1
|
Strickland C, Zakar M, Saha C, Soltani Nejad S, Tasnim N, Lizotte DJ, Haque A. DRL-GAN: A Hybrid Approach for Binary and Multiclass Network Intrusion Detection. Sensors (Basel) 2024; 24:2746. [PMID: 38732852 PMCID: PMC11086058 DOI: 10.3390/s24092746] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 04/01/2024] [Revised: 04/19/2024] [Accepted: 04/23/2024] [Indexed: 05/13/2024]
Abstract
Our increasingly connected world continues to face an ever-growing number of network-based attacks. An Intrusion Detection System (IDS) is an essential security technology used for detecting these attacks. Although numerous Machine Learning-based IDSs have been proposed for the detection of malicious network traffic, the majority have difficulty properly detecting and classifying the more uncommon attack types. In this paper, we implement a novel hybrid technique using synthetic data produced by a Generative Adversarial Network (GAN) to use as input for training a Deep Reinforcement Learning (DRL) model. Our GAN model is trained on the NSL-KDD dataset, a publicly available collection of labeled network traffic data specifically designed to support the evaluation and benchmarking of IDSs. Ultimately, our findings demonstrate that training the DRL model on synthetic datasets generated by specific GAN models can result in better performance in correctly classifying minority classes over training on the true imbalanced dataset.
Collapse
Affiliation(s)
- Caroline Strickland
- Department of Computer Science, The University of Western Ontario, London, ON N6A 3K7, Canada; (M.Z.)
| | | | | | | | | | | | | |
Collapse
|
2
|
Dhiman P, Saini N, Gulzar Y, Turaev S, Kaur A, Nisa KU, Hamid Y. A Review and Comparative Analysis of Relevant Approaches of Zero Trust Network Model. Sensors (Basel) 2024; 24:1328. [PMID: 38400486 PMCID: PMC10892953 DOI: 10.3390/s24041328] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/17/2023] [Revised: 11/20/2023] [Accepted: 12/21/2023] [Indexed: 02/25/2024]
Abstract
The Zero Trust safety architecture emerged as an intriguing approach for overcoming the shortcomings of standard network security solutions. This extensive survey study provides a meticulous explanation of the underlying principles of Zero Trust, as well as an assessment of the many strategies and possibilities for effective implementation. The survey begins by examining the role of authentication and access control within Zero Trust Architectures, and subsequently investigates innovative authentication, as well as access control solutions across different scenarios. It more deeply explores traditional techniques for encryption, micro-segmentation, and security automation, emphasizing their importance in achieving a secure Zero Trust environment. Zero Trust Architecture is explained in brief, along with the Taxonomy of Zero Trust Network Features. This review article provides useful insights into the Zero Trust paradigm, its approaches, problems, and future research objectives for scholars, practitioners, and policymakers. This survey contributes to the growth and implementation of secure network architectures in critical infrastructures by developing a deeper knowledge of Zero Trust.
Collapse
Affiliation(s)
- Poonam Dhiman
- Government P.G. College, Idgah Road, Kabari Bazar, Ambala Cantt 133001, India
| | - Neha Saini
- Government College, Chhachhrauli, Yamuna Nagar 135103, India;
| | - Yonis Gulzar
- Department of Management Information Systems, College of Business Administration, King Faisal University, Al-Ahsa 31982, Saudi Arabia
| | - Sherzod Turaev
- Department of Computer Science & Software Engineering, College of Information Technology, United Arab Emirates University, Al Ain 15551, United Arab Emirates
| | - Amandeep Kaur
- Chitkara University Institute of Engineering and Technology, Chitkara University, Rajpura 140601, India
| | - Khair Ul Nisa
- College of Computer Science and Information Technology, University of Bisha, Al Nakhil, Bisha 67714, Saudi Arabia
| | - Yasir Hamid
- Information Security and Engineering Technology, AbuDhabi Polytechnic College, Abu Dhabi 111499, United Arab Emirates
| |
Collapse
|
3
|
Kang H, Liu G, Wang Q, Meng L, Liu J. Theory and Application of Zero Trust Security: A Brief Survey. Entropy (Basel) 2023; 25:1595. [PMID: 38136475 PMCID: PMC10742574 DOI: 10.3390/e25121595] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/18/2023] [Revised: 11/18/2023] [Accepted: 11/24/2023] [Indexed: 12/24/2023]
Abstract
As cross-border access becomes more frequent, traditional perimeter-based network security models can no longer cope with evolving security requirements. Zero trust is a novel paradigm for cybersecurity based on the core concept of "never trust, always verify". It attempts to protect against security risks related to internal threats by eliminating the demarcations between the internal and external network of traditional network perimeters. Nevertheless, research on the theory and application of zero trust is still in its infancy, and more extensive research is necessary to facilitate a deeper understanding of the paradigm in academia and the industry. In this paper, trust in cybersecurity is discussed, following which the origin, concepts, and principles related to zero trust are elaborated on. The characteristics, strengths, and weaknesses of the existing research are analysed in the context of zero trust achievements and their technical applications in Cloud and IoT environments. Finally, to support the development and application of zero trust in the future, the concept and its current challenges are analysed.
Collapse
Affiliation(s)
- Hongzhaoning Kang
- School of Computer Science and Technology, Xidian University, Xi’an 710071, China; (H.K.); (Q.W.); (L.M.)
| | - Gang Liu
- School of Computer Science and Technology, Xidian University, Xi’an 710071, China; (H.K.); (Q.W.); (L.M.)
| | - Quan Wang
- School of Computer Science and Technology, Xidian University, Xi’an 710071, China; (H.K.); (Q.W.); (L.M.)
| | - Lei Meng
- School of Computer Science and Technology, Xidian University, Xi’an 710071, China; (H.K.); (Q.W.); (L.M.)
| | - Jing Liu
- School of Computer Science and Engineering, Xi’an University of Technology, Xi’an 710048, China;
| |
Collapse
|
4
|
Cassottana B, Roomi MM, Mashima D, Sansavini G. Resilience analysis of cyber-physical systems: A review of models and methods. Risk Anal 2023; 43:2359-2379. [PMID: 36646448 DOI: 10.1111/risa.14089] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/17/2023]
Abstract
Cyber-physical systems (CPSs) are monitored and controlled by a computing and communicating core. This cyber layer enables better management of the controlled subsystem, but it also introduces threats to the security and protection of CPSs, as demonstrated by recent cyberattacks. The resulting governance and policy emphasis on cybersecurity is reflected in the academia by a vast body of literature. In this article, we systematize existing knowledge on CPS analysis. Specifically, we focus on the quantitative assessment of CPSs before and after the occurrence of a disruption. Through the systematic analysis of the models and methods adopted in the literature, we develop a CPS resilience assessment framework consisting of three steps, namely, (1) CPS description, (2) disruption scenario identification, and (3) resilience strategy selection. For each step of the framework, we suggest established methods for CPS analysis and suggest four criteria for method selection. The framework proposes a standardized workflow to assess the resilience of CPSs before and after the occurrence of a disruption. The application of the proposed framework is exemplified with reference to a power substation and associated communication network.The case study shows that the proposed framework supports resilience decision making by quantifying the effects of the implementation of resilience strategies.
Collapse
Affiliation(s)
| | | | | | - Giovanni Sansavini
- Reliability and Risk Engineering Laboratory, ETH Zürich, Zürich, Switzerland
| |
Collapse
|
5
|
Ramzan M, Shoaib M, Altaf A, Arshad S, Iqbal F, Castilla ÁK, Ashraf I. Distributed Denial of Service Attack Detection in Network Traffic Using Deep Learning Algorithm. Sensors (Basel) 2023; 23:8642. [PMID: 37896735 PMCID: PMC10611275 DOI: 10.3390/s23208642] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/13/2023] [Revised: 10/09/2023] [Accepted: 10/19/2023] [Indexed: 10/29/2023]
Abstract
Internet security is a major concern these days due to the increasing demand for information technology (IT)-based platforms and cloud computing. With its expansion, the Internet has been facing various types of attacks. Viruses, denial of service (DoS) attacks, distributed DoS (DDoS) attacks, code injection attacks, and spoofing are the most common types of attacks in the modern era. Due to the expansion of IT, the volume and severity of network attacks have been increasing lately. DoS and DDoS are the most frequently reported network traffic attacks. Traditional solutions such as intrusion detection systems and firewalls cannot detect complex DDoS and DoS attacks. With the integration of artificial intelligence-based machine learning and deep learning methods, several novel approaches have been presented for DoS and DDoS detection. In particular, deep learning models have played a crucial role in detecting DDoS attacks due to their exceptional performance. This study adopts deep learning models including recurrent neural network (RNN), long short-term memory (LSTM), and gradient recurrent unit (GRU) to detect DDoS attacks on the most recent dataset, CICDDoS2019, and a comparative analysis is conducted with the CICIDS2017 dataset. The comparative analysis contributes to the development of a competent and accurate method for detecting DDoS attacks with reduced execution time and complexity. The experimental results demonstrate that models perform equally well on the CICDDoS2019 dataset with an accuracy score of 0.99, but there is a difference in execution time, with GRU showing less execution time than those of RNN and LSTM.
Collapse
Affiliation(s)
- Mahrukh Ramzan
- Department of Computer Science, University of Engineering & Technology (UET), Lahore 54890, Pakistan; (M.R.); (M.S.); shazia. (S.A.); (F.I.)
| | - Muhammad Shoaib
- Department of Computer Science, University of Engineering & Technology (UET), Lahore 54890, Pakistan; (M.R.); (M.S.); shazia. (S.A.); (F.I.)
| | - Ayesha Altaf
- Department of Computer Science, University of Engineering & Technology (UET), Lahore 54890, Pakistan; (M.R.); (M.S.); shazia. (S.A.); (F.I.)
| | - Shazia Arshad
- Department of Computer Science, University of Engineering & Technology (UET), Lahore 54890, Pakistan; (M.R.); (M.S.); shazia. (S.A.); (F.I.)
| | - Faiza Iqbal
- Department of Computer Science, University of Engineering & Technology (UET), Lahore 54890, Pakistan; (M.R.); (M.S.); shazia. (S.A.); (F.I.)
| | - Ángel Kuc Castilla
- Universidad Europea del Atlántico, Isabel Torres 21, 39011 Santander, Spain;
- Universidad Internacional Iberoamericana, Campeche 24560, Mexico
- Universidad Internacional Iberoamericana, Arecibo, PR 00613, USA
| | - Imran Ashraf
- Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Republic of Korea
| |
Collapse
|
6
|
Alrayes FS, Zakariah M, Driss M, Boulila W. Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis. Sensors (Basel) 2023; 23:8362. [PMID: 37896456 PMCID: PMC10610875 DOI: 10.3390/s23208362] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/31/2023] [Revised: 10/02/2023] [Accepted: 10/06/2023] [Indexed: 10/29/2023]
Abstract
Intrusion detection systems, also known as IDSs, are widely regarded as one of the most essential components of an organization's network security. This is because IDSs serve as the organization's first line of defense against several cyberattacks and are accountable for accurately detecting any possible network intrusions. Several implementations of IDSs accomplish the detection of potential threats throughout flow-based network traffic analysis. Traditional IDSs frequently struggle to provide accurate real-time intrusion detection while keeping up with the changing landscape of threat. Innovative methods used to improve IDSs' performance in network traffic analysis are urgently needed to overcome these drawbacks. In this study, we introduced a model called a deep neural decision forest (DNDF), which allows the enhancement of classification trees with the power of deep networks to learn data representations. We essentially utilized the CICIDS 2017 dataset for network traffic analysis and extended our experiments to evaluate the DNDF model's performance on two additional datasets: CICIDS 2018 and a custom network traffic dataset. Our findings showed that DNDF, a combination of deep neural networks and decision forests, outperformed reference approaches with a remarkable precision of 99.96% by using the CICIDS 2017 dataset while creating latent representations in deep layers. This success can be attributed to improved feature representation, model optimization, and resilience to noisy and unbalanced input data, emphasizing DNDF's capabilities in intrusion detection and network security solutions.
Collapse
Affiliation(s)
- Fatma S. Alrayes
- Information Systems Department, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh 11671, Saudi Arabia;
| | - Mohammed Zakariah
- College of Computer and Information Sciences, King Saud University, Riyadh 11362, Saudi Arabia;
| | - Maha Driss
- Robotics and Internet-of-Things Laboratory, Prince Sultan University, Riyadh 12435, Saudi Arabia;
- RIADI Laboratory, National School of Computer Sciences, University of Manouba, Manouba 2010, Tunisia
| | - Wadii Boulila
- Robotics and Internet-of-Things Laboratory, Prince Sultan University, Riyadh 12435, Saudi Arabia;
- RIADI Laboratory, National School of Computer Sciences, University of Manouba, Manouba 2010, Tunisia
| |
Collapse
|
7
|
Mahalingam A, Perumal G, Subburayalu G, Albathan M, Altameem A, Almakki RS, Hussain A, Abbas Q. ROAST-IoT: A Novel Range-Optimized Attention Convolutional Scattered Technique for Intrusion Detection in IoT Networks. Sensors (Basel) 2023; 23:8044. [PMID: 37836874 PMCID: PMC10575244 DOI: 10.3390/s23198044] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/04/2023] [Revised: 09/17/2023] [Accepted: 09/22/2023] [Indexed: 10/15/2023]
Abstract
The Internet of Things (IoT) has significantly benefited several businesses, but because of the volume and complexity of IoT systems, there are also new security issues. Intrusion detection systems (IDSs) guarantee both the security posture and defense against intrusions of IoT devices. IoT systems have recently utilized machine learning (ML) techniques widely for IDSs. The primary deficiencies in existing IoT security frameworks are their inadequate intrusion detection capabilities, significant latency, and prolonged processing time, leading to undesirable delays. To address these issues, this work proposes a novel range-optimized attention convolutional scattered technique (ROAST-IoT) to protect IoT networks from modern threats and intrusions. This system uses the scattered range feature selection (SRFS) model to choose the most crucial and trustworthy properties from the supplied intrusion data. After that, the attention-based convolutional feed-forward network (ACFN) technique is used to recognize the intrusion class. In addition, the loss function is estimated using the modified dingo optimization (MDO) algorithm to ensure the maximum accuracy of classifier. To evaluate and compare the performance of the proposed ROAST-IoT system, we have utilized popular intrusion datasets such as ToN-IoT, IoT-23, UNSW-NB 15, and Edge-IIoT. The analysis of the results shows that the proposed ROAST technique did better than all existing cutting-edge intrusion detection systems, with an accuracy of 99.15% on the IoT-23 dataset, 99.78% on the ToN-IoT dataset, 99.88% on the UNSW-NB 15 dataset, and 99.45% on the Edge-IIoT dataset. On average, the ROAST-IoT system achieved a high AUC-ROC of 0.998, demonstrating its capacity to distinguish between legitimate data and attack traffic. These results indicate that the ROAST-IoT algorithm effectively and reliably detects intrusion attacks mechanism against cyberattacks on IoT systems.
Collapse
Affiliation(s)
- Anandaraj Mahalingam
- Department of Information Technology, PSNA College of Engineering and Technology, Dindigul 624622, Tamil Nadu, India
| | - Ganeshkumar Perumal
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Gopalakrishnan Subburayalu
- Department of Information Technology, Hindustan Institute of Technology and Science, Chennai 603103, Tamil Nadu, India
| | - Mubarak Albathan
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Abdullah Altameem
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Riyad Saleh Almakki
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| | - Ayyaz Hussain
- Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan;
| | - Qaisar Abbas
- College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh 11432, Saudi Arabia (M.A.); (A.A.); (R.S.A.)
| |
Collapse
|
8
|
Abu Bakar R, Kijsirikul B. Enhancing Network Visibility and Security with Advanced Port Scanning Techniques. Sensors (Basel) 2023; 23:7541. [PMID: 37687997 PMCID: PMC10490701 DOI: 10.3390/s23177541] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/13/2023] [Revised: 08/17/2023] [Accepted: 08/27/2023] [Indexed: 09/10/2023]
Abstract
Network security is paramount in today's digital landscape, where cyberthreats continue to evolve and pose significant risks. We propose a DPDK-based scanner based on a study on advanced port scanning techniques to improve network visibility and security. The traditional port scanning methods suffer from speed, accuracy, and efficiency limitations, hindering effective threat detection and mitigation. In this paper, we develop and implement advanced techniques such as protocol-specific probes and evasive scan techniques to enhance the visibility and security of networks. We also evaluate network scanning performance and scalability using programmable hardware, including smart NICs and DPDK-based frameworks, along with in-network processing, data parallelization, and hardware acceleration. Additionally, we leverage application-level protocol parsing to accelerate network discovery and mapping, analyzing protocol-specific information. In our experimental evaluation, our proposed DPDK-based scanner demonstrated a significant improvement in target scanning speed, achieving a 2× speedup compared to other scanners in a target scanning environment. Furthermore, our scanner achieved a high accuracy rate of 99.5% in identifying open ports. Notably, our solution also exhibited a lower CPU and memory utilization, with an approximately 40% reduction compared to alternative scanners. These results highlight the effectiveness and efficiency of our proposed scanning techniques in enhancing network visibility and security. The outcomes of this research contribute to the field by providing insights and innovations to improve network security, identify vulnerabilities, and optimize network performance.
Collapse
Affiliation(s)
- Rana Abu Bakar
- Department of Computer Engineering, Faculty of Engineering, Chulalongkorn University, Pathumwan, Bangkok 10330, Thailand
- CNIT, 56124 Pisa, Italy
| | - Boonserm Kijsirikul
- Department of Computer Engineering, Faculty of Engineering, Chulalongkorn University, Pathumwan, Bangkok 10330, Thailand
| |
Collapse
|
9
|
Yang J, Jiang X, Liang G, Li S, Ma Z. Malicious Traffic Identification with Self-Supervised Contrastive Learning. Sensors (Basel) 2023; 23:7215. [PMID: 37631752 PMCID: PMC10459182 DOI: 10.3390/s23167215] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/16/2023] [Revised: 08/04/2023] [Accepted: 08/10/2023] [Indexed: 08/27/2023]
Abstract
As the demand for Internet access increases, malicious traffic on the Internet has soared also. In view of the fact that the existing malicious-traffic-identification methods suffer from low accuracy, this paper proposes a malicious-traffic-identification method based on contrastive learning. The proposed method is able to overcome the shortcomings of traditional methods that rely on labeled samples and is able to learn data feature representations carrying semantic information from unlabeled data, thus improving the model accuracy. In this paper, a new malicious traffic feature extraction model based on a Transformer is proposed. Employing a self-attention mechanism, the proposed feature extraction model can extract the bytes features of malicious traffic by performing calculations on the malicious traffic, thereby realizing the efficient identification of malicious traffic. In addition, a bidirectional GLSTM is introduced to extract the timing features of malicious traffic. The experimental results show that the proposed method is superior to the latest published methods in terms of accuracy and F1 score.
Collapse
Affiliation(s)
- Jin Yang
- School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China; (J.Y.); (G.L.); (S.L.); (Z.M.)
- School of Information Science and Technology, Tibet University, Lhasa 850013, China
| | - Xinyun Jiang
- School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China; (J.Y.); (G.L.); (S.L.); (Z.M.)
| | - Gang Liang
- School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China; (J.Y.); (G.L.); (S.L.); (Z.M.)
| | - Siyu Li
- School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China; (J.Y.); (G.L.); (S.L.); (Z.M.)
| | - Zicheng Ma
- School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China; (J.Y.); (G.L.); (S.L.); (Z.M.)
| |
Collapse
|
10
|
Guo Y, Wang Y, Khan F, Al-Atawi AA, Abdulwahid AA, Lee Y, Marapelli B. Traffic Management in IoT Backbone Networks Using GNN and MAB with SDN Orchestration. Sensors (Basel) 2023; 23:7091. [PMID: 37631627 PMCID: PMC10458845 DOI: 10.3390/s23167091] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/13/2023] [Revised: 08/05/2023] [Accepted: 08/08/2023] [Indexed: 08/27/2023]
Abstract
Traffic management is a critical task in software-defined IoT networks (SDN-IoTs) to efficiently manage network resources and ensure Quality of Service (QoS) for end-users. However, traditional traffic management approaches based on queuing theory or static policies may not be effective due to the dynamic and unpredictable nature of network traffic. In this paper, we propose a novel approach that leverages Graph Neural Networks (GNNs) and multi-arm bandit algorithms to dynamically optimize traffic management policies based on real-time network traffic patterns. Specifically, our approach uses a GNN model to learn and predict network traffic patterns and a multi-arm bandit algorithm to optimize traffic management policies based on these predictions. We evaluate the proposed approach on three different datasets, including a simulated corporate network (KDD Cup 1999), a collection of network traffic traces (CAIDA), and a simulated network environment with both normal and malicious traffic (NSL-KDD). The results demonstrate that our approach outperforms other state-of-the-art traffic management methods, achieving higher throughput, lower packet loss, and lower delay, while effectively detecting anomalous traffic patterns. The proposed approach offers a promising solution to traffic management in SDNs, enabling efficient resource management and QoS assurance.
Collapse
Affiliation(s)
- Yanmin Guo
- Shandong Research Institute of Industrial Technology, Jinan 250061, China; (Y.G.); (Y.W.)
| | - Yu Wang
- Shandong Research Institute of Industrial Technology, Jinan 250061, China; (Y.G.); (Y.W.)
| | - Faheem Khan
- Department of Computer Engineering, Gachon University, Seongnam-si 13120, Republic of Korea
| | - Abdullah A. Al-Atawi
- Department of Computer Science, Applied College, University of Tabuk, Tabuk 47512, Saudi Arabia;
| | - Abdulwahid Al Abdulwahid
- Department of Computer and Information Technology, Jubail Industrial College, Royal Commission for Jubail and Yanbu, Jubail Industrial City 31961, Saudi Arabia;
| | - Youngmoon Lee
- Department of Robotics, Hanyang University, Ansan 15588, Republic of Korea
| | - Bhaskar Marapelli
- Department of Computer Science and Information Technology, KL Deemed to be University (KLEF), Vijayawada 522502, AP, India;
| |
Collapse
|
11
|
Du X, Ding X, Tao F. Network Security Situation Prediction Based on Optimized Clock-Cycle Recurrent Neural Network for Sensor-Enabled Networks. Sensors (Basel) 2023; 23:6087. [PMID: 37447936 DOI: 10.3390/s23136087] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/06/2023] [Revised: 06/28/2023] [Accepted: 06/28/2023] [Indexed: 07/15/2023]
Abstract
We propose an optimized Clockwork Recurrent Neural Network (CW-RNN) based approach to address temporal dynamics and nonlinearity in network security situations, improving prediction accuracy and real-time performance. By leveraging the clock-cycle RNN, we enable the model to capture both short-term and long-term temporal features of network security situations. Additionally, we utilize the Grey Wolf Optimization (GWO) algorithm to optimize the hyperparameters of the network, thus constructing an enhanced network security situation prediction model. The introduction of a clock-cycle for hidden units allows the model to learn short-term information from high-frequency update modules while retaining long-term memory from low-frequency update modules, thereby enhancing the model's ability to capture data patterns. Experimental results demonstrate that the optimized clock-cycle RNN outperforms other network models in extracting the temporal and nonlinear features of network security situations, leading to improved prediction accuracy. Furthermore, our approach has low time complexity and excellent real-time performance, ideal for monitoring large-scale network traffic in sensor networks.
Collapse
Affiliation(s)
- Xiuli Du
- Communication and Network Laboratory, Dalian University, Dalian 116622, China
| | - Xiaohui Ding
- Communication and Network Laboratory, Dalian University, Dalian 116622, China
| | - Fan Tao
- Communication and Network Laboratory, Dalian University, Dalian 116622, China
| |
Collapse
|
12
|
Paracha MA, Sadiq M, Liang J, Durad MH, Sheeraz M. Multi-Layered Filtration Framework for Efficient Detection of Network Attacks Using Machine Learning. Sensors (Basel) 2023; 23:5829. [PMID: 37447678 DOI: 10.3390/s23135829] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/10/2023] [Revised: 06/12/2023] [Accepted: 06/13/2023] [Indexed: 07/15/2023]
Abstract
The advancements and reliance on digital data necessitates dependence on information technology. The growing amount of digital data and their availability over the Internet have given rise to the problem of information security. With the increase in connectivity among devices and networks, maintaining the information security of an asset has now become essential for an organization. Intrusion detection systems (IDS) are widely used in networks for protection against different network attacks. Several machine-learning-based techniques have been used among researchers for the implementation of anomaly-based IDS (AIDS). In the past, the focus primarily remained on the improvement of the accuracy of the system. Efficiency with respect to time is an important aspect of an IDS, which most of the research has thus far somewhat overlooked. For this purpose, we propose a multi-layered filtration framework (MLFF) for feature reduction using a statistical approach. The proposed framework helps reduce the detection time without affecting the accuracy. We use the CIC-IDS2017 dataset for experiments. The proposed framework contains three filters and is connected in sequential order. The accuracy, precision, recall and F1 score are calculated against the selected machine learning models. In addition, the training time and the detection time are also calculated because these parameters are considered important in measuring the performance of a detection system. Generally, decision tree models, random forest methods, and artificial neural networks show better results in the detection of network attacks with minimum detection time.
Collapse
Affiliation(s)
- Muhammad Arsalan Paracha
- Critical Infrastructure Protection and Malware Analysis Lab, Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences, Islamabad 44000, Pakistan
| | - Muhammad Sadiq
- Shenzhen Institute of Information Technology, Shenzhen 518109, China
| | - Junwei Liang
- Shenzhen Institute of Information Technology, Shenzhen 518109, China
| | - Muhammad Hanif Durad
- Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences, Islamabad 44000, Pakistan
| | - Muhammad Sheeraz
- Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences, Islamabad 44000, Pakistan
| |
Collapse
|
13
|
Sharma RK, Issac B, Xin Q, Gadekallu TR, Nath K. Plant and Salamander Inspired Network Attack Detection and Data Recovery Model. Sensors (Basel) 2023; 23:5562. [PMID: 37420729 DOI: 10.3390/s23125562] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/15/2023] [Revised: 04/24/2023] [Accepted: 06/01/2023] [Indexed: 07/09/2023]
Abstract
The number of users of the Internet has been continuously rising, with an estimated 5.1 billion users in 2023, which comprises around 64.7% of the total world population. This indicates the rise of more connected devices to the network. On average, 30,000 websites are hacked daily, and nearly 64% of companies worldwide experience at least one type of cyberattack. As per IDC's 2022 Ransomware study, two-thirds of global organizations were hit by a ransomware attack that year. This creates the desire for a more robust and evolutionary attack detection and recovery model. One aspect of the study is the bio-inspiration models. This is because of the natural ability of living organisms to withstand various odd circumstances and overcome them with an optimization strategy. In contrast to the limitations of machine learning models with the need for quality datasets and computational availability, bio-inspired models can perform in low computational environments, and their performances are designed to evolve naturally with time. This study concentrates on exploring the evolutionary defence mechanism in plants and understanding how plants react to any known external attacks and how the response mechanism changes to unknown attacks. This study also explores how regenerative models, such as salamander limb regeneration, could build a network recovery system where services could be automatically activated after a network attack, and data could be recovered automatically by the network after a ransomware-like attack. The performance of the proposed model is compared to open-source IDS Snort and data recovery systems such as Burp and Casandra.
Collapse
Affiliation(s)
- Rupam Kumar Sharma
- Department of Computer Science and Engineering, Rajiv Gandhi University, Itanagar 791112, India
| | - Biju Issac
- Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne NE1 8ST, UK
| | - Qin Xin
- Faculty of Science and Technology, University of the Faroe Islands, Vestara Bryggja 15, FO-100 Tórshavn, Faroe Islands
| | - Thippa Reddy Gadekallu
- School of Information Technology and Engineering, Vellore Institute of Technology & Engineering, Vellore 632014, India
- Department of Electrical and Computer Engineering, Lebanese American University, Byblos P.O. Box 36, Lebanon
- Zhongda Group, Haiyan County, Jiaxing 314312, China
- College of Information Science and Engineering, Jiaxing University, Jiaxing 314001, China
- Division of Research and Development, Lovely Professional University, Phagwara 144401, India
| | - Keshab Nath
- Department of Computer Science and Engineering, Indian Institute of Information Technology, Kottayam 686635, India
| |
Collapse
|
14
|
Farooq H, Altaf A, Iqbal F, Galán JC, Aray DG, Ashraf I. DrunkChain: Blockchain-Based IoT System for Preventing Drunk Driving-Related Traffic Accidents. Sensors (Basel) 2023; 23:5388. [PMID: 37420557 DOI: 10.3390/s23125388] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/10/2023] [Revised: 06/01/2023] [Accepted: 06/05/2023] [Indexed: 07/09/2023]
Abstract
Traffic accidents present significant risks to human life, leading to a high number of fatalities and injuries. According to the World Health Organization's 2022 worldwide status report on road safety, there were 27,582 deaths linked to traffic-related events, including 4448 fatalities at the collision scenes. Drunk driving is one of the leading causes contributing to the rising count of deadly accidents. Current methods to assess driver alcohol consumption are vulnerable to network risks, such as data corruption, identity theft, and man-in-the-middle attacks. In addition, these systems are subject to security restrictions that have been largely overlooked in earlier research focused on driver information. This study intends to develop a platform that combines the Internet of Things (IoT) with blockchain technology in order to address these concerns and improve the security of user data. In this work, we present a device- and blockchain-based dashboard solution for a centralized police monitoring account. The equipment is responsible for determining the driver's impairment level by monitoring the driver's blood alcohol concentration (BAC) and the stability of the vehicle. At predetermined times, integrated blockchain transactions are executed, transmitting data straight to the central police account. This eliminates the need for a central server, ensuring the immutability of data and the existence of blockchain transactions that are independent of any central authority. Our system delivers scalability, compatibility, and faster execution times by adopting this approach. Through comparative research, we have identified a significant increase in the need for security measures in relevant scenarios, highlighting the importance of our suggested model.
Collapse
Affiliation(s)
- Hamza Farooq
- Department of Computer Science, University of Engineering & Technology, (UET), Lahore 54890, Pakistan
| | - Ayesha Altaf
- Department of Computer Science, University of Engineering & Technology, (UET), Lahore 54890, Pakistan
| | - Faiza Iqbal
- Department of Computer Science, University of Engineering & Technology, (UET), Lahore 54890, Pakistan
| | - Juan Castanedo Galán
- Higher Polytechnic School, Universidad Europea del Atlántico, Isabel Torres 21, 39011 Santander, Spain
- Department of Projects, Universidade Internacional do Cuanza, Cuito EN250, Bié, Angola
- Research Group on Foods, Nutritional Biochemistry and Health, Fundación Universitaria Internacional de Colombia, Bogotá 111311, Colombia
| | - Daniel Gavilanes Aray
- Higher Polytechnic School, Universidad Europea del Atlántico, Isabel Torres 21, 39011 Santander, Spain
- Universidad Internacional Iberoamericana Campeche, Campeche 24560, Mexico
- Universidad Internacional Iberoamericana Arecibo, Puerto Rico, PR 00613, USA
| | - Imran Ashraf
- Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Republic of Korea
| |
Collapse
|
15
|
Xing L, Wang K, Wu H, Ma H, Zhang X. Intrusion Detection Method for Internet of Vehicles Based on Parallel Analysis of Spatio-Temporal Features. Sensors (Basel) 2023; 23:s23094399. [PMID: 37177603 PMCID: PMC10181641 DOI: 10.3390/s23094399] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 04/06/2023] [Revised: 04/26/2023] [Accepted: 04/26/2023] [Indexed: 05/15/2023]
Abstract
The problems with network security that the Internet of Vehicles (IoV) faces are becoming more noticeable as it continues to evolve. Deep learning-based intrusion detection techniques can assist the IoV in preventing network threats. However, previous methods usually employ a single deep learning model to extract temporal or spatial features, or extract spatial features first and then temporal features in a serial manner. These methods usually have the problem of insufficient extraction of spatio-temporal features of the IoV, which affects the performance of intrusion detection and leads to a high false-positive rate. To solve the above problems, this paper proposes an intrusion detection method for IoV based on parallel analysis of spatio-temporal features (PA-STF). First, we built an optimal subset of features based on feature correlations of IoV traffic. Then, we used the temporal convolutional network (TCN) and long short-term memory (LSTM) to extract spatio-temporal features in the IoV traffic in a parallel manner. Finally, we fused the spatio-temporal features extracted in parallel based on the self-attention mechanism and used a multilayer perceptron to detect attacks in the Internet of Vehicles. The experimental results show that the PA-STF method reduces the false-positive rate by 1.95% and 1.57% on the NSL-KDD and UNSW-NB15 datasets, respectively, with the accuracy and F1 score also being superior.
Collapse
Affiliation(s)
- Ling Xing
- School of Information Engineering, Henan University of Science and Technology, Luoyang 471000, China
| | - Kun Wang
- School of Information Engineering, Henan University of Science and Technology, Luoyang 471000, China
| | - Honghai Wu
- School of Information Engineering, Henan University of Science and Technology, Luoyang 471000, China
| | - Huahong Ma
- School of Information Engineering, Henan University of Science and Technology, Luoyang 471000, China
| | - Xiaohui Zhang
- School of Information Engineering, Henan University of Science and Technology, Luoyang 471000, China
| |
Collapse
|
16
|
Tariq U, Ahmed I, Bashir AK, Shaukat K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors (Basel) 2023; 23:4117. [PMID: 37112457 PMCID: PMC10142206 DOI: 10.3390/s23084117] [Citation(s) in RCA: 3] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 02/28/2023] [Revised: 04/04/2023] [Accepted: 04/14/2023] [Indexed: 06/19/2023]
Abstract
The emergence of the Internet of Things (IoT) technology has brought about tremendous possibilities, but at the same time, it has opened up new vulnerabilities and attack vectors that could compromise the confidentiality, integrity, and availability of connected systems. Developing a secure IoT ecosystem is a daunting challenge that requires a systematic and holistic approach to identify and mitigate potential security threats. Cybersecurity research considerations play a critical role in this regard, as they provide the foundation for designing and implementing security measures that can address emerging risks. To achieve a secure IoT ecosystem, scientists and engineers must first define rigorous security specifications that serve as the foundation for developing secure devices, chipsets, and networks. Developing such specifications requires an interdisciplinary approach that involves multiple stakeholders, including cybersecurity experts, network architects, system designers, and domain experts. The primary challenge in IoT security is ensuring the system can defend against both known and unknown attacks. To date, the IoT research community has identified several key security concerns related to the architecture of IoT systems. These concerns include issues related to connectivity, communication, and management protocols. This research paper provides an all-inclusive and lucid review of the current state of anomalies and security concepts related to the IoT. We classify and analyze prevalent security distresses regarding IoT's layered architecture, including connectivity, communication, and management protocols. We establish the foundation of IoT security by examining the current attacks, threats, and cutting-edge solutions. Furthermore, we set security goals that will serve as the benchmark for assessing whether a solution satisfies the specific IoT use cases.
Collapse
Affiliation(s)
- Usman Tariq
- Management Information System Department, College of Business Administration, Prince Sattam Bin Abdulaziz University, Al-Kharj 16278, Saudi Arabia
| | - Irfan Ahmed
- Department of Computer Science, College of Engineering, Virginia Commonwealth University, Richmond, VA 23284, USA;
| | - Ali Kashif Bashir
- Department of Computing and Mathematics, Manchester Metropolitan University, Manchester M156BH, UK;
| | - Kamran Shaukat
- School of Information and Physical Sciences, The University of Newcastle, Newcastle 2308, Australia;
| |
Collapse
|
17
|
Malone M, Walton R. Comparing Canada’s proposed Critical Cyber Systems Protection Act with cybersecurity legal requirements in the EU. Int Cybersecur Law Rev 2023; 4:165-196. [PMID: 37153843 PMCID: PMC9975875 DOI: 10.1365/s43439-023-00082-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 12/29/2022] [Accepted: 01/23/2023] [Indexed: 03/05/2023]
Abstract
This article examines the Canadian federal government’s proposed Critical Cyber Systems Protection Act (CCSPA), compares it with existing and proposed cybersecurity legal requirements in the European Union (EU), and sets out recommendations to address shortcomings of the proposed Canadian legislation. One of the cornerstone components of Bill C‑26, the CCSPA seeks to regulate critical cyber systems in federally regulated private sectors. It represents a significant overhaul of Canadian cybersecurity regulation. However, the current proposed legislation exhibits many flaws, including a commitment to, and entrenchment of, a patchwork approach to regulation that focuses on formal registration; a lack of oversight of its confidentiality provisions; a weak penalty scheme that focuses solely on compliance, not deterrence; and diluted conduct, reporting, and mitigation obligations. To repair these flaws, this article reviews the provisions of the proposed law and compares them with the EU’s Directive Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union, the first EU-wide cybersecurity legislation, as well as its proposed successor, the NIS2 Directive. Where relevant, various other cybersecurity regulations in peer states are discussed. Specific recommendations are put forward.
Collapse
Affiliation(s)
- Matt Malone
- grid.265014.40000 0000 9945 2031Faculty of Law, Thompson Rivers University, Kamloops, British Columbia Canada
| | | |
Collapse
|
18
|
D’hooge L, Verkerken M, Wauters T, De Turck F, Volckaert B. Investigating Generalized Performance of Data-Constrained Supervised Machine Learning Models on Novel, Related Samples in Intrusion Detection. Sensors (Basel) 2023; 23:1846. [PMID: 36850444 PMCID: PMC9960990 DOI: 10.3390/s23041846] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 12/17/2022] [Revised: 02/02/2023] [Accepted: 02/03/2023] [Indexed: 06/18/2023]
Abstract
Recently proposed methods in intrusion detection are iterating on machine learning methods as a potential solution. These novel methods are validated on one or more datasets from a sparse collection of academic intrusion detection datasets. Their recognition as improvements to the state-of-the-art is largely dependent on whether they can demonstrate a reliable increase in classification metrics compared to similar works validated on the same datasets. Whether these increases are meaningful outside of the training/testing datasets is rarely asked and never investigated. This work aims to demonstrate that strong general performance does not typically follow from strong classification on the current intrusion detection datasets. Binary classification models from a range of algorithmic families are trained on the attack classes of CSE-CIC-IDS2018, a state-of-the-art intrusion detection dataset. After establishing baselines for each class at various points of data access, the same trained models are tasked with classifying samples from the corresponding attack classes in CIC-IDS2017, CIC-DoS2017 and CIC-DDoS2019. Contrary to what the baseline results would suggest, the models have rarely learned a generally applicable representation of their attack class. Stability and predictability of generalized model performance are central issues for all methods on all attack classes. Focusing only on the three best-in-class models in terms of interdataset generalization, reveals that for network-centric attack classes (brute force, denial of service and distributed denial of service), general representations can be learned with flat losses in classification performance (precision and recall) below 5%. Other attack classes vary in generalized performance from stark losses in recall (-35%) with intact precision (98+%) for botnets to total degradation of precision and moderate recall loss for Web attack and infiltration models. The core conclusion of this article is a warning to researchers in the field. Expecting results of proposed methods on the test sets of state-of-the-art intrusion detection datasets to translate to generalized performance is likely a serious overestimation. Four proposals to reduce this overestimation are set out as future work directions.
Collapse
|
19
|
Fang Z, Xu Z. Network Delay and Cache Overflow: A Parameter Estimation Method for Time Window Based Hopping Network. Entropy (Basel) 2023; 25:116. [PMID: 36673257 PMCID: PMC9858253 DOI: 10.3390/e25010116] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/17/2022] [Revised: 12/24/2022] [Accepted: 01/03/2023] [Indexed: 06/17/2023]
Abstract
A basic understanding of delayed packet loss is key to successfully applying it to multi-node hopping networks. Given the problem of delayed data loss due to network delay in a hop network environment, we review early time windowing approaches, for which most contributions focus on end-to-end hopping networks. However, they do not apply to the general hopping network environment, where data transmission from the sending host to the receiving host usually requires forwarding at multiple intermediate nodes due to network latency and network cache overflow, which may result in delayed packet loss. To overcome this challenge, we propose a delay time window and a method for estimating the delay time window. By examining the network delays of different data tasks, we obtain network delay estimates for these data tasks, use them as estimates of the delay time window, and validate the estimated results to verify that the results satisfy the delay distribution law. In addition, simulation tests and a discussion of the results were conducted to demonstrate how to maximize the reception of delay groupings. The analysis shows that the method is more general and applicable to multi-node hopping networks than existing time windowing methods.
Collapse
Affiliation(s)
- Zhu Fang
- School of Electronic Information, Wuhan University, Wuhan 430064, China
| | - Zhengquan Xu
- State Key Laboratory of Mapping and Remote Sensing Information Engineering, Wuhan University, Wuhan 430079, China
| |
Collapse
|
20
|
Muthuvel S, Rajagopal S, Subramaniam SK. Analysis of Security Issues in Wireless Body Area Networks in Heterogeneous Networks. Sensors (Basel) 2022; 22:7588. [PMID: 36236687 PMCID: PMC9571783 DOI: 10.3390/s22197588] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 07/24/2022] [Revised: 09/26/2022] [Accepted: 09/28/2022] [Indexed: 06/16/2023]
Abstract
Body Area Network (BAN) is one of the most important techniques for observing patient health in real time and identifying and analyzing diseases. For effective implementation of this technology in practice and to benefit from it, there are some key issues which are to be addressed, and among those issues, security is highly critical. WBAN will have to operate in a cooperative networking model of multiple networks such as those of homogeneous networks, for the purpose of performance and reliability, or those of heterogeneous networks, for the purpose of data transfer and processing from application point of view, with the other networks such as the networks of hospitals, clinics, medical experts, etc. and the patient himself/herself, who may be moving from one network to another. This paper brings out the issues related to security in WBAN in separate networks as well as in multiple networks. For WBAN working in a separate network, the IEEE 802.15.6 standard is considered. For WBANs working in multiple networks, especially heterogeneous networks, the security issues are considered. Considering the advancements of artificial intelligence (AI), the paper describes how AI is addressing some challenges faced by WBAN. The paper describes possible approaches which can be taken to address these issues by modeling a security mechanism using various artificial intelligence techniques. The paper proposes game theory with Stackelberg security equilibrium (GTSSE) for modeling security in heterogeneous networks in WBAN and describes the experiments conducted by the authors and the results proving the suitability of the modeling using GTSSE.
Collapse
Affiliation(s)
- Somasundaram Muthuvel
- Department of Electronics and Communication Engineering (ECE), R.M.K. Engineering College, Kavaraipettai 601206, Tamilnadu, India
| | - Sivakumar Rajagopal
- Department of Sensor and Biomedical Technology, School of Electronics Engineering (SENSE), Vellore Institute of Technology, Vellore 632014, Tamilnadu, India
| | - Shamala K. Subramaniam
- Department of Communication Technology and Networks, Universiti Putra Malaysia, Serdang 43400, Malaysia
| |
Collapse
|
21
|
Nasir MU, Khan S, Mehmood S, Khan MA, Zubair M, Hwang SO. Network Meddling Detection Using Machine Learning Empowered with Blockchain Technology. Sensors (Basel) 2022; 22:6755. [PMID: 36146104 PMCID: PMC9500681 DOI: 10.3390/s22186755] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 06/16/2022] [Revised: 09/01/2022] [Accepted: 09/04/2022] [Indexed: 06/16/2023]
Abstract
The study presents a framework to analyze and detect meddling in real-time network data and identify numerous meddling patterns that may be harmful to various communication means, academic institutes, and other industries. The major challenge was to develop a non-faulty framework to detect meddling (to overcome the traditional ways). With the development of machine learning technology, detecting and stopping the meddling process in the early stages is much easier. In this study, the proposed framework uses numerous data collection and processing techniques and machine learning techniques to train the meddling data and detect anomalies. The proposed framework uses support vector machine (SVM) and K-nearest neighbor (KNN) machine learning algorithms to detect the meddling in a network entangled with blockchain technology to ensure the privacy and protection of models as well as communication data. SVM achieves the highest training detection accuracy (DA) and misclassification rate (MCR) of 99.59% and 0.41%, respectively, and SVM achieves the highest-testing DA and MCR of 99.05% and 0.95%, respectively. The presented framework portrays the best meddling detection results, which are very helpful for various communication and transaction processes.
Collapse
Affiliation(s)
- Muhammad Umar Nasir
- Riphah School of Computing & Innovation, Faculty of Computing, Riphah International University, Lahore Campus, Lahore 54000, Pakistan
| | - Safiullah Khan
- Department of IT Convergence Engineering, Gachon University, Seongnam 13120, Korea
| | - Shahid Mehmood
- Riphah School of Computing & Innovation, Faculty of Computing, Riphah International University, Lahore Campus, Lahore 54000, Pakistan
| | - Muhammad Adnan Khan
- Pattern Recognition and Machine Learning Lab, Department of Software, Gachon University, Seongnam 13557, Korea
| | - Muhammad Zubair
- Faculty of Computing, Riphah International University, Islamabad Campus, Islamabad 45000, Pakistan
| | - Seong Oun Hwang
- Department of Computer Engineering, Gachon University, Seongnam 13120, Korea
| |
Collapse
|
22
|
Chen CM, Chen Z, Kumari S, Lin MC. LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things. Sensors (Basel) 2022; 22:5401. [PMID: 35891080 PMCID: PMC9320153 DOI: 10.3390/s22145401] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 05/26/2022] [Revised: 07/02/2022] [Accepted: 07/13/2022] [Indexed: 06/15/2023]
Abstract
The Internet of Health Things (IoHT), which is an extension of the Internet of Things (IoT) in healthcare, has provided a new type of telemedicine approach. In IoHT, wearable sensors are used to collect patient health data, and information is transmitted remotely to doctors who can develop accurate treatment plans and provide timely telemedicine services to patients. However, patient health data are transmitted over a public channel, which means that the privacy and medical data of patients are at significant risk of leakage and can be confronted by serious security problems. We proposed a lightweight authentication protocol known as LAP-IoHT for IoHT environments to overcome the various threats that are currently faced by IoHT. We verified the security of LAP-IoHT using a Real-or-Random model and demonstrated its significant performance advantage by conducting a comparative analysis with other similar protocols for a better adaptation to the IoHT environment.
Collapse
Affiliation(s)
- Chien-Ming Chen
- College of Computer Science and Engineering, Shandong University of Science and Technology, Qingdao 266590, China; (C.-M.C.); (Z.C.)
| | - Zhaoting Chen
- College of Computer Science and Engineering, Shandong University of Science and Technology, Qingdao 266590, China; (C.-M.C.); (Z.C.)
| | - Saru Kumari
- Department of Mathematics, Chaudhary Charan Singh University, Meerut 250004, Uttar Pradesh, India;
| | - Meng-Chang Lin
- Graduate Institute of Nanomedicine and Medical Engineering, College of Biomedical Engineering, Taipei Medical University, Taipei 115, Taiwan
| |
Collapse
|
23
|
Akshay Kumaar M, Samiayya D, Vincent PMDR, Srinivasan K, Chang CY, Ganesh H. A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning. Front Public Health 2022; 9:824898. [PMID: 35096763 PMCID: PMC8790147 DOI: 10.3389/fpubh.2021.824898] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/29/2021] [Accepted: 12/16/2021] [Indexed: 12/01/2022] Open
Abstract
The unbounded increase in network traffic and user data has made it difficult for network intrusion detection systems to be abreast and perform well. Intrusion Systems are crucial in e-healthcare since the patients' medical records should be kept highly secure, confidential, and accurate. Any change in the actual patient data can lead to errors in the diagnosis and treatment. Most of the existing artificial intelligence-based systems are trained on outdated intrusion detection repositories, which can produce more false positives and require retraining the algorithm from scratch to support new attacks. These processes also make it challenging to secure patient records in medical systems as the intrusion detection mechanisms can become frequently obsolete. This paper proposes a hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data. The proposed framework uses multiple feature engineering processes, oversampling methods to improve class balance, and hyper-parameter optimization techniques to achieve high accuracy and performance. The architecture contains <1 million parameters, making it lightweight, fast, and IoT-friendly, suitable for deploying the IDS on medical devices and healthcare systems. The performance of ImmuneNet was benchmarked against several other machine learning algorithms on the Canadian Institute for Cybersecurity's Intrusion Detection System 2017, 2018, and Bell DNS 2021 datasets which contain extensive real-time and latest cyber attack data. Out of all the experiments, ImmuneNet performed the best on the CIC Bell DNS 2021 dataset with about 99.19% accuracy, 99.22% precision, 99.19% recall, and 99.2% ROC-AUC scores, which are comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.
Collapse
Affiliation(s)
| | - Duraimurugan Samiayya
- Department of Information Technology, St. Joseph's College of Engineering, Chennai, India
| | - P M Durai Raj Vincent
- School of Information Technology and Engineering, Vellore Institute of Technology, Vellore, India
| | - Kathiravan Srinivasan
- School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India
| | - Chuan-Yu Chang
- Department of Computer Science and Information Engineering, National Yunlin University of Science and Technology, Douliu, Taiwan.,Service Systems Technology Center, Industrial Technology Research Institute, Hsinchu, Taiwan
| | - Harish Ganesh
- Department of Information Technology, St. Joseph's College of Engineering, Chennai, India
| |
Collapse
|
24
|
Aslam M, Ye D, Tariq A, Asad M, Hanif M, Ndzi D, Chelloug SA, Elaziz MA, Al-Qaness MAA, Jilani SF. Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT. Sensors (Basel) 2022; 22:s22072697. [PMID: 35408312 PMCID: PMC9002783 DOI: 10.3390/s22072697] [Citation(s) in RCA: 10] [Impact Index Per Article: 5.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/18/2022] [Revised: 03/25/2022] [Accepted: 03/25/2022] [Indexed: 11/16/2022]
Abstract
The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.
Collapse
Affiliation(s)
- Muhammad Aslam
- School of Computing, Engineering and Physical Sciences, University of the West of Scotland, Glasgow G72 0LH, UK; (M.A.); (D.N.)
| | - Dengpan Ye
- School of Cyber Sceince and Engineering, Wuhan University, Wuhan 430079, China;
| | - Aqil Tariq
- State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing (LIESMARS), Wuhan University, Wuhan 430079, China; (A.T.); (M.A.A.A.-Q.)
| | - Muhammad Asad
- Department of Computer Science, Nagoya Institute of Technology, Nagoya 466-8555, Japan;
| | - Muhammad Hanif
- Department of Computer Science, COMSATS University of Islamabad, Wah Cantt 45550, Pakistan;
| | - David Ndzi
- School of Computing, Engineering and Physical Sciences, University of the West of Scotland, Glasgow G72 0LH, UK; (M.A.); (D.N.)
| | - Samia Allaoua Chelloug
- Department of Information Technology, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, P.O. Box 84428, Riyadh 11671, Saudi Arabia
- Correspondence:
| | - Mohamed Abd Elaziz
- Department of Mathematics, Faculty of Science, Zagazig University, Zagazig 44519, Egypt;
| | - Mohammed A. A. Al-Qaness
- State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing (LIESMARS), Wuhan University, Wuhan 430079, China; (A.T.); (M.A.A.A.-Q.)
| | | |
Collapse
|
25
|
Majid M, Habib S, Javed AR, Rizwan M, Srivastava G, Gadekallu TR, Lin JCW. Applications of Wireless Sensor Networks and Internet of Things Frameworks in the Industry Revolution 4.0: A Systematic Literature Review. Sensors (Basel) 2022; 22:s22062087. [PMID: 35336261 PMCID: PMC8950945 DOI: 10.3390/s22062087] [Citation(s) in RCA: 46] [Impact Index Per Article: 23.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/09/2022] [Revised: 02/27/2022] [Accepted: 03/02/2022] [Indexed: 11/30/2022]
Abstract
The 21st century has seen rapid changes in technology, industry, and social patterns. Most industries have moved towards automation, and human intervention has decreased, which has led to a revolution in industries, named the fourth industrial revolution (Industry 4.0). Industry 4.0 or the fourth industrial revolution (IR 4.0) relies heavily on the Internet of Things (IoT) and wireless sensor networks (WSN). IoT and WSN are used in various control systems, including environmental monitoring, home automation, and chemical/biological attack detection. IoT devices and applications are used to process extracted data from WSN devices and transmit them to remote locations. This systematic literature review offers a wide range of information on Industry 4.0, finds research gaps, and recommends future directions. Seven research questions are addressed in this article: (i) What are the contributions of WSN in IR 4.0? (ii) What are the contributions of IoT in IR 4.0? (iii) What are the types of WSN coverage areas for IR 4.0? (iv) What are the major types of network intruders in WSN and IoT systems? (v) What are the prominent network security attacks in WSN and IoT? (vi) What are the significant issues in IoT and WSN frameworks? and (vii) What are the limitations and research gaps in the existing work? This study mainly focuses on research solutions and new techniques to automate Industry 4.0. In this research, we analyzed over 130 articles from 2014 until 2021. This paper covers several aspects of Industry 4.0, from the designing phase to security needs, from the deployment stage to the classification of the network, the difficulties, challenges, and future directions.
Collapse
Affiliation(s)
- Mamoona Majid
- School of System and Technology, University of Management and Technology, Lahore 54782, Pakistan; (M.M.); (S.H.)
| | - Shaista Habib
- School of System and Technology, University of Management and Technology, Lahore 54782, Pakistan; (M.M.); (S.H.)
| | - Abdul Rehman Javed
- Department of Cyber Security, PAF Complex, E-9, Air University, Islamabad 44000, Pakistan;
| | - Muhammad Rizwan
- Department of Computer Science, Kinnaird College for Women, Lahore 54000, Pakistan;
| | - Gautam Srivastava
- Department of Mathematics and Computer Science, Brandon University, Brandon, MB R7A 6A9, Canada;
- Research Center for Interneural Computing, China Medical University, Taichung 406040, Taiwan
| | - Thippa Reddy Gadekallu
- School of Information Technology and Engineering, Vellore Institute of Technology, Vellore 632014, Tamil Nadu, India;
| | - Jerry Chun-Wei Lin
- Department of Computer Science, Electrical Engineering and Mathematical Sciences, Western Norway University of Applied Sciences, 5063 Bergen, Norway
- Correspondence:
| |
Collapse
|
26
|
Malik A, Khan MZ, Faisal M, Khan F, Seo JT. An Efficient Dynamic Solution for the Detection and Prevention of Black Hole Attack in VANETs. Sensors (Basel) 2022; 22:1897. [PMID: 35271043 DOI: 10.3390/s22051897] [Citation(s) in RCA: 5] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/19/2021] [Revised: 01/21/2022] [Accepted: 02/23/2022] [Indexed: 11/17/2022]
Abstract
Rapid and tremendous advances in wireless technology, miniaturization, and Internet of things (IoT) technology have brought significant development to vehicular ad hoc networks (VANETs). VANETs and IoT together play a vital role in the current intelligent transport system (ITS). However, a VANET is highly vulnerable to various security attacks due to its highly dynamic, decentralized, open-access medium, and protocol-design-related concerns. Regarding security concerns, a black hole attack (BHA) is one such threat in which the control or data packets are dropped by the malicious vehicle, converting a safe path/link into a compromised one. Dropping data packets has a severe impact on a VANET's performance and security and may cause road fatalities, accidents, and traffic jams. In this study, a novel solution called detection and prevention of a BHA (DPBHA) is proposed to secure and improve the overall security and performance of the VANETs by detecting BHA at an early stage of the route discovery process. The proposed solution is based on calculating a dynamic threshold value and generating a forged route request (RREQ) packet. The solution is implemented and evaluated in the NS-2 simulator and its performance and efficacy are compared with the benchmark schemes. The results showed that the proposed DPBHA outperformed the benchmark schemes in terms of increasing the packet delivery ratio (PDR) by 3.0%, increasing throughput by 6.15%, reducing the routing overhead by 3.69%, decreasing the end-to-end delay by 6.13%, and achieving a maximum detection rate of 94.66%.
Collapse
|
27
|
Desnitsky V, Chechulin A, Kotenko I. Multi-Aspect Based Approach to Attack Detection in IoT Clouds. Sensors (Basel) 2022; 22:1831. [PMID: 35270979 DOI: 10.3390/s22051831] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 12/30/2021] [Revised: 02/21/2022] [Accepted: 02/22/2022] [Indexed: 02/04/2023]
Abstract
This article covers the issues of constructing tools for detecting network attacks targeting devices in IoT clouds. The detection is performed within the framework of cloud infrastructure, which receives data flows that are limited in size and content, and characterize the current network interaction of the analyzed IoT devices. The detection is based on the construction of training models and uses machine learning methods, such as AdaBoostClassifier, RandomForestClassifier, MultinomialNB, etc. The proposed combined multi-aspect approach to attack detection relies on session-based spaces, host-based spaces, and other spaces of features extracted from incoming traffic. An attack-specific ensemble of various machine learning methods is applied to improve the detection quality indicators. The performed experiments have confirmed the correctness of the constructed models and their effectiveness, expressed in terms of the precision, recall, and f1-measure indicators for each analyzed type of attack, using a series of existing samples of benign and attacking traffic.
Collapse
|
28
|
Verkerken M, D’hooge L, Wauters T, Volckaert B, De Turck F. Towards Model Generalization for Intrusion Detection: Unsupervised Machine Learning Techniques. J Netw Syst Manage 2022. [PMCID: PMC8520582 DOI: 10.1007/s10922-021-09615-7] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 05/14/2023]
Abstract
Through the ongoing digitization of the world, the number of connected devices is continuously growing without any foreseen decline in the near future. In particular, these devices increasingly include critical systems such as power grids and medical institutions, possibly causing tremendous consequences in the case of a successful cybersecurity attack. A network intrusion detection system (NIDS) is one of the main components to detect ongoing attacks by differentiating normal from malicious traffic. Anomaly-based NIDS, more specifically unsupervised methods previously proved promising for their ability to detect known as well as zero-day attacks without the need for a labeled dataset. Despite decades of development by researchers, anomaly-based NIDS are only rarely employed in real-world applications, most possibly due to the lack of generalization power of the proposed models. This article first evaluates four unsupervised machine learning methods on two recent datasets and then defines their generalization strength using a novel inter-dataset evaluation strategy estimating their adaptability. Results show that all models can present high classification scores on an individual dataset but fail to directly transfer those to a second unseen but related dataset. Specifically, the accuracy dropped on average 25.63% in an inter-dataset setting compared to the conventional evaluation approach. This generalization challenge can be observed and tackled in future research with the help of the proposed evaluation strategy in this paper.
Collapse
Affiliation(s)
- Miel Verkerken
- Department of Information Technology, IDLab, Ghent University - imec, Technologiepark 126, 9052 Gent, Belgium
| | - Laurens D’hooge
- Department of Information Technology, IDLab, Ghent University - imec, Technologiepark 126, 9052 Gent, Belgium
| | - Tim Wauters
- Department of Information Technology, IDLab, Ghent University - imec, Technologiepark 126, 9052 Gent, Belgium
| | - Bruno Volckaert
- Department of Information Technology, IDLab, Ghent University - imec, Technologiepark 126, 9052 Gent, Belgium
| | - Filip De Turck
- Department of Information Technology, IDLab, Ghent University - imec, Technologiepark 126, 9052 Gent, Belgium
| |
Collapse
|
29
|
Akram F, Liu D, Zhao P, Kryvinska N, Abbas S, Rizwan M. Trustworthy Intrusion Detection in E-Healthcare Systems. Front Public Health 2021; 9:788347. [PMID: 34926397 PMCID: PMC8678532 DOI: 10.3389/fpubh.2021.788347] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/02/2021] [Accepted: 10/25/2021] [Indexed: 11/19/2022] Open
Abstract
In Internet of Things (IoT)-based network systems (IoT-net), intrusion detection systems (IDS) play a significant role to maintain patient health records (PHR) in e-healthcare. IoT-net is a massive technology with security threats on the network layer, as it is considered the most common source for communication and data storage platforms. The security of data servers in all sectors (mainly healthcare) has become one of the most crucial challenges for researchers. This paper proposes an approach for effective intrusion detection in the e-healthcare environment to maintain PHR in a safe IoT-net using an adaptive neuro-fuzzy inference system (ANFIS). In the proposed security model, the experiments present a security tool that helps to detect malicious network traffic. The practical implementation of the ANFIS model on the MATLAB framework with testing and training results compares the accuracy rate from the previous research in security.
Collapse
Affiliation(s)
- Faiza Akram
- Department of Mathematics, School of Science, Nanjing University of Science and Technology, Nanjing, China
| | - Dongsheng Liu
- Department of Mathematics, School of Science, Nanjing University of Science and Technology, Nanjing, China
| | - Peibiao Zhao
- Department of Mathematics, School of Science, Nanjing University of Science and Technology, Nanjing, China
| | - Natalia Kryvinska
- Department of Information Systems, Faculty of Management, Comenius University in Bratislava, Bratislava, Slovakia
| | - Sidra Abbas
- Department of Computer Science, COMSATS University, Islamabad, Pakistan
| | - Muhammad Rizwan
- Department of Computer Science, Kinnaird College for Women, Lahore, Pakistan
| |
Collapse
|
30
|
Kotecha K, Verma R, Rao PV, Prasad P, Mishra VK, Badal T, Jain D, Garg D, Sharma S. Enhanced Network Intrusion Detection System. Sensors (Basel) 2021; 21:7835. [PMID: 34883839 DOI: 10.3390/s21237835] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/12/2021] [Revised: 11/11/2021] [Accepted: 11/19/2021] [Indexed: 12/03/2022]
Abstract
A reasonably good network intrusion detection system generally requires a high detection rate and a low false alarm rate in order to predict anomalies more accurately. Older datasets cannot capture the schema of a set of modern attacks; therefore, modelling based on these datasets lacked sufficient generalizability. This paper operates on the UNSW-NB15 Dataset, which is currently one of the best representatives of modern attacks and suggests various models. We discuss various models and conclude our discussion with the model that performs the best using various kinds of evaluation metrics. Alongside modelling, a comprehensive data analysis on the features of the dataset itself using our understanding of correlation, variance, and similar factors for a wider picture is done for better modelling. Furthermore, hypothetical ponderings are discussed for potential network intrusion detection systems, including suggestions on prospective modelling and dataset generation as well.
Collapse
|
31
|
Yang J, Wang L. Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection. Sensors (Basel) 2021; 21:s21227464. [PMID: 34833539 PMCID: PMC8618504 DOI: 10.3390/s21227464] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 10/15/2021] [Revised: 11/05/2021] [Accepted: 11/08/2021] [Indexed: 11/16/2022]
Abstract
A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.
Collapse
|
32
|
Peppes N, Daskalakis E, Alexakis T, Adamopoulou E, Demestichas K. Performance of Machine Learning-Based Multi-Model Voting Ensemble Methods for Network Threat Detection in Agriculture 4.0. Sensors (Basel) 2021; 21:7475. [PMID: 34833551 DOI: 10.3390/s21227475] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 10/08/2021] [Revised: 10/22/2021] [Accepted: 11/08/2021] [Indexed: 11/28/2022]
Abstract
The upcoming agricultural revolution, known as Agriculture 4.0, integrates cutting-edge Information and Communication Technologies in existing operations. Various cyber threats related to the aforementioned integration have attracted increasing interest from security researchers. Network traffic analysis and classification based on Machine Learning (ML) methodologies can play a vital role in tackling such threats. Towards this direction, this research work presents and evaluates different ML classifiers for network traffic classification, i.e., K-Nearest Neighbors (KNN), Support Vector Classification (SVC), Decision Tree (DT), Random Forest (RF) and Stochastic Gradient Descent (SGD), as well as a hard voting and a soft voting ensemble model of these classifiers. In the context of this research work, three variations of the NSL-KDD dataset were utilized, i.e., initial dataset, undersampled dataset and oversampled dataset. The performance of the individual ML algorithms was evaluated in all three dataset variations and was compared to the performance of the voting ensemble methods. In most cases, both the hard and the soft voting models were found to perform better in terms of accuracy compared to the individual models.
Collapse
|
33
|
Aljabri M, Aljameel SS, Mohammad RMA, Almotiri SH, Mirza S, Anis FM, Aboulnour M, Alomari DM, Alhamed DH, Altamimi HS. Intelligent Techniques for Detecting Network Attacks: Review and Research Directions. Sensors (Basel) 2021; 21:7070. [PMID: 34770375 DOI: 10.3390/s21217070] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/12/2021] [Revised: 10/20/2021] [Accepted: 10/21/2021] [Indexed: 11/17/2022]
Abstract
The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.
Collapse
|
34
|
Sawicki K, Bieszczad G, Piotrowski Z. StegoFrameOrder-MAC Layer Covert Network Channel for Wireless IEEE 802.11 Networks. Sensors (Basel) 2021; 21:6268. [PMID: 34577475 DOI: 10.3390/s21186268] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 08/04/2021] [Revised: 09/03/2021] [Accepted: 09/16/2021] [Indexed: 11/18/2022]
Abstract
The proposed StegoFrameOrder (SFO) method enables the transmission of covert data in wireless computer networks exploiting non-deterministic algorithms of medium access (such as the distributed coordination function), especially in IEEE 802.11 networks. Such a covert channel enables the possibility of leaking crucial information outside secured network in a manner that is difficult to detect. The SFO method embeds hidden bits of information in the relative order of frames transmitted by wireless terminals operating on the same radio channel. The paper presents an idea of this covert channel, its implementation, and possible variants. The paper also discusses implementing the SFO method in a real environment and the experiments performed in the real-world scenario.
Collapse
|
35
|
Zhi L, Yin P, Ren J, Wei G, Zhou J, Wu J, Shen Q. Running an Internet Hospital in China: Perspective Based on a Case Study. J Med Internet Res 2021; 23:e18307. [PMID: 34342267 PMCID: PMC8485192 DOI: 10.2196/18307] [Citation(s) in RCA: 7] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/19/2020] [Revised: 11/25/2020] [Accepted: 08/02/2021] [Indexed: 11/13/2022] Open
Abstract
Internet hospitals, as a new forum for doctors to conduct diagnosis and treatment activities based on the internet, are emerging in China and have become integral to the development of the medical field in conjunction with increasing reforms and policies in China's medical and health system. Here, we take the Internet Hospital of the First Affiliated Hospital, Zhejiang University (FAHZU Internet Hospital) as an example to discuss the operations and functional positioning of developing internet hospital medical services in relation to physical hospitals. This viewpoint considers the platform operation, management, and network security of FAHZU Internet Hospital, and summarizes the advantages and limitations in the operation to provide a reference for other areas with interest in developing internet hospitals.
Collapse
Affiliation(s)
- Lihua Zhi
- Department of Internet Hospital Office, The First Affiliated Hospital Zhejiang University School of Medicine, Hangzhou, China
| | - Pei Yin
- Department of General Practice, The First Affiliated Hospital, Zhejiang University School of Medicine, Hangzhou, China
| | - Jingjing Ren
- Department of General Practice, The First Affiliated Hospital, Zhejiang University School of Medicine, Hangzhou, China
| | - Guoqing Wei
- Department of Medical Administration, The First Affiliated Hospital, Zhejiang University School of Medicine, Hangzhou, China
| | - Jun Zhou
- Department of Internet Hospital Office, The First Affiliated Hospital Zhejiang University School of Medicine, Hangzhou, China
| | - Jun Wu
- Department of Internet Hospital Office, The First Affiliated Hospital Zhejiang University School of Medicine, Hangzhou, China
| | - Qun Shen
- Department of Internet Hospital Office, The First Affiliated Hospital Zhejiang University School of Medicine, Hangzhou, China
| |
Collapse
|
36
|
Abstract
Librarians adopted and utilized web-based Google suite applications as a method of collaborating with each other on projects, research, and professional association membership duties. However, as cybercriminals have begun to exploit these tools to infect healthcare networks with ransomware, many hospital IT departments have blocked access to Google applications. This paper provides a background on security risks to healthcare institutions and possible alternatives to Google applications hospital librarians can use to continue collaborating.
Collapse
|
37
|
Sikora M, Fujdiak R, Kuchar K, Holasova E, Misurec J. Generator of Slow Denial-of-Service Cyber Attacks. Sensors (Basel) 2021; 21:5473. [PMID: 34450915 DOI: 10.3390/s21165473] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/29/2021] [Revised: 07/29/2021] [Accepted: 08/05/2021] [Indexed: 11/18/2022]
Abstract
In today’s world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.
Collapse
|
38
|
Haenel A, Haddad Y, Laurent M, Zhang Z. Practical Cross-Layer Radio Frequency-Based Authentication Scheme for Internet of Things. Sensors (Basel) 2021; 21:s21124034. [PMID: 34208142 PMCID: PMC8230913 DOI: 10.3390/s21124034] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/02/2021] [Revised: 06/06/2021] [Accepted: 06/09/2021] [Indexed: 11/16/2022]
Abstract
The Internet of Things world is in need of practical solutions for its security. Existing security mechanisms for IoT are mostly not implemented due to complexity, budget, and energy-saving issues. This is especially true for IoT devices that are battery powered, and they should be cost effective to be deployed extensively in the field. In this work, we propose a new cross-layer approach combining existing authentication protocols and existing Physical Layer Radio Frequency Fingerprinting technologies to provide hybrid authentication mechanisms that are practically proved efficient in the field. Even though several Radio Frequency Fingerprinting methods have been proposed so far, as a support for multi-factor authentication or even on their own, practical solutions are still a challenge. The accuracy results achieved with even the best systems using expensive equipment are still not sufficient on real-life systems. Our approach proposes a hybrid protocol that can save energy and computation time on the IoT devices side, proportionally to the accuracy of the Radio Frequency Fingerprinting used, which has a measurable benefit while keeping an acceptable security level. We implemented a full system operating in real time and achieved an accuracy of 99.8% for the additional cost of energy, leading to a decrease of only ~20% in battery life.
Collapse
Affiliation(s)
- Arie Haenel
- Samovar, Telecom SudParis, Institut Polytechnique de Paris, 91120 Palaiseau, France;
- Department of Computer Science, Jerusalem College of Technology, Jerusalem 91160, Israel;
- Correspondence:
| | - Yoram Haddad
- Department of Computer Science, Jerusalem College of Technology, Jerusalem 91160, Israel;
| | - Maryline Laurent
- Samovar, Telecom SudParis, Institut Polytechnique de Paris, 91120 Palaiseau, France;
| | - Zonghua Zhang
- Institut Mines-Telecom Lille Douai, 59500 Douai, France;
| |
Collapse
|
39
|
Wang P, Zhou M, Ding Z. A Two-Layer IP Hopping-Based Moving Target Defense Approach to Enhancing the Security of Mobile Ad-Hoc Networks. Sensors (Basel) 2021; 21:2355. [PMID: 33800676 DOI: 10.3390/s21072355] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 03/18/2021] [Revised: 03/25/2021] [Accepted: 03/26/2021] [Indexed: 11/16/2022]
Abstract
Mobile ad-hoc networks (MANETs) have great potential applications in military missions or emergency rescue due to their no-infrastructure, self-organizing and multi hop capability characteristics. Obviously, it is important to implement a low-cost and efficient mechanism of anti-invasion, anti-eavesdropping and anti-attack in MANETs, especially for military scenarios. The purpose of intruding or attacking a MANET is usually different from that of wired Internet networks whose security mechanism has been widely explored and implemented. For MANETs, moving target defense (MTD) is a suitable mechanism to enhance the network security, whose basic idea is to continuously and randomly change the system parameters or configuration to create inaccessibility for intruders and attackers. In this paper, a two-layer IP hopping-based MTD approach is proposed, in which device IP addresses or virtual IP addresses change or hop according to the network security status and requirements. The proposed MTD scheme based on the two-layer IP hopping has two major advantages in terms of network security. First, the device IP address of each device is not exposed to the wireless physical channel at all. Second, the two-layer IP hops with individual interval and rules to obtain enhanced security of MANET while maintaining relatively low computational load and communication cost for network control and synchronization. The proposed MTD scheme is implemented in our developed MANET terminals, providing three level of network security: anti-intrusion in normal environment, intrusion detection in offensive environment and anti-eavesdropping in a hostile environment by combining the data encryption technology.
Collapse
|
40
|
Ge M, Yu X, Liu L. Robot Communication: Network Traffic Classification Based on Deep Neural Network. Front Neurorobot 2021; 15:648374. [PMID: 33815085 PMCID: PMC8018276 DOI: 10.3389/fnbot.2021.648374] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/31/2020] [Accepted: 02/18/2021] [Indexed: 11/13/2022] Open
Abstract
With the rapid popularization of robots, the risks brought by robot communication have also attracted the attention of researchers. Because current traffic classification methods based on plaintext cannot classify encrypted traffic, other methods based on statistical analysis require manual extraction of features. This paper proposes (i) a traffic classification framework based on a capsule neural network. This method has a multilayer neural network that can automatically learn the characteristics of the data stream. It uses capsule vectors instead of a single scalar input to effectively classify encrypted network traffic. (ii) For different network structures, a classification network structure combining convolution neural network and long short-term memory network is proposed. This structure has the characteristics of learning network traffic time and space characteristics. Experimental results show that the network model can classify encrypted traffic and does not require manual feature extraction. And on the basis of the previous tool, the recognition accuracy rate has increased by 8.
Collapse
Affiliation(s)
- Mengmeng Ge
- School of Cyberspace Science, Harbin Institute of Technology, Harbin, China
| | - Xiangzhan Yu
- School of Cyberspace Science, Harbin Institute of Technology, Harbin, China
| | - Likun Liu
- School of Cyberspace Science, Harbin Institute of Technology, Harbin, China
| |
Collapse
|
41
|
Hsu FH, Lee CH, Wang CY, Hung RY, Zhuang Y. DDoS Flood and Destination Service Changing Sensor. Sensors (Basel) 2021; 21:s21061980. [PMID: 33799796 PMCID: PMC7998187 DOI: 10.3390/s21061980] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 02/10/2021] [Revised: 03/05/2021] [Accepted: 03/08/2021] [Indexed: 11/16/2022]
Abstract
In this paper, we aim to detect distributed denial of service (DDoS) attacks, and receive a notification of destination service, changing immediately, without the additional efforts of other modules. We designed a kernel-based mechanism to build a new Transmission Control Protocol/Internet Protocol (TCP/IP) connection smartly by the host while the users or clients not knowing the location of the next host. Moreover, we built a lightweight flooding attack detection mechanism in the user mode of an operating system. Given that reinstalling a modified operating system on each client is not realistic, we managed to replace the entry of the system call table with a customized sys_connect. An effective defense depends on fine detection and defensive procedures. In according with our experiments, this novel mechanism can detect flooding DDoS successfully, including SYN flood and ICMP flood. Furthermore, through cooperating with a specific low cost network architecture, the mechanism can help to defend DDoS attacks effectively.
Collapse
|
42
|
Kim P, Lee Y, Hong YS, Kwon T. A Password Meter without Password Exposure. Sensors (Basel) 2021; 21:s21020345. [PMID: 33419094 PMCID: PMC7825399 DOI: 10.3390/s21020345] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 11/24/2020] [Revised: 12/25/2020] [Accepted: 01/04/2021] [Indexed: 11/22/2022]
Abstract
To meet password selection criteria of a server, a user occasionally needs to provide multiple choices of password candidates to an on-line password meter, but such user-chosen candidates tend to be derived from the user’s previous passwords—the meter may have a high chance to acquire information about a user’s passwords employed for various purposes. A third party password metering service may worsen this threat. In this paper, we first explore a new on-line password meter concept that does not necessitate the exposure of user’s passwords for evaluating user-chosen password candidates in the server side. Our basic idea is straightforward; to adapt fully homomorphic encryption (FHE) schemes to build such a system but its performance achievement is greatly challenging. Optimization techniques are necessary for performance achievement in practice. We employ various performance enhancement techniques and implement the NIST (National Institute of Standards and Technology) metering method as seminal work in this field. Our experiment results demonstrate that the running time of the proposed meter is around 60 s in a conventional desktop server, expecting better performance in high-end hardware, with an FHE scheme in HElib library where parameters support at least 80-bit security. We believe the proposed method can be further explored and used for a password metering in case that password secrecy is very important—the user’s password candidates should not be exposed to the meter and also an internal mechanism of password metering should not be disclosed to users and any other third parties.
Collapse
Affiliation(s)
- Pyung Kim
- Advanced Software Research Center, Incheon National University, Incheon 22012, Korea; (P.K.); (Y.-S.H.)
| | - Younho Lee
- ITM Programme, Department of Industrial Engineering, Seoul National University of Science and Technology, Seoul 01811, Korea
- Correspondence: (Y.L.); (T.K.); Tel.: +82-2-970-7283 (Y.L.); +82-2-2123-4523 (T.K.)
| | - Youn-Sik Hong
- Advanced Software Research Center, Incheon National University, Incheon 22012, Korea; (P.K.); (Y.-S.H.)
| | - Taekyoung Kwon
- Graduate School of Information, Yonsei University, Seoul 03722, Korea
- Correspondence: (Y.L.); (T.K.); Tel.: +82-2-970-7283 (Y.L.); +82-2-2123-4523 (T.K.)
| |
Collapse
|
43
|
You X, Wang CX, Huang J, Gao X, Zhang Z, Wang M, Huang Y, Zhang C, Jiang Y, Wang J, Zhu M, Sheng B, Wang D, Pan Z, Zhu P, Yang Y, Liu Z, Zhang P, Tao X, Li S, Chen Z, Ma X, I CL, Han S, Li K, Pan C, Zheng Z, Hanzo L, Shen X(S, Guo YJ, Ding Z, Haas H, Tong W, Zhu P, Yang G, Wang J, Larsson EG, Ngo HQ, Hong W, Wang H, Hou D, Chen J, Chen Z, Hao Z, Li GY, Tafazolli R, Gao Y, Poor HV, Fettweis GP, Liang YC. Towards 6G wireless communication networks: vision, enabling technologies, and new paradigm shifts. Sci. China Inf. Sci. 2021; 64:110301. [PMCID: PMC7714900 DOI: 10.1007/s11432-020-2955-6] [Citation(s) in RCA: 70] [Impact Index Per Article: 23.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 05/17/2020] [Revised: 06/08/2020] [Accepted: 06/17/2020] [Indexed: 05/27/2023]
Abstract
The fifth generation (5G) wireless communication networks are being deployed worldwide from 2020 and more capabilities are in the process of being standardized, such as mass connectivity, ultra-reliability, and guaranteed low latency. However, 5G will not meet all requirements of the future in 2030 and beyond, and sixth generation (6G) wireless communication networks are expected to provide global coverage, enhanced spectral/energy/cost efficiency, better intelligence level and security, etc. To meet these requirements, 6G networks will rely on new enabling technologies, i.e., air interface and transmission technologies and novel network architecture, such as waveform design, multiple access, channel coding schemes, multi-antenna technologies, network slicing, cell-free architecture, and cloud/fog/edge computing. Our vision on 6G is that it will have four new paradigm shifts. First, to satisfy the requirement of global coverage, 6G will not be limited to terrestrial communication networks, which will need to be complemented with non-terrestrial networks such as satellite and unmanned aerial vehicle (UAV) communication networks, thus achieving a space-air-ground-sea integrated communication network. Second, all spectra will be fully explored to further increase data rates and connection density, including the sub-6 GHz, millimeter wave (mmWave), terahertz (THz), and optical frequency bands. Third, facing the big datasets generated by the use of extremely heterogeneous networks, diverse communication scenarios, large numbers of antennas, wide bandwidths, and new service requirements, 6G networks will enable a new range of smart applications with the aid of artificial intelligence (AI) and big data technologies. Fourth, network security will have to be strengthened when developing 6G networks. This article provides a comprehensive survey of recent advances and future trends in these four aspects. Clearly, 6G with additional technical requirements beyond those of 5G will enable faster and further communications to the extent that the boundary between physical and cyber worlds disappears.
Collapse
Affiliation(s)
- Xiaohu You
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Cheng-Xiang Wang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Jie Huang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Xiqi Gao
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Zaichen Zhang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Mao Wang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Yongming Huang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Chuan Zhang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Yanxiang Jiang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Jiaheng Wang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Min Zhu
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Bin Sheng
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Dongming Wang
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Zhiwen Pan
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Pengcheng Zhu
- National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Yang Yang
- Shanghai Institute of Fog Computing Technology (SHIFT), ShanghaiTech University, Shanghai, 201210 China
- Research Center for Network Communication, Peng Cheng Laboratory, Shenzhen, 518000 China
| | - Zening Liu
- Purple Mountain Laboratories, Nanjing, 211111 China
| | - Ping Zhang
- State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 China
| | - Xiaofeng Tao
- National Engineering Laboratory for Mobile Network Technologies, Beijing University of Posts and Telecommunications, Beijing, 100876 China
| | - Shaoqian Li
- National Key Laboratory of Science and Technology on Communications, University of Electronic Science and Technology of China (UESTC), Chengdu, 611731 China
| | - Zhi Chen
- National Key Laboratory of Science and Technology on Communications, University of Electronic Science and Technology of China (UESTC), Chengdu, 611731 China
| | - Xinying Ma
- National Key Laboratory of Science and Technology on Communications, University of Electronic Science and Technology of China (UESTC), Chengdu, 611731 China
| | - Chih-Lin I
- China Mobile Research Institute, Beijing, 100053 China
| | | | - Ke Li
- China Mobile Research Institute, Beijing, 100053 China
| | - Chengkang Pan
- China Mobile Research Institute, Beijing, 100053 China
| | - Zhimin Zheng
- China Mobile Research Institute, Beijing, 100053 China
| | - Lajos Hanzo
- School of Electronics and Computer Science, University of Southampton, Southampton, SO17 1BJ UK
| | - Xuemin (Sherman) Shen
- Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, N2L 3G1 Canada
| | - Yingjie Jay Guo
- Global Big Data Technologies Centre (GBDTC), University of Technology Sydney, Sydney, NSW 2007 Australia
| | - Zhiguo Ding
- School of Electrical and Electronic Engineering, The University of Manchester, Manchester, M13 9PL UK
| | - Harald Haas
- LiFi Research and Development Centre, Institute for Digital Communications, School of Engineering, The University of Edinburgh, Edinburgh, EH9 3JL UK
| | - Wen Tong
- Huawei Technologies Canada Co., Ltd., Ottawa, K2K 3J1 Canada
| | - Peiying Zhu
- Huawei Technologies Canada Co., Ltd., Ottawa, K2K 3J1 Canada
| | | | - Jun Wang
- Huawei Technologies, Hangzhou, 310007 China
| | - Erik G. Larsson
- Department of Electrical Engineering (ISY), Linköping University, Linköping, 581 83 Sweden
| | - Hien Quoc Ngo
- Institute of Electronics, Communications & Information Technology (ECIT), Queen’s University Belfast, Belfast, BT3 9DT UK
| | - Wei Hong
- Purple Mountain Laboratories, Nanjing, 211111 China
- State Key Laboratory of Millimeter Waves, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
| | - Haiming Wang
- Purple Mountain Laboratories, Nanjing, 211111 China
- State Key Laboratory of Millimeter Waves, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
| | - Debin Hou
- Purple Mountain Laboratories, Nanjing, 211111 China
- State Key Laboratory of Millimeter Waves, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
| | - Jixin Chen
- Purple Mountain Laboratories, Nanjing, 211111 China
- State Key Laboratory of Millimeter Waves, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
| | - Zhe Chen
- Purple Mountain Laboratories, Nanjing, 211111 China
- State Key Laboratory of Millimeter Waves, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
| | - Zhangcheng Hao
- Purple Mountain Laboratories, Nanjing, 211111 China
- State Key Laboratory of Millimeter Waves, School of Information Science and Engineering, Southeast University, Nanjing, 210096 China
| | - Geoffrey Ye Li
- School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332 USA
| | - Rahim Tafazolli
- 5G Innovation Centre, University of Surrey, Guildford, GU2 7XH UK
| | - Yue Gao
- 5G Innovation Centre, University of Surrey, Guildford, GU2 7XH UK
| | | | - Gerhard P. Fettweis
- Center for Intelligent Networking and Communications (CINC), University of Electronic Science and Technology of China (UESTC), Chengdu, 611731 China
| | - Ying-Chang Liang
- Vodafone Chair Mobile Communications Systems, Technische Universität Dresden, Dresden, 01069 Germany
| |
Collapse
|
44
|
Rytel M, Felkner A, Janiszewski M. Towards a Safer Internet of Things-A Survey of IoT Vulnerability Data Sources. Sensors (Basel) 2020; 20:s20215969. [PMID: 33105564 PMCID: PMC7659474 DOI: 10.3390/s20215969] [Citation(s) in RCA: 11] [Impact Index Per Article: 2.8] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/16/2020] [Revised: 10/15/2020] [Accepted: 10/20/2020] [Indexed: 11/16/2022]
Abstract
The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and software available.
Collapse
|
45
|
Nazih W, Hifny Y, Elkilani WS, Dhahri H, Abdelkader T. Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks. Sensors (Basel) 2020; 20:E5875. [PMID: 33080829 DOI: 10.3390/s20205875] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/10/2020] [Revised: 10/10/2020] [Accepted: 10/13/2020] [Indexed: 11/17/2022]
Abstract
Many companies have transformed their telephone systems into Voice over IP (VoIP) systems. Although implementation is simple, VoIP is vulnerable to different types of attacks. The Session Initiation Protocol (SIP) is a widely used protocol for handling VoIP signaling functions. SIP is unprotected against attacks because it is a text-based protocol and lacks defense against the growing security threats. The Distributed Denial of Service (DDoS) attack is a harmful attack, because it drains resources, and prevents legitimate users from using the available services. In this paper, we formulate detection of DDoS attacks as a classification problem and propose an approach using token embedding to enhance extracted features from SIP messages. We discuss a deep learning model based on Recurrent Neural Networks (RNNs) developed to detect DDoS attacks with low and high-rate intensity. For validation, a balanced real traffic dataset was built containing three attack scenarios with different attack durations and intensities. Experiments show that the system has a high detection accuracy and low detection time. The detection accuracy was higher for low-rate attacks than that of traditional machine learning.
Collapse
|
46
|
Kalbo N, Mirsky Y, Shabtai A, Elovici Y. The Security of IP-Based Video Surveillance Systems. Sensors (Basel) 2020; 20:s20174806. [PMID: 32858840 PMCID: PMC7506579 DOI: 10.3390/s20174806] [Citation(s) in RCA: 14] [Impact Index Per Article: 3.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/18/2020] [Revised: 08/13/2020] [Accepted: 08/20/2020] [Indexed: 11/16/2022]
Abstract
Over the last decade, video surveillance systems have become a part of the Internet of Things (IoT). These IP-based surveillance systems now protect industrial facilities, railways, gas stations, and even one's own home. Unfortunately, like other IoT systems, there are inherent security risks which can lead to significant violations of a user's privacy. In this review, we explore the attack surface of modern surveillance systems and enumerate the various ways they can be compromised with real examples. We also identify the threat agents, their attack goals, attack vectors, and the resulting consequences of successful attacks. Finally, we present current countermeasures and best practices and discuss the threat horizon. The purpose of this review is to provide researchers and engineers with a better understanding of a modern surveillance systems' security, to harden existing systems and develop improved security solutions.
Collapse
Affiliation(s)
- Naor Kalbo
- Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer Sheva 8410501, Israel; (N.K.); (A.S.); (Y.E.)
| | - Yisroel Mirsky
- Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer Sheva 8410501, Israel; (N.K.); (A.S.); (Y.E.)
- College of Computing, Georgia Institute of Technology (Georgia Tech), Atlanta, GA 30332, USA
- Correspondence:
| | - Asaf Shabtai
- Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer Sheva 8410501, Israel; (N.K.); (A.S.); (Y.E.)
| | - Yuval Elovici
- Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer Sheva 8410501, Israel; (N.K.); (A.S.); (Y.E.)
| |
Collapse
|
47
|
Vaccari I, Aiello M, Cambiaso E. SlowITe, a Novel Denial of Service Attack Affecting MQTT. Sensors (Basel) 2020; 20:E2932. [PMID: 32455752 DOI: 10.3390/s20102932] [Citation(s) in RCA: 23] [Impact Index Per Article: 5.8] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 04/16/2020] [Revised: 05/14/2020] [Accepted: 05/19/2020] [Indexed: 11/29/2022]
Abstract
Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we target the Message Queue Telemetry Transport (MQTT) protocol used in IoT environments for communication between IoT devices. We exploit a specific weakness of MQTT which was identified during our research, allowing the client to configure the behavior of the server. In order to validate the possibility to exploit such vulnerability, we propose SlowITe, a novel low-rate denial of service attack aimed to target MQTT through low-rate techniques. We validate SlowITe against real MQTT services, considering both plain text and encrypted communications and comparing the effects of the threat when targeting different daemons. Results show that the attack is successful and it is able to exploit the identified vulnerability to lead a DoS on the victim with limited attack resources.
Collapse
|
48
|
Abstract
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
Collapse
Affiliation(s)
- Binita Bohara
- Dept.of Computer Science, Tuskegee University, Tuskegee, AL, USA
| | - Jay Bhuyan
- Dept.of Computer Science, Tuskegee University, Tuskegee, AL, USA
| | - Fan Wu
- Dept.of Computer Science, Tuskegee University, Tuskegee, AL, USA
| | - Junhua Ding
- Dept.of Information Science, University of North Texas, Texas, USA
| |
Collapse
|
49
|
Wee J, Choi JG, Pak W. Wildcard Fields-Based Partitioning for Fast and Scalable Packet Classification in Vehicle-to-Everything. Sensors (Basel) 2019; 19:s19112563. [PMID: 31195635 PMCID: PMC6603548 DOI: 10.3390/s19112563] [Citation(s) in RCA: 4] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 04/19/2019] [Revised: 05/31/2019] [Accepted: 06/03/2019] [Indexed: 11/16/2022]
Abstract
Vehicle-to-Everything (V2X) requires high-speed communication and high-level security. However, as the number of connected devices increases exponentially, communication networks are suffering from huge traffic and various security issues. It is well known that performance and security of network equipment significantly depends on the packet classification algorithm because it is one of the most fundamental packet processing functions. Thus, the algorithm should run fast even with the huge set of packet processing rules. Unfortunately, previous packet classification algorithms have focused on the processing speed only, failing to be scalable with the rule-set size. In this paper, we propose a new packet classification approach balancing classification speed and scalability. It can be applied to most decision tree-based packet classification algorithms such as HyperCuts and EffiCuts. It determines partitioning fields considering the rule duplication explicitly, which makes the algorithm memory-effective. In addition, the proposed approach reduces the decision tree size substantially with the minimal sacrifice of classification performance. As a result, we can attain high-speed packet classification and scalability simultaneously, which is very essential for latest services such as V2X and Internet-of-Things (IoT).
Collapse
Affiliation(s)
- Jaehyung Wee
- Computer Engineering Department, Keimyung University, Daegu 42601, Korea.
| | - Jin-Ghoo Choi
- Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Korea.
| | - Wooguil Pak
- Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Korea.
| |
Collapse
|
50
|
Liu L, Chen W, Li T, Liu Y. Pseudo-Random Encryption for Security Data Transmission in Wireless Sensor Networks. Sensors (Basel) 2019; 19:E2452. [PMID: 31146365 DOI: 10.3390/s19112452] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.4] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/13/2019] [Revised: 05/26/2019] [Accepted: 05/27/2019] [Indexed: 01/10/2023]
Abstract
The security of wireless sensor networks (WSN) has become a great challenge due to the transmission of sensor data through an open and wireless network with limited resources. In the paper, we discussed a lightweight security scheme to protect the confidentiality of data transmission between sensors and an ally fusion center (AFC) over insecure links. For the typical security problem of WSN's binary hypothesis testing of a target's state, sensors were divided into flipping and non-flipping groups according to the outputs of a pseudo-random function which was held by sensors and the AFC. Then in order to prevent an enemy fusion center (EFC) from eavesdropping, the binary outputs from the flipping group were intentionally flipped to hinder the EFC's data fusion. Accordingly, the AFC performed inverse flipping to recover the flipped data before data fusion. We extended the scheme to a more common scenario with multiple scales of sensor quantification and candidate states. The underlying idea was that the sensor measurements were randomly mapped to other quantification scales using a mapping matrix, which ensured that as long as the EFC was not aware of the matrix, it could not distract any useful information from the captured data, while the AFC could appropriately perform data fusion based on the inverse mapping of the sensor outputs.
Collapse
|