intrusion detection system using hybrid ensemble model for secure systems

Network intrusion is one of the main threats to organizational networks and systems. Its timely detection is a profound challenge for the security of networks and systems. The situation is even more challenging for small and medium enterprises (SMEs) of developing countries where limited resources and investment in deploying foreign security controls and development of indigenous security solutions are big hurdles. A robust, yet cost-effective network intrusion detection system is required to secure traditional and Internet of Things (IoT) networks to confront such escalating security challenges in SMEs. In the present research, a novel hybrid ensemble model using random forest-recursive feature elimination (RF-RFE) method is proposed to increase the predictive performance of intrusion detection system (IDS). Compared to the deep learning paradigm, the proposed machine learning ensemble method could yield the state-of-the-art results with lower computational cost and less training time. The evaluation of the proposed ensemble machine leaning model shows 99%, 98.53% and 99.9% overall accuracy for NSL-KDD, UNSW-NB15 and CSE-CIC-IDS2018 datasets, respectively. The results show that the proposed ensemble method successfully optimizes the performance of intrusion detection systems. The outcome of the research is significant and contributes to the performance efficiency of intrusion detection systems and developing secure systems and applications.

Blockchain-enabled secure and efficient data sharing scheme for trust management in healthcare smartphone network

The Internet of Medical Things (IoMT) is an extended genre of the Internet of Things (IoT) where the Things collaborate to provide remote patient health monitoring, also known as the Internet of Health (IoH). Smartphones and IoMTs are expected to maintain secure and trusted confidential patient record exchange while managing the patient remotely. Healthcare organizations deploy Healthcare Smartphone Networks (HSN) for personal patient data collection and sharing among smartphone users and IoMT nodes. However, attackers gain access to confidential patient data via infected IoMT nodes on the HSN. Additionally, attackers can compromise the entire network via malicious nodes. This article proposes a Hyperledger blockchain-based technique to identify compromised IoMT nodes and safeguard sensitive patient records. Furthermore, the paper presents a Clustered Hierarchical Trust Management System (CHTMS) to block malicious nodes. In addition, the proposal employs Elliptic Curve Cryptography (ECC) to protect sensitive health records and is resilient against Denial-Of-Service (DOS) attacks. Finally, the evaluation results show that integrating blockchains into the HSN system improved detection performance compared to the existing state of the art. Therefore, the simulation results indicate better security and reliability when compared to conventional databases.

A Lightweight Intelligent Network Intrusion Detection System Using One-Class Autoencoder and Ensemble Learning for IoT

Network intrusion detection technology is key to cybersecurity regarding the Internet of Things (IoT). The traditional intrusion detection system targeting Binary or Multi-Classification can detect known attacks, but it is difficult to resist unknown attacks (such as zero-day attacks). Unknown attacks require security experts to confirm and retrain the model, but new models do not keep up to date. This paper proposes a Lightweight Intelligent NIDS using a One-Class Bidirectional GRU Autoencoder and Ensemble Learning. It can not only accurately identify normal and abnormal data, but also identify unknown attacks as the type most similar to known attacks. First, a One-Class Classification model based on a Bidirectional GRU Autoencoder is introduced. This model is trained with normal data, and has high prediction accuracy in the case of abnormal data and unknown attack data. Second, a multi-classification recognition method based on ensemble learning is proposed. It uses Soft Voting to evaluate the results of various base classifiers, and identify unknown attacks (novelty data) as the type most similar to known attacks, so that exception classification becomes more accurate. Experiments are conducted on WSN-DS, UNSW-NB15, and KDD CUP99 datasets, and the recognition rates of the proposed models in the three datasets are raised to 97.91%, 98.92%, and 98.23% respectively. The results verify the feasibility, efficiency, and portability of the algorithm proposed in the paper.

A Network Intrusion Detection Method Incorporating Bayesian Attack Graph and Incremental Learning Part

For the current stage of complex and changing network environments and correlated and synchronized vulnerability attacks, this study first fuses attack graph technology and Bayesian networks and constructs Bayesian attack graphs toportray the correlation relationships between vulnerabilities and discovering attackers’ intentions. Meanwhile, improving the Bayesian attack graph is difficult because it is difficult to achieve active updates and adapt to the changing network environment and other problems. The study proposed a detection method that integrated the Bayesian attack graph and the XGBoost incremental learning (IL) approach. Experiments showed that the IL model had an accuracy of 0.951, an accuracy of 0.999, a recall of 0.815, an F1 value of 0.898, and an Area Under Curve (AUC) value of 0.907. The prediction ability of this method was better than that of the base model. Bayesian attack graphs fused with IL can detect attacks in the network more efficiently and accurately, so the probability of each node in the network system being attacked can be updated in real time.

Meta-Heuristic Optimization Algorithm-Based Hierarchical Intrusion Detection System

Numerous network cyberattacks have been launched due to inherent weaknesses. Network intrusion detection is a crucial foundation of the cybersecurity field. Intrusion detection systems (IDSs) are a type of machine learning (ML) software proposed for making decisions without explicit programming and with little human intervention. Although ML-based IDS advancements have surpassed earlier methods, they still struggle to identify attack types with high detection rates (DR) and low false alarm rates (FAR). This paper proposes a meta-heuristic optimization algorithm-based hierarchical IDS to identify several types of attack and to secure the computing environment. The proposed approach comprises three stages: The first stage includes data preprocessing, feature selection, and the splitting of the dataset into multiple binary balanced datasets. In the second stage, two novel meta-heuristic optimization algorithms are introduced to optimize the hyperparameters of the extreme learning machine during the construction of multiple binary models to detect different attack types. These are combined in the last stage using an aggregated anomaly detection engine in a hierarchical structure on account of the model’s accuracy. We propose a software machine learning IDS that enables multi-class classification. It achieved scores of 98.93, 99.63, 99.19, 99.78, and 0.01, with 0.51 for average accuracy, DR, and FAR in the UNSW-NB15 and CICIDS2017 datasets, respectively.

Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method

Cloud computing facilitates the users with on-demand services over the Internet. The services are accessible from anywhere at any time. Despite the valuable services, the paradigm is, also, prone to security issues. A Distributed Denial of Service (DDoS) attack affects the availability of cloud services and causes security threats to cloud computing. Detection of DDoS attacks is necessary for the availability of services for legitimate users. The topic has been studied by many researchers, with better accuracy for different datasets. This article presents a method for DDoS attack detection in cloud computing. The primary objective of this article is to reduce misclassification error in DDoS detection. In the proposed work, we select the most relevant features, by applying two feature selection techniques, i.e., the Mutual Information (MI) and Random Forest Feature Importance (RFFI) methods. Random Forest (RF), Gradient Boosting (GB), Weighted Voting Ensemble (WVE), K Nearest Neighbor (KNN), and Logistic Regression (LR) are applied to selected features. The experimental results show that the accuracy of RF, GB, WVE, and KNN with 19 features is 0.99. To further study these methods, misclassifications of the methods are analyzed, which lead to more accurate measurements. Extensive experiments conclude that the RF performed well in DDoS attack detection and misclassified only one attack as normal. Comparative results are presented to validate the proposed method.

An Emergency Event Detection Ensemble Model Based on Big Data

Emergency events arise when a serious, unexpected, and often dangerous threat affects normal life. Hence, knowing what is occurring during and after emergency events is critical to mitigate the effect of the incident on humans’ life, on the environment and our infrastructures, as well as the inherent financial consequences. Social network utilization in emergency event detection models can play an important role as information is shared and users’ status is updated once an emergency event occurs. Besides, big data proved its significance as a tool to assist and alleviate emergency events by processing an enormous amount of data over a short time interval. This paper shows that it is necessary to have an appropriate emergency event detection ensemble model (EEDEM) to respond quickly once such unfortunate events occur. Furthermore, it integrates Snapchat maps to propose a novel method to pinpoint the exact location of an emergency event. Moreover, merging social networks and big data can accelerate the emergency event detection system: social network data, such as those from Twitter and Snapchat, allow us to manage, monitor, analyze and detect emergency events. The main objective of this paper is to propose a novel and efficient big data-based EEDEM to pinpoint the exact location of emergency events by employing the collected data from social networks, such as “Twitter” and “Snapchat”, while integrating big data (BD) and machine learning (ML). Furthermore, this paper evaluates the performance of five ML base models and the proposed ensemble approach to detect emergency events. Results show that the proposed ensemble approach achieved a very high accuracy of 99.87% which outperform the other base models. Moreover, the proposed base models yields a high level of accuracy: 99.72%, 99.70% for LSTM and decision tree, respectively, with an acceptable training time.

Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways

Cyber security has become increasingly challenging due to the proliferation of the Internet of things (IoT), where a massive number of tiny, smart devices push trillion bytes of data to the Internet. However, these devices possess various security flaws resulting from the lack of defense mechanisms and hardware security support, therefore making them vulnerable to cyber attacks. In addition, IoT gateways provide very limited security features to detect such threats, especially the absence of intrusion detection methods powered by deep learning. Indeed, deep learning models require high computational power that exceeds the capacity of these gateways. In this paper, we introduce Realguard, an DNN-based network intrusion detection system (NIDS) directly operated on local gateways to protect IoT devices within the network. The superiority of our proposal is that it can accurately detect multiple cyber attacks in real time with a small computational footprint. This is achieved by a lightweight feature extraction mechanism and an efficient attack detection model powered by deep neural networks. Our evaluations on practical datasets indicate that Realguard could detect ten types of attacks (e.g., port scan, Botnet, and FTP-Patator) in real time with an average accuracy of 99.57%, whereas the best of our competitors is 98.85%. Furthermore, our proposal effectively operates on resource-constraint gateways (Raspberry PI) at a high packet processing rate reported about 10.600 packets per second.