A Novel Cooperative Intrusion Detection System for Mobile Ad Hoc Networks

Solomon, Adam

01 January 2018

Mobile ad hoc networks (MANETs) have experienced rapid growth in their use for various military, medical, and commercial scenarios. This is due to their dynamic nature that enables the deployment of such networks, in any target environment, without the need for a pre-existing infrastructure. On the other hand, the unique characteristics of MANETs, such as the lack of central networking points, limited wireless range, and constrained resources, have made the quest for securing such networks a challenging task. A large number of studies have focused on intrusion detection systems (IDSs) as a solid line of defense against various attacks targeting the vulnerable nature of MANETs. Since cooperation between nodes is mandatory to detect complex attacks in real time, various solutions have been proposed to provide cooperative IDSs (CIDSs) in efforts to improve detection efficiency. However, all of these solutions suffer from high rates of false alarms, and they violate the constrained-bandwidth nature of MANETs. To overcome these two problems, this research presented a novel CIDS utilizing the concept of social communities and the Dempster-Shafer theory (DST) of evidence. The concept of social communities was intended to establish reliable cooperative detection reporting while consuming minimal bandwidth. On the other hand, DST targeted decreasing false accusations through honoring partial/lack of evidence obtained solely from reliable sources. Experimental evaluation of the proposed CIDS resulted in consistently high detection rates, low false alarms rates, and low bandwidth consumption. The results of this research demonstrated the viability of applying the social communities concept combined with DST in achieving high detection accuracy and minimized bandwidth consumption throughout the detection process.

cooperative

Cybersecurity

intrusion detection

MANET

networking

Computer Sciences

A New SCADA Dataset for Intrusion Detection System Research

Turnipseed, Ian P

14 August 2015

Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial control systems in many industrials and economic sectors which are considered critical infrastructure. In the past, most SCADA systems were isolated from all other networks, but recently connections to corporate enterprise networks and the Internet have increased. Security concerns have risen from this new found connectivity. This thesis makes one primary contribution to researchers and industry. Two datasets have been introduced to support intrusion detection system research for SCADA systems. The datasets include network traffic captured on a gas pipeline SCADA system in Mississippi State University’s SCADA lab. IDS researchers lack a common framework to train and test proposed algorithms. This leads to an inability to properly compare IDS presented in literature and limits research progress. The datasets created for this thesis are available to be used to aid researchers in assessing the performance of SCADA IDS systems.

cyber attacks

machine learning

IDS

intrusion detection

dataset

SCADA

Cyberthreats, Attacks and Intrusion Detection in Supervisory Control and Data Acquisition Networks

Gao, Wei

14 December 2013

Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives.

Network Security

Dataset

Vulnerability

SCADA

: Intrusion detection system

Data Fusion Process Refinement in intrusion Detection Alert Correlation Systems

Sheets, David

January 2008

No description available.

Computer Science

Intrusion Detection

Alert Correlation

Data Fusion

Intrusion Detection in the Internet of Things : From Sniffing to a Border Router’s Point of View

Bull, Victoria

January 2023

The Internet of Things is expanding, and with the increasing numbers of connected devices,exploitation of those devices also becomes more common. Since IoT devices and IoT networksare used in many crucial areas in modern societies, ranging from everything between securityand militrary applications to healthcare monitoring and production efficiency, the need to securethese devices is of great importance for researchers and businesses. This project explores howan intrusion detection system called DETONAR can be used on border router logs, instead of itsoriginal use of sniffer devices. Using DETONAR in this way allows us to detect many differentattacks, without contributing to the additional cost of deploying sniffer devices and the additionalrisk of the sniffer devices themselves becoming the target of attack

Internet of Things

IoT

intrusion detection

routing attacks

Computer Engineering

Datorteknik

Machine Learning-Based Decision Support to Secure Internet of Things Sensing

Chen, Zhiyan

07 December 2023

Internet of Things (IoT) has weaknesses due to the vulnerabilities in the wireless medium and massively interconnected nodes that form an extensive attack surface for adversaries. It is essential to ensure security including IoT networks and applications. The thesis focus on three streams in IoT scenario, including fake task attack detection in Mobile Crowdsensing (MCS), blockchain technique-integrated system security and privacy protection in MCS, and network intrusion detection in IoT. In this thesis, to begin, in order to detect fake tasks in MCS with promising performance, a detailed analysis is provided by modeling a deep belief network (DBN) when the available sensory data is scarce for analysis. With oversampling to cope with the class imbalance challenge, a Principal Component Analysis (PCA) module is implemented prior to the DBN and weights of various features of sensing tasks are analyzed under varying inputs. Additionally, an ensemble learning-based solution is proposed for MCS platforms to mitigate illegitimate tasks. Meanwhile, a k-means-based classification is integrated with the proposed ensemble method to extract region-specific features as input to the machine learning-based fake task detection. A novel approach that is based on horizontal Federated Learning (FL) is proposed to identify fake tasks that contain a number of independent detection devices and an aggregation entity. Moreover, the submitted tasks are collected and managed conventionally by a centralized MCS platform. A centralized MCS platform is not safe enough to protect and prevent tampering sensing tasks since it confronts the single point of failure which reduces the effectiveness and robustness of MCS system. In order to address the centralized issue and identify fake tasks, a blockchain-based decentralized MCS is designed. Integration of blockchain into MCS enables a decentralized framework. The distributed nature of a blockchain chain prevents sensing tasks from being tampered. The blockchain network uses a Practical Byzantine Fault Tolerance (PBFT) consensus that can tolerate 1/3 faulty nodes, making the implemented MCS system robust and sturdy. Lastly, Machine Learning (ML)-based frameworks are widely investigated to identity attacks in IoT networks, namely Network Intrusion Detection System (NIDS). ML models perform divergent detection performance in each class, so it is challenging to select one ML model applicable to all classes prediction. With this in mind, an innovative ensemble learning framework is proposed, two ensemble learning approaches, including All Predict Wisest Decides (APWD) and Predictor Of the Lowest Cost (POLC), are proposed based on the training of numerous ML models. According to the individual model outcomes, a wise model performing the best detection performance (e.g., F1 score) or contributing the lowest cost is determined. Moreover, an innovated ML-based framework is introduced, combining NIDS and host-based intrusion detection system (HIDS). The presented framework eliminates NIDS restrictions via observing the entire traffic information in host resources (e.g., logs, files, folders).

Machine learning

Network security

Internet of things

Intrusion detection

Machines Do Not Have Little Gray Cells: : Analysing Catastrophic Forgetting in Cross-Domain Intrusion Detection Systems / Machines Do Not Have Little Gray Cells: : Analysing Catastrophic Forgetting in Cross-Domain Intrusion Detection Systems

Valieh, Ramin, Esmaeili Kia, Farid

January 2023

Cross-domain intrusion detection, a critical component of cybersecurity, involves evaluating the performance of neural networks across diverse datasets or databases. The ability of intrusion detection systems to effectively adapt to new threats and data sources is paramount for safeguarding networks and sensitive information. This research delves into the intricate world of cross-domain intrusion detection, where neural networks must demonstrate their versatility and adaptability. The results of our experiments expose a significant challenge: the phenomenon known as catastrophic forgetting. This is the tendency of neural networks to forget previously acquired knowledge when exposed to new information. In the context of intrusion detection, it means that as models are sequentially trained on different intrusion detection datasets, their performance on earlier datasets degrades drastically. This degradation poses a substantial threat to the reliability of intrusion detection systems. In response to this challenge, this research investigates potential solutions to mitigate the effects of catastrophic forgetting. We propose the application of continual learning techniques as a means to address this problem. Specifically, we explore the Elastic Weight Consolidation (EWC) algorithm as an example of preserving previously learned knowledge while allowing the model to adapt to new intrusion detection tasks. By examining the performance of neural networks on various intrusion detection datasets, we aim to shed light on the practical implications of catastrophic forgetting and the potential benefits of adopting EWC as a memory-preserving technique. This research underscores the importance of addressing catastrophic forgetting in cross-domain intrusion detection systems. It provides a stepping stone for future endeavours in enhancing multi-task learning and adaptability within the critical domain of intrusion detection, ultimately contributing to the ongoing efforts to fortify cybersecurity defences.

Catastrophic Forgetting

Intrusion Detection Systems

Continual Learning

Computer Engineering

Datorteknik

AN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS

DENG, HONGMEI

07 October 2004

No description available.

wireless Ad Hoc Network

Network Security

Intrusion Detection

Probabilistic Model for Detecting Network Traffic Anomalies

Yellapragada, Ramani

30 June 2004

No description available.

Computer Science

Network Security

Intrusion Detection

Anomaly Detection

Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps

Sawant, Ankush

21 April 2005

No description available.

Network Security

Intrusion Detection

Self-Organizing Maps

Anomaly Detection