1
|
Mahadevappa P, Murugesan RK, Al-amri R, Thabit R, Al-Ghushami AH, Alkawsi G. A secure edge computing model using machine learning and IDS to detect and isolate intruders. MethodsX 2024; 12:102597. [PMID: 38379716 PMCID: PMC10877948 DOI: 10.1016/j.mex.2024.102597] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/16/2023] [Accepted: 01/31/2024] [Indexed: 02/22/2024] Open
Abstract
The article presents a secure edge computing model that utilizes machine learning for intrusion detection and isolation. It addresses the security challenges arising from the rapid expansion of IoT and edge computing. The proposed Intrusion Detection System (IDS) combines Linear Discriminant Analysis (LDA) and Logistic Regression (LR) to swiftly and accurately identify intrusions without alerting neighboring devices. The model outperforms existing solutions with an accuracy of 96.56%, precision of 95.78%, and quick training time (0.04 s). It is effective against various types of attacks, enhancing the security of edge networks for IoT applications. •The methodology employs a hybrid model that combines LDA and LR for intrusion detection.•Machine learning techniques are used to analyze and identify intrusive activities during data acquisition by edge nodes.•The methodology includes a mechanism to isolate suspected devices and data without notifying neighboring edge nodes to prevent intruders from gaining control over the edge network.
Collapse
Affiliation(s)
| | | | - Redhwan Al-amri
- Centre for Professional Learning & Leadership, Institute of Education and Humanities, University of Wales Trinity Saint David, Swansea, UK
| | - Reema Thabit
- Department of Computing, College of Computing and Informatics (CCI), Universiti Tenaga Nasional (UNITEN), Kajang, Selangor 43000, Malaysia
| | | | - Gamal Alkawsi
- Institute of Sustainable Energy, Universiti Tenaga Nasional, Kajang 43000, Malaysia
| |
Collapse
|
2
|
Mahindru A, Arora H, Kumar A, Gupta SK, Mahajan S, Kadry S, Kim J. PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detection. Sci Rep 2024; 14:10724. [PMID: 38730228 DOI: 10.1038/s41598-024-60982-y] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/14/2023] [Accepted: 04/29/2024] [Indexed: 05/12/2024] Open
Abstract
The challenge of developing an Android malware detection framework that can identify malware in real-world apps is difficult for academicians and researchers. The vulnerability lies in the permission model of Android. Therefore, it has attracted the attention of various researchers to develop an Android malware detection model using permission or a set of permissions. Academicians and researchers have used all extracted features in previous studies, resulting in overburdening while creating malware detection models. But, the effectiveness of the machine learning model depends on the relevant features, which help in reducing the value of misclassification errors and have excellent discriminative power. A feature selection framework is proposed in this research paper that helps in selecting the relevant features. In the first stage of the proposed framework, t-test, and univariate logistic regression are implemented on our collected feature data set to classify their capacity for detecting malware. Multivariate linear regression stepwise forward selection and correlation analysis are implemented in the second stage to evaluate the correctness of the features selected in the first stage. Furthermore, the resulting features are used as input in the development of malware detection models using three ensemble methods and a neural network with six different machine-learning algorithms. The developed models' performance is compared using two performance parameters: F-measure and Accuracy. The experiment is performed by using half a million different Android apps. The empirical findings reveal that malware detection model developed using features selected by implementing proposed feature selection framework achieved higher detection rate as compared to the model developed using all extracted features data set. Further, when compared to previously developed frameworks or methodologies, the experimental results indicates that model developed in this study achieved an accuracy of 98.8%.
Collapse
Affiliation(s)
- Arvind Mahindru
- Department of Computer Science and applications, D.A.V. University, Sarmastpur, Jalandhar, 144012, India.
| | - Himani Arora
- Department of Mathematics, Guru Nanak Dev University, Amritsar, India
| | - Abhinav Kumar
- Department of Nuclear and Renewable Energy, Ural Federal University Named after the First President of Russia Boris Yeltsin, Ekaterinburg, Russia, 620002
| | - Sachin Kumar Gupta
- Department of Electronics and Communication Engineering, Central University of Jammu, Jammu, 181143, UT of J&K, India.
- School of Electronics and Communication Engineering, Shri Mata Vaishno Devi University, Katra, 182320, UT of J&K, India.
| | - Shubham Mahajan
- Department of Applied Data Science, Noroff University College, Kristiansand, Norway.
| | - Seifedine Kadry
- Department of Applied Data Science, Noroff University College, Kristiansand, Norway
- Artificial Intelligence Research Center (AIRC), Ajman University, Ajman, 346, United Arab Emirates
- MEU Research Unit, Middle East University, Amman 11831, Jordan
- Applied Science Research Center, Applied Science Private University, Amman, Jordan
| | - Jungeun Kim
- Department of Software, Department of Computer Science and Engineering, Kongju National University, Cheonan, 31080, Korea.
| |
Collapse
|
3
|
Mogollón Gutiérrez Ó, Sancho Núñez JC, Ávila M, Caro A. A detailed study of resampling algorithms for cyberattack classification in engineering applications. PeerJ Comput Sci 2024; 10:e1975. [PMID: 38660195 PMCID: PMC11041950 DOI: 10.7717/peerj-cs.1975] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/12/2023] [Accepted: 03/11/2024] [Indexed: 04/26/2024]
Abstract
The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it's crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one-vs-rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.
Collapse
Affiliation(s)
| | | | - Mar Ávila
- Escuela Politecnica, University of Extremadura, Cáceres, Cáceres, Spain
| | - Andrés Caro
- Escuela Politecnica, University of Extremadura, Cáceres, Cáceres, Spain
| |
Collapse
|
4
|
Wang Z, Ghaleb FA, Zainal A, Siraj MM, Lu X. An efficient intrusion detection model based on convolutional spiking neural network. Sci Rep 2024; 14:7054. [PMID: 38528084 DOI: 10.1038/s41598-024-57691-x] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/25/2024] [Accepted: 03/20/2024] [Indexed: 03/27/2024] Open
Abstract
Many intrusion detection techniques have been developed to ensure that the target system can function properly under the established rules. With the booming Internet of Things (IoT) applications, the resource-constrained nature of its devices makes it urgent to explore lightweight and high-performance intrusion detection models. Recent years have seen a particularly active application of deep learning (DL) techniques. The spiking neural network (SNN), a type of artificial intelligence that is associated with sparse computations and inherent temporal dynamics, has been viewed as a potential candidate for the next generation of DL. It should be noted, however, that current research into SNNs has largely focused on scenarios where limited computational resources and insufficient power sources are not considered. Consequently, even state-of-the-art SNN solutions tend to be inefficient. In this paper, a lightweight and effective detection model is proposed. With the help of rational algorithm design, the model integrates the advantages of SNNs as well as convolutional neural networks (CNNs). In addition to reducing resource usage, it maintains a high level of classification accuracy. The proposed model was evaluated against some current state-of-the-art models using a comprehensive set of metrics. Based on the experimental results, the model demonstrated improved adaptability to environments with limited computational resources and energy sources.
Collapse
Affiliation(s)
- Zhen Wang
- Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru, 81310, Johor, Malaysia
- School of Data Science and Artificial Intelligence, Wenzhou University of Technology, Wenzhou, 325035, Zhejiang, China
| | - Fuad A Ghaleb
- College of Computing and Digital Technology, Birmingham City University, Birmingham, B47XG, United Kingdom
| | - Anazida Zainal
- Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru, 81310, Johor, Malaysia
| | - Maheyzah Md Siraj
- Faculty of Computing, Universiti Teknologi Malaysia, Johor Bahru, 81310, Johor, Malaysia
| | - Xing Lu
- School of Data Science and Artificial Intelligence, Wenzhou University of Technology, Wenzhou, 325035, Zhejiang, China.
| |
Collapse
|
5
|
Wardana AA, Kołaczek G, Warzyński A, Sukarno P. Ensemble averaging deep neural network for botnet detection in heterogeneous Internet of Things devices. Sci Rep 2024; 14:3878. [PMID: 38365928 PMCID: PMC10873349 DOI: 10.1038/s41598-024-54438-6] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/25/2023] [Accepted: 02/13/2024] [Indexed: 02/18/2024] Open
Abstract
The botnet attack is one of the coordinated attack types that can infect Internet of Things (IoT) devices and cause them to malfunction. Botnets can steal sensitive information from IoT devices and control them to launch another attack, such as a Distributed Denial-of-Service (DDoS) attack or email spam. This attack is commonly detected using a network-based Intrusion Detection System (NIDS) that monitors the network device's activity. However, IoT network is dynamic and IoT devices have many types with different configurations and vendors in IoT environments. Therefore, this research proposes an Intrusion Detection System (IDS) by ensemble-ing traffic from heterogeneous IoT devices. This research proposes Deep Neural Network (DNN) to create a training model from each heterogeneous IoT device. After that, each training model from each heterogeneous IoT device is used to predict the traffic. The prediction results from each training model are averaged using the ensemble averaging method to determine the final result. This research used the N-BaIoT dataset to validate the proposed IDS model. Based on experimental results, ensemble averaging DNN can detect botnet attacks in heterogeneous IoT devices with an average accuracy of 97.21, precision of 91.41, recall of 87.31, and F1-score 88.48.
Collapse
|
6
|
Naqvi SSA, Li Y, Uzair M. DDoS attack detection in smart grid network using reconstructive machine learning models. PeerJ Comput Sci 2024; 10:e1784. [PMID: 38259891 PMCID: PMC10803083 DOI: 10.7717/peerj-cs.1784] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/22/2023] [Accepted: 12/07/2023] [Indexed: 01/24/2024]
Abstract
Network attacks pose a significant challenge for smart grid networks, mainly due to the existence of several multi-directional communication devices coupling consumers to the grid. One of the network attacks that can affect the smart grid is the distributed denial of service (DDoS), where numerous compromised communication devices/nodes of the grid flood the smart grid network with false data and requests, leading to disruptions in smart meters, data servers, and the state estimator, ultimately effecting the services for end-users. Machine learning-based strategies show distinctive benefits in resolving the challenge of securing the network from DDoS attacks. Regardless, a notable hindrance in deploying machine learning-based techniques is the requirement of model retraining whenever new attack classes arise. Practically, disrupting the normal operations of smart grid is really discouraged. To handle this challenge effectively and detect DDoS attacks without major disruptions, we propose the deployment of reconstructive deep learning techniques. A primary benefit of our proposed technique is the minimum disruption during the introduction of a new attack class, even after complete deployment. We trained several deep and shallow reconstructive models to get representations for each attack type separately, and we performed attack detection by class-specific reconstruction error-based classification. Our technique experienced rigid evaluation via multiple experiments using two well-acknowledged standard databases exclusively for DDoS attacks, including their subsets. Later, we performed a comparative estimation of our outcomes against six methods prevalent within the same domain. Our outcomes reveal that our technique attained higher accuracy, and notably eliminates the requirement of a complete model retraining in the event of the introduction of new attack classes. This method will not only boost the security of smart grid networks but also ensure the stability and reliability of normal operations, protecting the critical infrastructure from ever-evolving network attacks. As smart grid is advancing rapidly, our approach proposes a robust and adaptive way to overcome the continuous challenges posed by network attacks.
Collapse
Affiliation(s)
- Sardar Shan Ali Naqvi
- School of Control and Computer Engineering, North China Electric Power University, Beijing, China
| | - Yuancheng Li
- School of Control and Computer Engineering, North China Electric Power University, Beijing, China
| | - Muhammad Uzair
- Department of Computer Engineering, COMSATS Institute Of Information Technology, Wah cantt, Pakistan
| |
Collapse
|
7
|
Emanet S, Karatas Baydogmus G, Demir O. An ensemble learning based IDS using Voting rule: VEL-IDS. PeerJ Comput Sci 2023; 9:e1553. [PMID: 37810337 PMCID: PMC10557513 DOI: 10.7717/peerj-cs.1553] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 05/04/2023] [Accepted: 08/04/2023] [Indexed: 10/10/2023]
Abstract
Intrusion detection systems (IDSs) analyze internet activities and traffic to detect potential attacks, thereby safeguarding computer systems. In this study, researchers focused on developing an advanced IDS that achieves high accuracy through the application of feature selection and ensemble learning methods. The utilization of the CIC-CSE-IDS2018 dataset for training and testing purposes adds relevance to the study. The study comprised two key stages, each contributing to its significance. In the first stage, the researchers reduced the dataset through strategic feature selection and carefully selected algorithms for ensemble learning. This process optimizes the IDS's performance by selecting the most informative features and leveraging the strengths of different classifiers. In the second stage, the ensemble learning approach was implemented, resulting in a powerful model that combines the benefits of multiple algorithms. The results of the study demonstrate its impact on improving attack detection and reducing detection time. By applying techniques such as Spearman's correlation analysis, recursive feature elimination (RFE), and chi-square test methods, the researchers identified key features that enhance the IDS's performance. Furthermore, the comparison of different classifiers showcased the effectiveness of models such as extra trees, decision trees, and logistic regression. These models not only achieved high accuracy rates but also considered the practical aspect of execution time. The study's overall significance lies in its contribution to advancing IDS capabilities and improving computer security. By adopting an ensemble learning approach and carefully selecting features and classifiers, the researchers created a model that outperforms individual classifier approaches. This model, with its high accuracy rate, further validates the effectiveness of ensemble learning in enhancing IDS performance. The findings of this study have the potential to drive future developments in intrusion detection systems and have a tangible impact on ensuring robust computer security in various domains.
Collapse
Affiliation(s)
- Sura Emanet
- Marmara University Istanbul, Istanbul, Turkey
| | | | - Onder Demir
- Marmara University Istanbul, Istanbul, Turkey
| |
Collapse
|
8
|
Wang Z, Chen H, Yang S, Luo X, Li D, Wang J. A lightweight intrusion detection method for IoT based on deep learning and dynamic quantization. PeerJ Comput Sci 2023; 9:e1569. [PMID: 37810346 PMCID: PMC10557502 DOI: 10.7717/peerj-cs.1569] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/01/2023] [Accepted: 08/14/2023] [Indexed: 10/10/2023]
Abstract
Intrusion detection ensures that IoT can protect itself against malicious intrusions in extensive and intricate network traffic data. In recent years, deep learning has been extensively and effectively employed in IoT intrusion detection. However, the limited computing power and storage space of IoT devices restrict the feasibility of deploying resource-intensive intrusion detection systems on them. This article introduces the DL-BiLSTM lightweight IoT intrusion detection model. By combining deep neural networks (DNNs) and bidirectional long short-term memory networks (BiLSTMs), the model enables nonlinear and bidirectional long-distance feature extraction of complex network information. This capability allows the system to capture complex patterns and behaviors related to cyber-attacks, thus enhancing detection performance. To address the resource constraints of IoT devices, the model utilizes the incremental principal component analysis (IPCA) algorithm for feature dimensionality reduction. Additionally, dynamic quantization is employed to trim the specified cell structure of the model, thereby reducing the computational burden on IoT devices while preserving accurate detection capability. The experimental results on the benchmark datasets CIC IDS2017, N-BaIoT, and CICIoT2023 demonstrate that DL-BiLSTM surpasses traditional deep learning models and cutting-edge detection techniques in terms of detection performance, while maintaining a lower model complexity.
Collapse
Affiliation(s)
- Zhendong Wang
- School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China
| | - Hui Chen
- School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China
| | - Shuxin Yang
- School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China
| | - Xiao Luo
- School of Electrical Engineering ang Automation, Jiangxi University of Science and Technology, Ganzhou, China
| | - Dahai Li
- School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China
| | - Junling Wang
- School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou, China
| |
Collapse
|
9
|
Abbas Q, Hina S, Sajjad H, Zaidi KS, Akbar R. Optimization of predictive performance of intrusion detection system using hybrid ensemble model for secure systems. PeerJ Comput Sci 2023; 9:e1552. [PMID: 37705624 PMCID: PMC10496009 DOI: 10.7717/peerj-cs.1552] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/26/2023] [Accepted: 08/03/2023] [Indexed: 09/15/2023]
Abstract
Network intrusion is one of the main threats to organizational networks and systems. Its timely detection is a profound challenge for the security of networks and systems. The situation is even more challenging for small and medium enterprises (SMEs) of developing countries where limited resources and investment in deploying foreign security controls and development of indigenous security solutions are big hurdles. A robust, yet cost-effective network intrusion detection system is required to secure traditional and Internet of Things (IoT) networks to confront such escalating security challenges in SMEs. In the present research, a novel hybrid ensemble model using random forest-recursive feature elimination (RF-RFE) method is proposed to increase the predictive performance of intrusion detection system (IDS). Compared to the deep learning paradigm, the proposed machine learning ensemble method could yield the state-of-the-art results with lower computational cost and less training time. The evaluation of the proposed ensemble machine leaning model shows 99%, 98.53% and 99.9% overall accuracy for NSL-KDD, UNSW-NB15 and CSE-CIC-IDS2018 datasets, respectively. The results show that the proposed ensemble method successfully optimizes the performance of intrusion detection systems. The outcome of the research is significant and contributes to the performance efficiency of intrusion detection systems and developing secure systems and applications.
Collapse
Affiliation(s)
- Qaiser Abbas
- University of Engineering and Technology, Lahore, Pakistan
| | | | - Hamza Sajjad
- University of Engineering and Technology Lahore, Lahore, Pakistan
| | | | - Rehan Akbar
- Computer and Information Sciences Department, Universiti Teknologi PETRONAS, Seri Iskandar, Malaysia
| |
Collapse
|
10
|
Dobrojevic M, Zivkovic M, Chhabra A, Sani NS, Bacanin N, Mohd Amin M. Addressing Internet of Things security by enhanced sine cosine metaheuristics tuned hybrid machine learning model and results interpretation based on SHAP approach. PeerJ Comput Sci 2023; 9:e1405. [PMID: 37409075 PMCID: PMC10319270 DOI: 10.7717/peerj-cs.1405] [Citation(s) in RCA: 2] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/23/2023] [Accepted: 04/27/2023] [Indexed: 07/07/2023]
Abstract
An ever increasing number of electronic devices integrated into the Internet of Things (IoT) generates vast amounts of data, which gets transported via network and stored for further analysis. However, besides the undisputed advantages of this technology, it also brings risks of unauthorized access and data compromise, situations where machine learning (ML) and artificial intelligence (AI) can help with detection of potential threats, intrusions and automation of the diagnostic process. The effectiveness of the applied algorithms largely depends on the previously performed optimization, i.e., predetermined values of hyperparameters and training conducted to achieve the desired result. Therefore, to address very important issue of IoT security, this article proposes an AI framework based on the simple convolutional neural network (CNN) and extreme machine learning machine (ELM) tuned by modified sine cosine algorithm (SCA). Not withstanding that many methods for addressing security issues have been developed, there is always a possibility for further improvements and proposed research tried to fill in this gap. The introduced framework was evaluated on two ToN IoT intrusion detection datasets, that consist of the network traffic data generated in Windows 7 and Windows 10 environments. The analysis of the results suggests that the proposed model achieved superior level of classification performance for the observed datasets. Additionally, besides conducting rigid statistical tests, best derived model is interpreted by SHapley Additive exPlanations (SHAP) analysis and results findings can be used by security experts to further enhance security of IoT systems.
Collapse
Affiliation(s)
- Milos Dobrojevic
- Informatics and Computing, Singidunum University, Belgrade, Serbia
| | - Miodrag Zivkovic
- Informatics and Computing, Singidunum University, Belgrade, Serbia
| | - Amit Chhabra
- Department of Computer Engineering & Technology, Guru Nanak Dev University, Amritsar, India
| | - Nor Samsiah Sani
- Center for Artificial Intelligence Technology, Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia
| | - Nebojsa Bacanin
- Informatics and Computing, Singidunum University, Belgrade, Serbia
| | - Maifuza Mohd Amin
- Center for Artificial Intelligence Technology, Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia
| |
Collapse
|
11
|
Hassan F, Yu J, Syed ZS, Ahmed N, Reshan MSA, Shaikh A. Achieving model explainability for intrusion detection in VANETs with LIME. PeerJ Comput Sci 2023; 9:e1440. [PMID: 37409077 PMCID: PMC10319271 DOI: 10.7717/peerj-cs.1440] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/13/2023] [Accepted: 05/24/2023] [Indexed: 07/07/2023]
Abstract
Vehicular ad hoc networks (VANETs) are intelligent transport subsystems; vehicles can communicate through a wireless medium in this system. There are many applications of VANETs such as traffic safety and preventing the accident of vehicles. Many attacks affect VANETs communication such as denial of service (DoS) and distributed denial of service (DDoS). In the past few years the number of DoS (denial of service) attacks are increasing, so network security and protection of the communication systems are challenging topics; intrusion detection systems need to be improved to identify these attacks effectively and efficiently. Many researchers are currently interested in enhancing the security of VANETs. Based on intrusion detection systems (IDS), machine learning (ML) techniques were employed to develop high-security capabilities. A massive dataset containing application layer network traffic is deployed for this purpose. Interpretability technique Local interpretable model-agnostic explanations (LIME) technique for better interpretation model functionality and accuracy. Experimental results demonstrate that utilizing a random forest (RF) classifier achieves 100% accuracy, demonstrating its capability to identify intrusion-based threats in a VANET setting. In addition, LIME is applied to the RF machine learning model to explain and interpret the classification, and the performance of machine learning models is evaluated in terms of accuracy, recall, and F1 score.
Collapse
Affiliation(s)
- Fayaz Hassan
- Beijing Key Laboratory of Work Safety Intelligent Monitoring, School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing, China
| | - Jianguo Yu
- Beijing Key Laboratory of Work Safety Intelligent Monitoring, School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing, China
| | - Zafi Sherhan Syed
- Department of Telecommunication Engineering, Mehran University of Engineering and Technology Jamshoro, Jamshoro, Pakistan
| | - Nadeem Ahmed
- State Key Laboratory of Wireless Network Positioning and Communication Engineering Integration Research, School of Electronics Engineering, Beijing University of Posts and Telecommunications, Beijing, China
| | - Mana Saleh Al Reshan
- Department of Information System, College of Computer Science and Information Systems, Najran University, Najran, Saudi Arabia
| | - Asadullah Shaikh
- Department of Information System, College of Computer Science and Information Systems, Najran University, Najran, Saudi Arabia
| |
Collapse
|
12
|
Diaba SY, Elmusrati M. Proposed algorithm for smart grid DDoS detection based on deep learning. Neural Netw 2023; 159:175-184. [PMID: 36577364 DOI: 10.1016/j.neunet.2022.12.011] [Citation(s) in RCA: 5] [Impact Index Per Article: 5.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/16/2022] [Revised: 10/27/2022] [Accepted: 12/14/2022] [Indexed: 12/24/2022]
Abstract
The Smart Grid's objective is to increase the electric grid's dependability, security, and efficiency through extensive digital information and control technology deployment. As a result, it is necessary to apply real-time analysis and state estimation-based techniques to ensure efficient controls are implemented correctly. These systems are vulnerable to cyber-attacks, posing significant risks to the Smart Grid's overall availability due to their reliance on communication technology. Therefore, effective intrusion detection algorithms are required to mitigate such attacks. In dealing with these uncertainties, we propose a hybrid deep learning algorithm that focuses on Distributed Denial of Service attacks on the communication infrastructure of the Smart Grid. The proposed algorithm is hybridized by the Convolutional Neural Network and the Gated Recurrent Unit algorithms. Simulations are done using a benchmark cyber security dataset of the Canadian Institute of Cybersecurity Intrusion Detection System. According to the simulation results, the proposed algorithm outperforms the current intrusion detection algorithms, with an overall accuracy rate of 99.7%.
Collapse
Affiliation(s)
- Sayawu Yakubu Diaba
- Department of Telecommunication Engineering, School of Technology and Innovations, University of Vaasa, Vaasa, Finland.
| | - Mohammed Elmusrati
- Department of Telecommunication Engineering, School of Technology and Innovations, University of Vaasa, Vaasa, Finland
| |
Collapse
|
13
|
Mvula PK, Branco P, Jourdan GV, Viktor HL. A systematic literature review of cyber-security data repositories and performance assessment metrics for semi-supervised learning. Discov Data 2023; 1:4. [PMID: 37038388 PMCID: PMC10079755 DOI: 10.1007/s44248-023-00003-x] [Citation(s) in RCA: 2] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 01/27/2023] [Accepted: 03/21/2023] [Indexed: 04/12/2023]
Abstract
In Machine Learning, the datasets used to build models are one of the main factors limiting what these models can achieve and how good their predictive performance is. Machine Learning applications for cyber-security or computer security are numerous including cyber threat mitigation and security infrastructure enhancement through pattern recognition, real-time attack detection, and in-depth penetration testing. Therefore, for these applications in particular, the datasets used to build the models must be carefully thought to be representative of real-world data. However, because of the scarcity of labelled data and the cost of manually labelling positive examples, there is a growing corpus of literature utilizing Semi-Supervised Learning with cyber-security data repositories. In this work, we provide a comprehensive overview of publicly available data repositories and datasets used for building computer security or cyber-security systems based on Semi-Supervised Learning, where only a few labels are necessary or available for building strong models. We highlight the strengths and limitations of the data repositories and sets and provide an analysis of the performance assessment metrics used to evaluate the built models. Finally, we discuss open challenges and provide future research directions for using cyber-security datasets and evaluating models built upon them.
Collapse
Affiliation(s)
- Paul K. Mvula
- Present Address: School of Electrical Engineering and Computer Science (EECS), University of Ottawa, 800 King Edward Avenue, Ottawa, K1N 6N5 ON Canada
| | - Paula Branco
- Present Address: School of Electrical Engineering and Computer Science (EECS), University of Ottawa, 800 King Edward Avenue, Ottawa, K1N 6N5 ON Canada
| | - Guy-Vincent Jourdan
- Present Address: School of Electrical Engineering and Computer Science (EECS), University of Ottawa, 800 King Edward Avenue, Ottawa, K1N 6N5 ON Canada
| | - Herna L. Viktor
- Present Address: School of Electrical Engineering and Computer Science (EECS), University of Ottawa, 800 King Edward Avenue, Ottawa, K1N 6N5 ON Canada
| |
Collapse
|
14
|
Zivkovic M, Tair M, K V, Bacanin N, Hubálovský Š, Trojovský P. Novel hybrid firefly algorithm: an application to enhance XGBoost tuning for intrusion detection classification. PeerJ Comput Sci 2022; 8:e956. [PMID: 35634110 PMCID: PMC9137854 DOI: 10.7717/peerj-cs.956] [Citation(s) in RCA: 4] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/03/2022] [Accepted: 04/01/2022] [Indexed: 06/15/2023]
Abstract
The research proposed in this article presents a novel improved version of the widely adopted firefly algorithm and its application for tuning and optimising XGBoost classifier hyper-parameters for network intrusion detection. One of the greatest issues in the domain of network intrusion detection systems are relatively high false positives and false negatives rates. In the proposed study, by using XGBoost classifier optimised with improved firefly algorithm, this challenge is addressed. Based on the established practice from the modern literature, the proposed improved firefly algorithm was first validated on 28 well-known CEC2013 benchmark instances a comparative analysis with the original firefly algorithm and other state-of-the-art metaheuristics was conducted. Afterwards, the devised method was adopted and tested for XGBoost hyper-parameters optimisation and the tuned classifier was tested on the widely used benchmarking NSL-KDD dataset and more recent USNW-NB15 dataset for network intrusion detection. Obtained experimental results prove that the proposed metaheuristics has significant potential in tackling machine learning hyper-parameters optimisation challenge and that it can be used for improving classification accuracy and average precision of network intrusion detection systems.
Collapse
Affiliation(s)
| | | | - Venkatachalam K
- Department of Applied Cybernetics, Faculty of Science, University of Hradec Králové, Hradec Kralove, Hradec Kralove, Czech Republic
| | | | - Štěpán Hubálovský
- Department of Applied Cybernetics, Faculty of Science, University of Hradec Králové, Hradec Kralove, Hradec Kralove, Czech Republic
| | - Pavel Trojovský
- Department of Mathematics, Faculty of Science, University of Hradec Králové, Hradec Kralove, Hradec Kralove, Czech Republic
| |
Collapse
|
15
|
Gujral H, Sharma A, Jain P, Juneja S, Mittal S. Design and Implementation of a Quantitative Network Health Monitoring and Recovery System. Wirel Pers Commun 2022; 125:367-397. [PMID: 35370363 PMCID: PMC8951673 DOI: 10.1007/s11277-022-09554-9] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Accepted: 01/23/2022] [Indexed: 06/14/2023]
Abstract
A network health monitoring system focuses on the quantification of the network's health by taking into account various security flaws, leaks, and vulnerabilities. A plethora of propriety tools and patents are available for network health quantification. However, there is a paucity of available research and literature in this field. Thus, in this study, we present an architectural design of a network health monitoring system. The design focuses on the quantification of the network health of each end-user as well as the entire network. The network health score for each end-user is quantified by identifying (1) illicit egress-ingress traffic, (2) anomalous fingerprints, and (3) system-network vulnerabilities based on the NVD-CVSS (National Vulnerability Database, Common Vulnerability Severity Score) standards. An overall network-health score is produced, along with a prevention and recovery mechanism that is triggered upon the detection of an anomaly. The proposed system is implemented in a local area network and has demonstrated to protect the network against various threats successfully. The study is concluded by comparing the proposed tool with the popular propriety tools available in the field. The results outline that the proposed system garners features of open-source tools and enriches them by introducing a state-of-the-art architecture coupled with multiple novel features like exhaustive identification of vulnerability and detection of network aberrations using timers.
Collapse
Affiliation(s)
- Harshit Gujral
- Department of Computer Science, University of Toronto, Toronto, Canada
| | - Abhinav Sharma
- Department of Computer Science Engineering and IT, Jaypee Institute of Information Technology, Noida, India
| | - Pulkit Jain
- Department of Computer Science Engineering and IT, Jaypee Institute of Information Technology, Noida, India
| | - Shriya Juneja
- Department of Computer Science Engineering and IT, Jaypee Institute of Information Technology, Noida, India
| | - Sangeeta Mittal
- Department of Computer Science Engineering and IT, Jaypee Institute of Information Technology, Noida, India
| |
Collapse
|
16
|
Kantzavelou I, Maglaras L, Tzikopoulos PF, Katsikas S. A multiplayer game model to detect insiders in wireless sensor networks. PeerJ Comput Sci 2022; 8:e791. [PMID: 35174260 PMCID: PMC8802792 DOI: 10.7717/peerj-cs.791] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/06/2020] [Accepted: 11/01/2021] [Indexed: 06/14/2023]
Abstract
Insiders might have incentives and objectives opposed to those of the belonging organization. It is hard to detect them because of their privileges that partially protect them. In Wireless Sensor Networks (WSNs), significant security issues arise, including compromised nodes by insiders that disrupt the normal network operation. Immediate defensive actions to isolate malicious nodes would mitigate any related impacts. A multiplayer game model is proposed as a solution to the problem of insider attacks in WSNs, the Game of Wireless Sensor Networks (GoWiSeN). It is an imperfect information game, formulated with the use of non-cooperative game theory, holding the assumption that all players are rational. The model consists of several Local Intrusion Detection Systems (LIDSs), which are located to different nodes and communicate with a Global Intrusion Detection System (GIDS). Each LIDS gives suggestions whether the monitoring node is trusted or not. The game is being played between a potential attacker, the nodes and the GIDS. The GIDS is responsible for making a final decision and for isolating a compromised node in case of an internal attack. The theoretical model represents these interactions in an extensive form game. The formal elements of the game are specified, the outcomes of the game are quantified by first specifying players' preferences, and then, by using the von Neumann-Morgenstern utility function, and payoffs are obtained. The game is constructed and solved, by locating NE in pure and mixed strategies. Experimental evaluations conducted on real network datasets, using IDSs of different capabilities, simulate special cases and compromised nodes in a WSN, verify the model efficiency, and show how the game should be played.
Collapse
Affiliation(s)
| | - Leandros Maglaras
- Cyber Technology Institute, De Montfort University Leicester, Leicester, UK, United Kingdom
| | | | | |
Collapse
|
17
|
Abstract
This paper presents Duenna, an authentication framework for smart home systems (SHSs). When using controlling apps (e.g., a smartphone app), Duenna makes sure that only legitimate SHS users are allowed to operate their Internet of things (IoT) devices. Duenna is built upon a behavioral anomaly detection (BAD)-based approach. In particular, we hypothesize that SHS users usually operate their home IoT devices in typical and distinctive patterns. Therefore, users that attempt to operate devices differently from such a regular behavior are considered malicious. Technically, Duenna operates in two modes. In an initialization operation, Duenna first collects and processes the historical cyber and physical activities of an SHS user in addition to the historical states of the SHS itself to build a set of incremental anomaly detection (AD) models. Then, in an interactive operation, the trained AD models are, then, used as a baseline from which anomalous commands (i.e., outliers) are detected and rejected, while regular commands (i.e., targets) are considered legitimate and allowed to be executed. Through an empirical evaluation conducted on real-world data, Duenna exhibits high authentication rates ensuring both security and user experience. The findings obtained from such evaluation show that a user behavior-based approach is a promising security scheme that could be integrated into existing SHS platforms.
Collapse
Affiliation(s)
- Noureddine Amraoui
- Mediatron Research Laboratory, Higher School of Communications of Tunis, University of Carthage, Technology City of Communications, El Ghazala, 2083 Ariana Tunisia
| | - Belhassen Zouari
- Mediatron Research Laboratory, Higher School of Communications of Tunis, University of Carthage, Technology City of Communications, El Ghazala, 2083 Ariana Tunisia
| |
Collapse
|
18
|
Wang W, Harrou F, Bouyeddou B, Senouci SM, Sun Y. A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems. Cluster Comput 2021; 25:561-578. [PMID: 34629940 PMCID: PMC8490144 DOI: 10.1007/s10586-021-03426-w] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 03/05/2021] [Revised: 09/09/2021] [Accepted: 09/17/2021] [Indexed: 06/13/2023]
Abstract
Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method's performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.
Collapse
Affiliation(s)
- Wu Wang
- Center for Applied Statistics and School of Statistics, Renmin University of China, Beijing, 100872 China
| | - Fouzi Harrou
- CEMSE Division, King Abdullah University of Science and Technology (KAUST), Thuwal, 23955-6900 Saudi Arabia
| | - Benamar Bouyeddou
- STIC Lab, Department of Telecommunications, Abou Bekr Belkaid University, Tlemcen, Algeria
| | | | - Ying Sun
- CEMSE Division, King Abdullah University of Science and Technology (KAUST), Thuwal, 23955-6900 Saudi Arabia
| |
Collapse
|
19
|
Hsu CY, Wang S, Qiao Y. Intrusion detection by machine learning for multimedia platform. Multimed Tools Appl 2021; 80:29643-29656. [PMID: 34248394 PMCID: PMC8260568 DOI: 10.1007/s11042-021-11100-x] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/05/2020] [Revised: 04/27/2021] [Accepted: 05/21/2021] [Indexed: 06/01/2023]
Abstract
The multimedia service company, Netflix, increased the number of new subscribers during the Coronavirus pandemic age. Intrusion detection systems for multimedia platforms can prevent the platform from network attacks. An intelligent intrusion detection system is proposed for the security IP Multimedia Subsystem (IMS) based on machine learning technology. For increasing the accuracy of the classifiers, it is vital to select the critical features to construct the intrusion detection system. Two-class classifiers, including the Decision Tree, Support Vector Machine, and Naive Bayesian, are selected to evaluate intrusion detection accuracy. According to the three classifiers' accuracy values, the most critical features are selected based on the features' ranking orders. Six critical features are selected:Service, dst_host_same_srv_rate, Flag, Protocol Type, Dst_host_rerror_rate, and Count. Numerical comparison with state_of_the_art shows that critical features improve intrusion detection accuracy, which can be better than the deep learning method.
Collapse
Affiliation(s)
- Chih-Yu Hsu
- Fujian Provincial Key Laboratory of Big Data Mining and Applications, School of Computer Science and Mathematics, Fujian University of Technology, Fuzhou, 350118 China
| | - Shuai Wang
- School of Computer Science and Mathematics, Fujian University of Technology, Fuzhou, 350118 China
| | - Yu Qiao
- STEM, University of South Austrilia, Mawson Lakes, SA 5095 Australia
| |
Collapse
|
20
|
Binbusayyis A, Vaiyapuri T. Comprehensive analysis and recommendation of feature evaluation measures for intrusion detection. Heliyon 2020; 6:e04262. [PMID: 32685709 PMCID: PMC7355994 DOI: 10.1016/j.heliyon.2020.e04262] [Citation(s) in RCA: 12] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/13/2019] [Revised: 05/06/2020] [Accepted: 06/17/2020] [Indexed: 01/17/2023] Open
Abstract
The revolutionary advances in network technologies have spearheaded the design of advanced cyberattacks to surpass traditional security defense with dreadful consequences. Recently, Intrusion Detection System (IDS) is considered as a pivotal element in network security infrastructures to achieve solid line of protection against cyberattacks. The prime challenges presented to IDS are curse of high dimensionality and class imbalance that tends to increase the detection time and degrade the efficiency of IDS. As a result, feature selection plays an important role in enabling to identify the most significant features for intrusion detection. Although, several feature evaluation measures are being proposed for feature selection in literature, there is no consensus on which measures are best for intrusion detection. Therein, this work aims at recommending the most appropriate feature evaluation measure for building an efficient IDS. In this direction, four filter-based feature evaluation measures that stem from different theories such as Consistency, Correlation, Information and Distance are investigated for their potential implications in enhancing the detection ability of IDS model for different classes of attacks. Along with this, the influence of the selected features on classification accuracy of an IDS model is analyzed using four different categories of classifiers namely, K-nearest neighbors (KNN), Random Forest (RF), Support Vector Machine (SVM) and Deep Belief Network (DBN). Finally, a two-step statistical significance test is conducted on the experimental results to determine which feature evaluation measure contributes statistically significant difference in IDS performance. All the experimental comparisons are performed on two benchmark intrusion detection datasets, NSL-KDD and UNSW-NB15. In these experiments, consistency measure has best influenced the IDS model in improving the detection ability with regard to detection rate (DR), false alarm rate (FAR), kappa statistics (KS) and identifying the most significant features for intrusion detection. Also, from the analysis results, it is revealed that RF is the ideal classifier to be used in conjunction with any of these four feature evaluation measures to achieve better detection accuracy than others. From the statistical results, we recommend the use of consistency measure for designing an efficient IDS in terms of DR and FAR.
Collapse
Affiliation(s)
- Adel Binbusayyis
- College of Computer Science and Engineering, Prince Sattam bin Abdulaziz University, AlKharj, Saudi Arabia
| | - Thavavel Vaiyapuri
- College of Computer Science and Engineering, Prince Sattam bin Abdulaziz University, AlKharj, Saudi Arabia
| |
Collapse
|
21
|
Abstract
Network intrusion detection based on anomaly detection techniques has a significant role in protecting networks and systems against harmful activities. Different metaheuristic techniques have been used for anomaly detector generation. Yet, reported literature has not studied the use of the multi-start metaheuristic method for detector generation. This paper proposes a hybrid approach for anomaly detection in large scale datasets using detectors generated based on multi-start metaheuristic method and genetic algorithms. The proposed approach has taken some inspiration of negative selection-based detector generation. The evaluation of this approach is performed using NSL-KDD dataset which is a modified version of the widely used KDD CUP 99 dataset. The results show its effectiveness in generating a suitable number of detectors with an accuracy of 96.1% compared to other competitors of machine learning algorithms.
Collapse
|