DCCGAN based intrusion detection for detecting security threats in IoT
- Cyriac, Robin, Balasubaramanian, Sundaravadivazhagn, Balamurugan, Venkatachalam, Karthikeyan, R.
- Authors: Cyriac, Robin , Balasubaramanian, Sundaravadivazhagn , Balamurugan, Venkatachalam , Karthikeyan, R.
- Date: 2024
- Type: Text , Journal article
- Relation: International Journal of Bio-Inspired Computation Vol. 23, no. 2 (2024), p. 111-124
- Full Text: false
- Reviewed:
- Description: Internet of things (IoT) consists of wired/wireless network, sensor, and actuator, where security is more important when more devices are connected to IoT. To increase more security in IoT devices, this manuscript proposes a dual-channel capsule generation adversarial network (DCCGAN) espoused intrusion detection scheme for detecting security threats in IoT network (DCCGAN-IDF-DST-IoT). Data are collected from MQTT-IoT-IDS2020 dataset and Bot-IoT dataset. Then, the data are fed to local least squares, which eradicate the redundancy and replace the missing value. The pre-processed dataset is supplied to fertile field optimisation algorithm (FFOA), which selects the relevant features. Then DCCGAN is used for classifying the data as normal or anomalous. The proposed technique is activated in Python language. The performance of proposed technique for MQTT-IoT-IDS2020 dataset attains 16.55%, 21.37%, 32.99%, 27.66%, 26.45%, 21.47% and 22.86% higher accuracy compared with the existing methods. Copyright © 2024 Inderscience Enterprises Ltd.
An evidence theoretic approach for traffic signal intrusion detection
- Chowdhury, Abdullahi, Karmakar, Gour, Kamruzzaman, Joarder, Das, Rajkumar, Newaz, Shah
- Authors: Chowdhury, Abdullahi , Karmakar, Gour , Kamruzzaman, Joarder , Das, Rajkumar , Newaz, Shah
- Date: 2023
- Type: Text , Journal article
- Relation: Sensors Vol. 23, no. 10 (2023), p. 4646
- Full Text:
- Reviewed:
- Description: The increasing attacks on traffic signals worldwide indicate the importance of intrusion detection. The existing traffic signal Intrusion Detection Systems (IDSs) that rely on inputs from connected vehicles and image analysis techniques can only detect intrusions created by spoofed vehicles. However, these approaches fail to detect intrusion from attacks on in-road sensors, traffic controllers, and signals. In this paper, we proposed an IDS based on detecting anomalies associated with flow rate, phase time, and vehicle speed, which is a significant extension of our previous work using additional traffic parameters and statistical tools. We theoretically modelled our system using the Dempster-Shafer decision theory, considering the instantaneous observations of traffic parameters and their relevant historical normal traffic data. We also used Shannon's entropy to determine the uncertainty associated with the observations. To validate our work, we developed a simulation model based on the traffic simulator called SUMO using many real scenarios and the data recorded by the Victorian Transportation Authority, Australia. The scenarios for abnormal traffic conditions were generated considering attacks such as jamming, Sybil, and false data injection attacks. The results show that the overall detection accuracy of our proposed system is 79.3% with fewer false alarms.
- Authors: Chowdhury, Abdullahi , Karmakar, Gour , Kamruzzaman, Joarder , Das, Rajkumar , Newaz, Shah
- Date: 2023
- Type: Text , Journal article
- Relation: Sensors Vol. 23, no. 10 (2023), p. 4646
- Full Text:
- Reviewed:
- Description: The increasing attacks on traffic signals worldwide indicate the importance of intrusion detection. The existing traffic signal Intrusion Detection Systems (IDSs) that rely on inputs from connected vehicles and image analysis techniques can only detect intrusions created by spoofed vehicles. However, these approaches fail to detect intrusion from attacks on in-road sensors, traffic controllers, and signals. In this paper, we proposed an IDS based on detecting anomalies associated with flow rate, phase time, and vehicle speed, which is a significant extension of our previous work using additional traffic parameters and statistical tools. We theoretically modelled our system using the Dempster-Shafer decision theory, considering the instantaneous observations of traffic parameters and their relevant historical normal traffic data. We also used Shannon's entropy to determine the uncertainty associated with the observations. To validate our work, we developed a simulation model based on the traffic simulator called SUMO using many real scenarios and the data recorded by the Victorian Transportation Authority, Australia. The scenarios for abnormal traffic conditions were generated considering attacks such as jamming, Sybil, and false data injection attacks. The results show that the overall detection accuracy of our proposed system is 79.3% with fewer false alarms.
An intelligent and efficient network intrusion detection system using deep learning
- Qazi, Emad-ul-Haq, Imran, Muhammad, Haider, Noman, Shoaib, Muhammad, Razzak, Imran
- Authors: Qazi, Emad-ul-Haq , Imran, Muhammad , Haider, Noman , Shoaib, Muhammad , Razzak, Imran
- Date: 2022
- Type: Text , Journal article
- Relation: Computers and Electrical Engineering Vol. 99, no. (2022), p.
- Full Text: false
- Reviewed:
- Description: With continuously escalating threats and attacks, accurate and timely intrusion detection in communication networks is challenging. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges due to the continuous increase of new threats that current systems do not understand. Motivated by the outstanding performance of deep learning (DL) in many detection and recognition tasks, we introduce an intelligent and efficient network intrusion detection system (NIDS) based on DL. This study proposes a non-symmetric deep auto-encoder for network intrusion detection problems and presents its detailed functionality and performance. We validate the robustness and effectiveness of the proposed NIDS using a benchmark dataset, i.e., KDD CUP'99. Our DL-based method is implemented in the TensorFlow library and GPU framework, and it achieves an accuracy of 99.65%. The proposed system can be used in network security research domains and DL-based detection and classification systems. © 2022
Enhancing service quality and reliability in intelligent traffic system
- Authors: Chowdhury, Abdullahi
- Date: 2020
- Type: Text , Thesis , PhD
- Full Text:
- Description: Intelligent Traffic Systems (ITS) can manage on-road traffic efficiently based on real-time traffic conditions, reduce delay at the intersections, and maintain the safety of the road users. However, emergency vehicles still struggle to meet their targeted response time, and an ITS is vulnerable to various types of attacks, including cyberattacks. To address these issues, in this dissertation, we introduce three techniques that enhance the service quality and reliability of an ITS. First, an innovative Emergency Vehicle Priority System (EVPS) is presented to assist an Emergency Vehicle (EV) in attending the incident place faster. Our proposed EVPS determines the proper priority codes of EV based on the type of incidents. After priority code generation, EVPS selects the number of traffic signals needed to be turned green considering the impact on other vehicles gathered in the relevant adjacent cells. Second, for improving reliability, an Intrusion Detection System for traffic signals is proposed for the first time, which leverages traffic and signal characteristics such as the flow rate, vehicle speed, and signal phase time. Shannon’s entropy is used to calculate the uncertainty associated with the likelihood of particular evidence and Dempster-Shafer (DS) decision theory is used to fuse the evidential information. Finally, to improve the reliability of a future ITS, we introduce a model that assesses the trust level of four major On-Board Units (OBU) of a self-driving car along with Global Positioning System (GPS) data and safety messages. Both subjective logic (DS theory) and CertainLogic are used to develop the theoretical underpinning for estimating the trust value of a self-driving car by fusing the trust value of four OBU components, GPS data and safety messages. For evaluation and validation purposes, a popular and widely used traffic simulation package, namely Simulation of Urban Mobility (SUMO), is used to develop the simulation platform using a real map of Melbourne CBD. The relevant historical real data taken from the VicRoads website were used to inject the traffic flow and density in the simulation model. We evaluated the performance of our proposed techniques considering different traffic and signal characteristics such as occupancy rate, flow rate, phase time, and vehicle speed under many realistic scenarios. The simulation result shows the potential efficacy of our proposed techniques for all selected scenarios.
- Description: Doctor of Philosophy
- Authors: Chowdhury, Abdullahi
- Date: 2020
- Type: Text , Thesis , PhD
- Full Text:
- Description: Intelligent Traffic Systems (ITS) can manage on-road traffic efficiently based on real-time traffic conditions, reduce delay at the intersections, and maintain the safety of the road users. However, emergency vehicles still struggle to meet their targeted response time, and an ITS is vulnerable to various types of attacks, including cyberattacks. To address these issues, in this dissertation, we introduce three techniques that enhance the service quality and reliability of an ITS. First, an innovative Emergency Vehicle Priority System (EVPS) is presented to assist an Emergency Vehicle (EV) in attending the incident place faster. Our proposed EVPS determines the proper priority codes of EV based on the type of incidents. After priority code generation, EVPS selects the number of traffic signals needed to be turned green considering the impact on other vehicles gathered in the relevant adjacent cells. Second, for improving reliability, an Intrusion Detection System for traffic signals is proposed for the first time, which leverages traffic and signal characteristics such as the flow rate, vehicle speed, and signal phase time. Shannon’s entropy is used to calculate the uncertainty associated with the likelihood of particular evidence and Dempster-Shafer (DS) decision theory is used to fuse the evidential information. Finally, to improve the reliability of a future ITS, we introduce a model that assesses the trust level of four major On-Board Units (OBU) of a self-driving car along with Global Positioning System (GPS) data and safety messages. Both subjective logic (DS theory) and CertainLogic are used to develop the theoretical underpinning for estimating the trust value of a self-driving car by fusing the trust value of four OBU components, GPS data and safety messages. For evaluation and validation purposes, a popular and widely used traffic simulation package, namely Simulation of Urban Mobility (SUMO), is used to develop the simulation platform using a real map of Melbourne CBD. The relevant historical real data taken from the VicRoads website were used to inject the traffic flow and density in the simulation model. We evaluated the performance of our proposed techniques considering different traffic and signal characteristics such as occupancy rate, flow rate, phase time, and vehicle speed under many realistic scenarios. The simulation result shows the potential efficacy of our proposed techniques for all selected scenarios.
- Description: Doctor of Philosophy
Detection and compensation of covert service-degrading intrusions in cyber physical systems through intelligent adaptive control
- Farivar, Faezeh, Haghighi, Mohammad, Barchinezhad, Soheila, Jolfaei, Alireza
- Authors: Farivar, Faezeh , Haghighi, Mohammad , Barchinezhad, Soheila , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1143-1148
- Full Text:
- Reviewed:
- Description: Cyber-Physical Systems (CPS) are playing important roles in the critical infrastructure now. A prominent family of CPSs are networked control systems in which the control and feedback signals are carried over computer networks like the Internet. Communication over insecure networks make system vulnerable to cyber attacks. In this article, we design an intrusion detection and compensation framework based on system/plant identification to fight covert attacks. We collect error statistics of the output estimation during the learning phase of system operation and after that, monitor the system behavior to see if it significantly deviates from the expected outputs. A compensating controller is further designed to intervene and replace the classic controller once the attack is detected. The proposed model is tested on a DC motor as the plant and is put against a deception signal amplification attack over the forward link. Simulation results show that the detection algorithm well detects the intrusion and the compensator is also successful in alleviating the attack effects.
- Authors: Farivar, Faezeh , Haghighi, Mohammad , Barchinezhad, Soheila , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1143-1148
- Full Text:
- Reviewed:
- Description: Cyber-Physical Systems (CPS) are playing important roles in the critical infrastructure now. A prominent family of CPSs are networked control systems in which the control and feedback signals are carried over computer networks like the Internet. Communication over insecure networks make system vulnerable to cyber attacks. In this article, we design an intrusion detection and compensation framework based on system/plant identification to fight covert attacks. We collect error statistics of the output estimation during the learning phase of system operation and after that, monitor the system behavior to see if it significantly deviates from the expected outputs. A compensating controller is further designed to intervene and replace the classic controller once the attack is detected. The proposed model is tested on a DC motor as the plant and is put against a deception signal amplification attack over the forward link. Simulation results show that the detection algorithm well detects the intrusion and the compensator is also successful in alleviating the attack effects.
Detecting intrusion in the traffic signals of an intelligent traffic system
- Chowdhury, Abdullahi, Karmakar, Gour, Kamruzzaman, Joarder, Saha, Tapash
- Authors: Chowdhury, Abdullahi , Karmakar, Gour , Kamruzzaman, Joarder , Saha, Tapash
- Date: 2018
- Type: Text , Conference proceedings
- Relation: 20th International Conference on Information and Communications Security, ICICS 2018; Lille, France; 29th-31st October 2018; published in Lecure Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) Vol. 11149 LNCS, p. 696-707
- Full Text: false
- Reviewed:
- Description: Traffic systems and signals are used to improve traffic flow, reduce congestion, increase travel time consistency and ensure safety of road users. Malicious interruption or manipulation of traffic signals may cause disastrous instants including huge delays, financial loss and loss of lives. Intrusion into traffic signals by hackers can create such interruption whose consequences will only increase with the introduction of driverless vehicles. Recently, many traffic signals across the world are reported to have intruded, highlighting the importance of accurate detection. To reduce the impact of an intrusion, in this paper, we introduce an intrusion detection technique using the flow rate and phase time of a traffic signal as evidential information to detect the presence of an intrusion. The information received from flow rate and phase time are fused with the Dempster Shaffer (DS) theory. Historical data are used to create the probability mass functions for both flow rate and phase time. We also developed a simulation model using a traffic simulator, namely SUMO for many types of real traffic situations including intrusion. The performance of the proposed Intrusion Detection System (IDS) is appraised with normal traffic condition and induced intrusions. Simulated results show our proposed system can successfully detect intruded traffic signals from normal signals with significantly high accuracy (above 91%).
- Description: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Application of rank correlation, clustering and classification in information security
- Beliakov, Gleb, Yearwood, John, Kelarev, Andrei
- Authors: Beliakov, Gleb , Yearwood, John , Kelarev, Andrei
- Date: 2012
- Type: Text , Journal article
- Relation: Journal of Networks Vol. 7, no. 6 (2012), p. 935-945
- Full Text:
- Reviewed:
- Description: This article is devoted to experimental investigation of a novel application of a clustering technique introduced by the authors recently in order to use robust and stable consensus functions in information security, where it is often necessary to process large data sets and monitor outcomes in real time, as it is required, for example, for intrusion detection. Here we concentrate on a particular case of application to profiling of phishing websites. First, we apply several independent clustering algorithms to a randomized sample of data to obtain independent initial clusterings. Silhouette index is used to determine the number of clusters. Second, rank correlation is used to select a subset of features for dimensionality reduction. We investigate the effectiveness of the Pearson Linear Correlation Coefficient, the Spearman Rank Correlation Coefficient and the Goodman-Kruskal Correlation Coefficient in this application. Third, we use a consensus function to combine independent initial clusterings into one consensus clustering. Fourth, we train fast supervised classification algorithms on the resulting consensus clustering in order to enable them to process the whole large data set as well as new data. The precision and recall of classifiers at the final stage of this scheme are critical for effectiveness of the whole procedure. We investigated various combinations of several correlation coefficients, consensus functions, and a variety of supervised classification algorithms. © 2012 Academy Publisher.
- Description: 2003010277
- Authors: Beliakov, Gleb , Yearwood, John , Kelarev, Andrei
- Date: 2012
- Type: Text , Journal article
- Relation: Journal of Networks Vol. 7, no. 6 (2012), p. 935-945
- Full Text:
- Reviewed:
- Description: This article is devoted to experimental investigation of a novel application of a clustering technique introduced by the authors recently in order to use robust and stable consensus functions in information security, where it is often necessary to process large data sets and monitor outcomes in real time, as it is required, for example, for intrusion detection. Here we concentrate on a particular case of application to profiling of phishing websites. First, we apply several independent clustering algorithms to a randomized sample of data to obtain independent initial clusterings. Silhouette index is used to determine the number of clusters. Second, rank correlation is used to select a subset of features for dimensionality reduction. We investigate the effectiveness of the Pearson Linear Correlation Coefficient, the Spearman Rank Correlation Coefficient and the Goodman-Kruskal Correlation Coefficient in this application. Third, we use a consensus function to combine independent initial clusterings into one consensus clustering. Fourth, we train fast supervised classification algorithms on the resulting consensus clustering in order to enable them to process the whole large data set as well as new data. The precision and recall of classifiers at the final stage of this scheme are critical for effectiveness of the whole procedure. We investigated various combinations of several correlation coefficients, consensus functions, and a variety of supervised classification algorithms. © 2012 Academy Publisher.
- Description: 2003010277
Forensic identification and detection of hidden and obfuscated malware
- Authors: Alazab, Mamoun
- Date: 2012
- Type: Text , Thesis , PhD
- Full Text:
- Description: The revolution in online criminal activities and malicious software (malware) has posed a serious challenge in malware forensics. Malicious attacks have become more organized and purposefully directed. With cybercrimes escalating to great heights in quantity as well as in sophistication and stealth, the main challenge is to detect hidden and obfuscated malware. Malware authors use a variety of obfuscation methods and specialized stealth techniques of information hiding to embed malicious code, to infect systems and to thwart any attempt to detect them, specifically with the use of commercially available anti-malware engines. This has led to the situation of zero-day attacks, where malware inflict systems even with existing security measures. The aim of this thesis is to address this situation by proposing a variety of novel digital forensic and data mining techniques to automatically detect hidden and obfuscated malware. Anti-malware engines use signature matching to detect malware where signatures are generated by human experts by disassembling the file and selecting pieces of unique code. Such signature based detection works effectively with known malware but performs poorly with hidden or unknown malware. Code obfuscation techniques, such as packers, polymorphism and metamorphism, are able to fool current detection techniques by modifying the parent code to produce offspring copies resulting in malware that has the same functionality, but with a different structure. These evasion techniques exploit the drawbacks of traditional malware detection methods, which take current malware structure and create a signature for detecting this malware in the future. However, obfuscation techniques aim to reduce vulnerability to any kind of static analysis to the determent of any reverse engineering process. Furthermore, malware can be hidden in file system slack space, inherent in NTFS file system based partitions, resulting in malware detection that even more difficult.
- Description: Doctor of Philosophy
- Authors: Alazab, Mamoun
- Date: 2012
- Type: Text , Thesis , PhD
- Full Text:
- Description: The revolution in online criminal activities and malicious software (malware) has posed a serious challenge in malware forensics. Malicious attacks have become more organized and purposefully directed. With cybercrimes escalating to great heights in quantity as well as in sophistication and stealth, the main challenge is to detect hidden and obfuscated malware. Malware authors use a variety of obfuscation methods and specialized stealth techniques of information hiding to embed malicious code, to infect systems and to thwart any attempt to detect them, specifically with the use of commercially available anti-malware engines. This has led to the situation of zero-day attacks, where malware inflict systems even with existing security measures. The aim of this thesis is to address this situation by proposing a variety of novel digital forensic and data mining techniques to automatically detect hidden and obfuscated malware. Anti-malware engines use signature matching to detect malware where signatures are generated by human experts by disassembling the file and selecting pieces of unique code. Such signature based detection works effectively with known malware but performs poorly with hidden or unknown malware. Code obfuscation techniques, such as packers, polymorphism and metamorphism, are able to fool current detection techniques by modifying the parent code to produce offspring copies resulting in malware that has the same functionality, but with a different structure. These evasion techniques exploit the drawbacks of traditional malware detection methods, which take current malware structure and create a signature for detecting this malware in the future. However, obfuscation techniques aim to reduce vulnerability to any kind of static analysis to the determent of any reverse engineering process. Furthermore, malware can be hidden in file system slack space, inherent in NTFS file system based partitions, resulting in malware detection that even more difficult.
- Description: Doctor of Philosophy
Zero-day malware detection based on supervised learning algorithms of API call signatures
- Alazab, Mamoun, Venkatraman, Sitalakshmi, Watters, Paul, Alazab, Moutaz
- Authors: Alazab, Mamoun , Venkatraman, Sitalakshmi , Watters, Paul , Alazab, Moutaz
- Date: 2011
- Type: Text , Conference proceedings
- Full Text:
- Description: Zero-day or unknown malware are created using code obfuscation techniques that can modify the parent code to produce offspring copies which have the same functionality but with different signatures. Current techniques reported in literature lack the capability of detecting zero-day malware with the required accuracy and efficiency. In this paper, we have proposed and evaluated a novel method of employing several data mining techniques to detect and classify zero-day malware with high levels of accuracy and efficiency based on the frequency of Windows API calls. This paper describes the methodology employed for the collection of large data sets to train the classifiers, and analyses the performance results of the various data mining algorithms adopted for the study using a fully automated tool developed in this research to conduct the various experimental investigations and evaluation. Through the performance results of these algorithms from our experimental analysis, we are able to evaluate and discuss the advantages of one data mining algorithm over the other for accurately detecting zero-day malware successfully. The data mining framework employed in this research learns through analysing the behavior of existing malicious and benign codes in large datasets. We have employed robust classifiers, namely Naïve Bayes (NB) Algorithm, k-Nearest Neighbor (kNN) Algorithm, Sequential Minimal Optimization (SMO) Algorithm with 4 differents kernels (SMO - Normalized PolyKernel, SMO - PolyKernel, SMO - Puk, and SMO- Radial Basis Function (RBF)), Backpropagation Neural Networks Algorithm, and J48 decision tree and have evaluated their performance. Overall, the automated data mining system implemented for this study has achieved high true positive (TP) rate of more than 98.5%, and low false positive (FP) rate of less than 0.025, which has not been achieved in literature so far. This is much higher than the required commercial acceptance level indicating that our novel technique is a major leap forward in detecting zero-day malware. This paper also offers future directions for researchers in exploring different aspects of obfuscations that are affecting the IT world today. © 2011, Australian Computer Society, Inc.
- Description: 2003009506
- Authors: Alazab, Mamoun , Venkatraman, Sitalakshmi , Watters, Paul , Alazab, Moutaz
- Date: 2011
- Type: Text , Conference proceedings
- Full Text:
- Description: Zero-day or unknown malware are created using code obfuscation techniques that can modify the parent code to produce offspring copies which have the same functionality but with different signatures. Current techniques reported in literature lack the capability of detecting zero-day malware with the required accuracy and efficiency. In this paper, we have proposed and evaluated a novel method of employing several data mining techniques to detect and classify zero-day malware with high levels of accuracy and efficiency based on the frequency of Windows API calls. This paper describes the methodology employed for the collection of large data sets to train the classifiers, and analyses the performance results of the various data mining algorithms adopted for the study using a fully automated tool developed in this research to conduct the various experimental investigations and evaluation. Through the performance results of these algorithms from our experimental analysis, we are able to evaluate and discuss the advantages of one data mining algorithm over the other for accurately detecting zero-day malware successfully. The data mining framework employed in this research learns through analysing the behavior of existing malicious and benign codes in large datasets. We have employed robust classifiers, namely Naïve Bayes (NB) Algorithm, k-Nearest Neighbor (kNN) Algorithm, Sequential Minimal Optimization (SMO) Algorithm with 4 differents kernels (SMO - Normalized PolyKernel, SMO - PolyKernel, SMO - Puk, and SMO- Radial Basis Function (RBF)), Backpropagation Neural Networks Algorithm, and J48 decision tree and have evaluated their performance. Overall, the automated data mining system implemented for this study has achieved high true positive (TP) rate of more than 98.5%, and low false positive (FP) rate of less than 0.025, which has not been achieved in literature so far. This is much higher than the required commercial acceptance level indicating that our novel technique is a major leap forward in detecting zero-day malware. This paper also offers future directions for researchers in exploring different aspects of obfuscations that are affecting the IT world today. © 2011, Australian Computer Society, Inc.
- Description: 2003009506
- «
- ‹
- 1
- ›
- »