Cyberattack triage using incremental clustering for intrusion detection systems
- Authors: Taheri, Sona , Bagirov, Adil , Gondal, Iqbal , Brown, Simon
- Date: 2020
- Type: Text , Journal article
- Relation: International Journal of Information Security Vol. 19, no. 5 (2020), p. 597-607
- Relation: http://purl.org/au-research/grants/arc/DP190100580
- Full Text:
- Reviewed:
- Description: Intrusion detection systems (IDSs) are devices or software applications that monitor networks or systems for malicious activities and signals alerts/alarms when such activity is discovered. However, an IDS may generate many false alerts which affect its accuracy. In this paper, we develop a cyberattack triage algorithm to detect these alerts (so-called outliers). The proposed algorithm is designed using the clustering, optimization and distance-based approaches. An optimization-based incremental clustering algorithm is proposed to find clusters of different types of cyberattacks. Using a special procedure, a set of clusters is divided into two subsets: normal and stable clusters. Then, outliers are found among stable clusters using an average distance between centroids of normal clusters. The proposed algorithm is evaluated using the well-known IDS data sets—Knowledge Discovery and Data mining Cup 1999 and UNSW-NB15—and compared with some other existing algorithms. Results show that the proposed algorithm has a high detection accuracy and its false negative rate is very low. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.
- Description: This research was conducted in Internet Commerce Security Laboratory (ICSL) funded by Westpac Banking Corporation Australia. In addition, the research by Dr. Sona Taheri and A/Prof. Adil Bagirov was supported by the Australian Government through the Australian Research Council’s Discovery Projects funding scheme (DP190100580).
Robust malware defense in industrial IoT applications using machine learning with selective adversarial samples
- Authors: Khoda, Mahbub , Imam, Tasadduq , Kamruzzaman, Joarder , Gondal, Iqbal , Rahman, Ashfaqur
- Date: 2019
- Type: Text , Journal article
- Relation: IEEE Transactions on Industry Applications Vol.56, no 4. (2020), p. 4415-4424
- Full Text:
- Reviewed:
- Description: Industrial Internet of Things (IIoT) deploys edge devices to act as intermediaries between sensors and actuators and application servers or cloud services. Machine learning models have been widely used to thwart malware attacks in such edge devices. However, these models are vulnerable to adversarial attacks where attackers craft adversarial samples by introducing small perturbations to malware samples to fool a classifier to misclassify them as benign applications. Literature on deep learning networks proposes adversarial retraining as a defense mechanism where adversarial samples are combined with legitimate samples to retrain the classifier. However, existing works select such adversarial samples in a random fashion which degrades the classifier's performance. This work proposes two novel approaches for selecting adversarial samples to retrain a classifier. One, based on the distance from malware cluster center, and the other, based on a probability measure derived from a kernel based learning (KBL). Our experiments show that both of our sample selection methods outperform the random selection method and the KBL selection method improves detection accuracy by 6%. Also, while existing works focus on deep neural networks with respect to adversarial retraining, we additionally assess the impact of such adversarial samples on other classifiers and our proposed selective adversarial retraining approaches show similar performance improvement for these classifiers as well. The outcomes from the study can assist in designing robust security systems for IIoT applications.
Continuous patient monitoring with a patient centric agent : A block architecture
- Authors: Uddin, Ashraf , Stranieri, Andrew , Gondal, Iqbal , Balasubramanian, Venki
- Date: 2018
- Type: Text , Journal article
- Relation: IEEE Access Vol. 6, no. (2018), p. 32700-32726
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) has facilitated services without human intervention for a wide range of applications, including continuous remote patient monitoring (RPM). However, the complexity of RPM architectures, the size of data sets generated and limited power capacity of devices make RPM challenging. In this paper, we propose a tier-based End to End architecture for continuous patient monitoring that has a patient centric agent (PCA) as its center piece. The PCA manages a blockchain component to preserve privacy when data streaming from body area sensors needs to be stored securely. The PCA based architecture includes a lightweight communication protocol to enforce security of data through different segments of a continuous, real time patient monitoring architecture. The architecture includes the insertion of data into a personal blockchain to facilitate data sharing amongst healthcare professionals and integration into electronic health records while ensuring privacy is maintained. The blockchain is customized for RPM with modifications that include having the PCA select a Miner to reduce computational effort, enabling the PCA to manage multiple blockchains for the same patient, and the modification of each block with a prefix tree to minimize energy consumption and incorporate secure transaction payments. Simulation results demonstrate that security and privacy can be enhanced in RPM with the PCA based End to End architecture.
Dependable large scale behavioral patterns mining from sensor data using Hadoop platform
- Authors: Rashid, Md. Mamunur , Gondal, Iqbal , Kamruzzaman, Joarder
- Date: 2017
- Type: Text , Journal article
- Relation: Information Sciences Vol. 379, no. (2017), p. 128-145
- Full Text: false
- Reviewed:
- Description: Wireless sensor networks (WSNs) will be an integral part of the future Internet of Things (loT) environment and generate large volumes of data. However, these data would only be of benefit if useful knowledge can be mined from them. A data mining framework for WSNs includes data extraction, storage and mining techniques, and must be efficient and dependable. In this paper, we propose a new type of behavioral pattern mining technique from sensor data called regularly frequent sensor patterns (RFSPs). RFSPs can identify a set of temporally correlated sensors which can reveal significant knowledge from the monitored data. A distributed data extraction model to prepare the data required for mining RFSPs is proposed, as the distributed scheme ensures higher availability through greater redundancy. The tree structure for RFSP is compact requires less memory and can be constructed using only a single scan through the dataset, and the mining technique is efficient with low runtime. Current mining techniques in the literature on sensor data employ a single memory-based sequential approach and hence are not efficient. Moreover, usage of the. MapReduce model for the distributed solution has not been explored extensively. Since MapReduce is becoming the de facto model for computation on large data, we also propose a parallel implementation of the RFSP mining algorithm, called RFSP on Hadoop (RFSP-H), which uses a MapReduce-based framework to gain further efficiency. Experiments conducted to evaluate the compactness and performance of the data extraction model, RFSP-tree and RFSP-H mining show improved results. (C) 2016 Elsevier Inc. All rights reserved.
Improving authorship attribution in twitter through topic-based sampling
- Authors: Pan, Luoxi , Gondal, Iqbal , Layton, Robert
- Date: 2017
- Type: Text , Conference proceedings
- Relation: 30th Australasian Joint Conference on Artificial Intelligence, AI 2017 : Advances in Artificial Intelligence; Melbourne, Australia; 19th-20th August 2017; published in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) Vol. 10400 LNAI, p. 250-261
- Full Text: false
- Reviewed:
- Description: Aliases are used as a means of anonymity on the Internet in environments such as IRC (internet relay chat), forums and micro-blogging websites such as Twitter. While there are genuine reasons for the use of aliases, such as journalists operating in politically oppressive countries, they are increasingly being used by cybercriminals and extremist organisations. In recent years, we have seen increased research on authorship attribution of Twitter messages, including authorship analysis of aliases. Previous studies have shown that anti-aliasing of randomly generated sub-aliases yields high accuracies when linking the sub-aliases, but become much less accurate when topic-based sub-aliases are used. N-gram methods have previously been demonstrated to perform better than other methods in this situation. This paper investigates the effect of topic-based sampling on authorship attribution accuracy for the popular micro-blogging website Twitter. Features are extracted using character n-grams, which accurately capture differences in authorship style. These features are analysed using support vector machines using a one-versus-all classifier. The predictive performance of the algorithm is then evaluated using two different sampling methodologies - authors that were sampled through a context-sensitive topic-based search and authors that were sampled randomly. Topic-based sampling of authors is found to produce more accurate authorship predictions. This paper presents several theories as to why this might be the case. © Springer International Publishing AG 2017.
Action-02MCF : A robust space-time correlation filter for action recognition in clutter and adverse lighting conditions
- Authors: Ulhaq, Anwaar , Yin, Xiaoxia , Zhang, Yunchan , Gondal, Iqbal
- Date: 2016
- Type: Text , Conference proceedings , Conference paper
- Relation: 17th International Conference on Advanced Concepts for Intelligent Vision Systems, ACIVS 2016; Lecce, Italy; 24th-27th October 2016; published in Advanced Conepts for Intelligent Vision Systems (Lecture Notes in Computer Science series) Vol. 10016 LNCS, p. 465-476
- Full Text: false
- Reviewed:
- Description: Human actions are spatio-temporal visual events and recognizing human actions in different conditions is still a challenging computer vision problem. In this paper, we introduce a robust feature based space-time correlation filter, called Action-02MCF (0’zero-aliasing’ 2M’ Maximum Margin’) for recognizing human actions in video sequences. This filter combines (i) the sparsity of spatio-temporal feature space, (ii) generalization of maximum margin criteria, (iii) enhanced aliasing free localization performance of correlation filtering using (iv) rich context of maximally stable space-time interest points into a single classifier. Its rich multi-objective function provides robustness, generalization and recognition as a single package. Action-02MCF can simultaneously localize and classify actions of interest even in clutter and adverse imaging conditions. We evaluate the performance of our proposed filter for challenging human action datasets. Experimental results verify the performance potential of our action-filter compared to other correlation filtering based action recognition approaches. © Springer International Publishing AG 2016.
- Description: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
A mapreduce based technique for mining behavioral patterns from sensor data
- Authors: Rashid, Md. Mamunur , Gondal, Iqbal , Kamruzzaman, Joarder
- Date: 2015
- Type: Text , Conference paper
- Relation: 22nd International Conference on Neural Information Processing, ICONIP 2015; Istanbul, Turkey; 9th-12th November 2015 Vol. 9492, p. 145-153
- Full Text: false
- Reviewed:
- Description: WSNs generate a large amount of data in the form of streams, and temporal regularity in occurrence behavior is considered as an important measure for assessing the importance of patterns in WSN data. A frequent sensor pattern that occurs after regular intervals in WSNs is called regularly frequent sensor patterns (RFSPs). Existing RFSPs techniques assume that the data structure of the mining task is small enough to fit in the main memory of a processor. However, given the emergence of the Internet of Things (IoT), WSNs in future will generate huge volume of data, which means such an assumption does not hold any longer. To overcome this, a distributed solution using MapReduce model has not yet been explored extensively. Since MapReduce is becoming the de-facto model for computation on large data, an efficient RFSPs mining algorithm on this model is likely to provide a highly effective solution. In this work, we propose a regularly frequent sensor patterns mining algorithm called RFSP-H which uses MapReduce based framework. Extensive performance analyses show that our technique is significantly time efficient in finding regularly frequent sensor patterns. © Springer International Publishing Switzerland 2015.
Vibration spectrum imaging : A novel bearing fault classification approach
- Authors: Amar, Muhammad , Gondal, Iqbal , Wilson, Campbell
- Date: 2015
- Type: Text , Journal article
- Relation: IEEE Transactions on Industrial Electronics Vol. 62, no. 1 (2015), p. 494-502
- Full Text: false
- Reviewed:
- Description: Incipient fault detection in low signal-to-noise ratio (SNR) conditions requires robust features for accurate condition-based machine health monitoring. Accurate fault classification is positively linked to the quality of features of the faults. Therefore, there is a need to enhance the quality of the features before classification. This paper presents a novel vibration spectrum imaging (VSI) feature enhancement procedure for low SNR conditions. An artificial neural network (ANN) has been used as a fault classifier using these enhanced features of the faults. The normalized amplitudes of spectral contents of the quasi-stationary time vibration signals are transformed into spectral images. A 2-D averaging filter and binary image conversion, with appropriate threshold selection, are used to filter and enhance the images for the training and testing of the ANN classifier. The proposed novel VSI augments and provides the visual representation of the characteristic vibration spectral features in an image form. This provides enhanced spectral images for ANN training and thus leads to a highly robust fault classifier.
Weighted ANN input layer for adaptive features selection for robust fault classification
- Authors: Amar, Muhammad , Gondal, Iqbal , Wilson, Campbell
- Date: 2015
- Type: Text , Conference proceedings
- Full Text: false
- Description: Model based feature selection for identification of diverse faults in rotary machines can significantly cost time and money and it is nearly impossible to model all faults under different operating environments. In this paper, feedforward ANN input-layer-weights have been used for the adaptive selection of the least number of features, without fault model information, reducing the computations significantly but assuring the required accuracy by mitigating the noise. In the proposed approach, under the assumption that presented features should be translation invariant, ANN uses entire set of spectral features from raw input vibration signal for training. Dominant features are then selected using input-layer-weights relative to a threshold value vector. Different instances of ANN are then trained and tested to calculate F1_score with the reduced dominant features at different SNRs for each threshold value. Trained ANN with best average classification accuracy among all ANN instances gives us required number of dominant features. © Springer International Publishing Switzerland 2015.
A technique for parallel share-frequent sensor pattern mining from wireless sensor networks
- Authors: Rashid, Md. Mamunur , Gondal, Iqbal , Kamruzzaman, Joarder
- Date: 2014
- Type: Text , Conference paper
- Relation: 14th Annual International Conference on Computational Science, ICCS 2014; Cairns, Australia; 10th-12th June 2014; published in Procedia Computer Science p. 124-133
- Full Text:
- Reviewed:
- Description: WSNs generate huge amount of data in the form of streams and mining useful knowledge from these streams is a challenging task. Existing works generate sensor association rules using occurrence frequency of patterns with binary frequency (either absent or present) or support of a pattern as a criterion. However, considering the binary frequency or support of a pattern may not be a sufficient indicator for finding meaningful patterns from WSN data because it only reflects the number of epochs in the sensor data which contain that pattern. The share measure of sensorsets could discover useful knowledge about numerical values associated with sensor in a sensor database. Therefore, in this paper, we propose a new type of behavioral pattern called share-frequent sensor patterns by considering the non-binary frequency values of sensors in epochs. To discover share-frequent sensor patterns from sensor dataset, we propose a novel parallel technique. In this technique, we develop a novel tree structure, called parallel share-frequent sensor pattern tree (PShrFSP-tree) that is constructed at each local node independently, by capturing the database contents to generate the candidate patterns using a pattern growth technique with a single scan and then merges the locally generated candidate patterns at the final stage to generate global share-frequent sensor patterns. Comprehensive experimental results show that our proposed model is very efficient for mining share-frequent patterns from WSN data in terms of time and scalability.