Artificial Intelligence Applications in Intrusion Detection Systems for Unmanned Aerial Vehicles

Hamadi, Raby

05 1900

This master thesis focuses on the cutting-edge application of AI in developing intrusion detection systems (IDS) for unmanned aerial vehicles (UAVs) in smart cities. The objective is to address the escalating problem of UAV intrusions, which pose a significant risk to the safety and security of citizens and critical infrastructure. The thesis explores the current state of the art and provides a comprehensive understanding of recent advancements in the field, encompassing both physical and network attacks. The literature review examines various techniques and approaches employed in the development of AI-based IDS. This includes the utilization of machine learning algorithms, computer vision technologies, and edge computing. A proposed solution leveraging computer vision technologies is presented to detect and identify intruding UAVs in the sky effectively. The system employs machine learning algorithms to analyze video feeds from city-installed cameras, enabling real-time identification of potential intrusions. The proposed approach encompasses the detection of unauthorized drones, dangerous UAVs, and UAVs carrying suspicious payloads. Moreover, the thesis introduces a Cycle GAN network for image denoising that can translate noisy images to clean images without the need for paired training data. This approach employs two generators and two discriminators, incorporating a cycle consistency loss that ensures the generated images align with their corresponding input images. Furthermore, a distributed architecture is proposed for processing collected images using an edge-offloading approach within the UAV network. This architecture allows flying and ground cameras to leverage the computational capabilities of their IoT peers to process captured images. A hybrid neural network is developed to predict, based on input tasks, the potential edge computers capable of real-time processing. The edge-offloading approach reduces the computational burden on the centralized system and facilitates real-time analysis of network traffic, offering an efficient solution. In conclusion, the research outcomes of this thesis provide valuable insights into the development of secure and efficient IDS for UAVs in smart cities. The proposed solution contributes to the advancement of the UAV industry and enhances the safety and security of citizens and critical infrastructure within smart cities.

AI

UAVs

Intrusion Detection Systems

Intrusion detection

Detecção autônoma de intrusões utilizando aprendizado de máquina / Autonomous intrusion detection via machine learning

Ferreira, Eduardo Alves

05 May 2011

A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses sistemas computacionais, por outro lado, não acompanharam essa tendência de forma ágil, tendo sido, por anos, efetuadas de forma manual, implicando alto custo, baixa produtividade e pouca qualidade de serviço. A fim de preencher essa lacuna foi proposta uma iniciativa denominada Computação Autônoma, a qual visa prover capacidade de autogerenciamento a sistemas computacionais. Dentre os aspectos necessários para a construção de um sistema autônomo está a detecção de intrusão, responsável por monitorar o funcionamento e fluxos de dados de sistemas em busca de indícios de operações maliciosas. Dado esse contexto, este trabalho apresenta um sistema autônomo de detecção de intrusões em aplicações Web, baseado em técnicas de aprendizado de máquina com complexidade computacional próxima de linear. Esse sistema utiliza técnicas de agrupamento de dados e de detecção de novidades para caracterizar o comportamento normal de uma aplicação, buscando posteriormente por anomalias no funcionamento das aplicações. Observou-se que a técnica é capaz de detectar ataques com maior autonomia e menor dependência sobre contextos específicos em relação a trabalhos anteriores / The use of computers to automatically perform operational tasks is commonplace, thanks to the information technology evolution. The maintenance of computer systems, on the other hand, is commonly performed manually, resulting in high costs, low productivity and low quality of service. The Autonomous Computing initiative aims to approach this limitation, through selfmanagement of computer systems. In order to assemble a fully autonomous system, an intrusion detection application is needed to monitor the behavior and data flows on applications. Considering this context, an autonomous Web intrusion detection system is proposed, based on machine-learning techniques with near-linear computational complexity. This system is based on clustering and novelty detection techniques, characterizing an application behavior, to later pinpoint anomalies in live applications. By conducting experiments, we observed that this new approach is capable of detecting anomalies with less dependency on specific contexts than previous solutions

Detecção de intrusão

Intrusion detection

Detecção autônoma de intrusões utilizando aprendizado de máquina / Autonomous intrusion detection via machine learning

Eduardo Alves Ferreira

05 May 2011

A evolução da tecnologia da informação popularizou o uso de sistemas computacionais para a automação de tarefas operacionais. As tarefas de implantação e manutenção desses sistemas computacionais, por outro lado, não acompanharam essa tendência de forma ágil, tendo sido, por anos, efetuadas de forma manual, implicando alto custo, baixa produtividade e pouca qualidade de serviço. A fim de preencher essa lacuna foi proposta uma iniciativa denominada Computação Autônoma, a qual visa prover capacidade de autogerenciamento a sistemas computacionais. Dentre os aspectos necessários para a construção de um sistema autônomo está a detecção de intrusão, responsável por monitorar o funcionamento e fluxos de dados de sistemas em busca de indícios de operações maliciosas. Dado esse contexto, este trabalho apresenta um sistema autônomo de detecção de intrusões em aplicações Web, baseado em técnicas de aprendizado de máquina com complexidade computacional próxima de linear. Esse sistema utiliza técnicas de agrupamento de dados e de detecção de novidades para caracterizar o comportamento normal de uma aplicação, buscando posteriormente por anomalias no funcionamento das aplicações. Observou-se que a técnica é capaz de detectar ataques com maior autonomia e menor dependência sobre contextos específicos em relação a trabalhos anteriores / The use of computers to automatically perform operational tasks is commonplace, thanks to the information technology evolution. The maintenance of computer systems, on the other hand, is commonly performed manually, resulting in high costs, low productivity and low quality of service. The Autonomous Computing initiative aims to approach this limitation, through selfmanagement of computer systems. In order to assemble a fully autonomous system, an intrusion detection application is needed to monitor the behavior and data flows on applications. Considering this context, an autonomous Web intrusion detection system is proposed, based on machine-learning techniques with near-linear computational complexity. This system is based on clustering and novelty detection techniques, characterizing an application behavior, to later pinpoint anomalies in live applications. By conducting experiments, we observed that this new approach is capable of detecting anomalies with less dependency on specific contexts than previous solutions

Detecção de intrusão

Intrusion detection

Embedding Network Information for Machine Learning-based Intrusion Detection

DeFreeuw, Jonathan Daniel

18 January 2019

As computer networks grow and demonstrate more complicated and intricate behaviors, traditional intrusion detections systems have fallen behind in their ability to protect network resources. Machine learning has stepped to the forefront of intrusion detection research due to its potential to predict future behaviors. However, training these systems requires network data such as NetFlow that contains information regarding relationships between hosts, but requires human understanding to extract. Additionally, standard methods of encoding this categorical data struggles to capture similarities between points. To counteract this, we evaluate a method of embedding IP addresses and transport-layer ports into a continuous space, called IP2Vec. We demonstrate this embedding on two separate datasets, CTU'13 and UGR'16, and combine the UGR'16 embedding with several machine learning methods. We compare the models with and without the embedding to evaluate the benefits of including network behavior into an intrusion detection system. We show that the addition of embeddings improve the F1-scores for all models in the multiclassification problem given in the UGR'16 data. / MS / As computer networks grow and demonstrate more complicated and intricate behaviors, traditional network protection tools like firewalls struggle to protect personal computers and servers. Machine learning has stepped to the forefront to counteract this by learning and predicting behavior on a network. However, this learned behavior fails to capture much of the information regarding relationships between computers on a network. Additionally, standard techniques to convert network information into numbers struggles to capture many of the similarities between machines. To counteract this, we evaluate a method to capture relationships between IP addresses and ports, called an embedding. We demonstrate this embedding on two different datasets of network traffic, and evaluate the embedding on one dataset with several machine learning methods. We compare the models with and without the embedding to evaluate the benefits of including network behavior into an intrusion detection system. We show that including network behavior into machine learning models improves the performance of classifying attacks found in the UGR’16 data.

word embeddings

intrusion detection

Intrusion detection and response model to enhance security in cognitive radio networks / Ifeoma Ugochi Ohaeri

Ohaeri, Ifeoma Ugochi

January 2012

With the rapid proliferation of new technologies and services in the wireless domain, spectrum scarcity has become a major concern. Cognitive radios (CRs) arise as a promising solution to the scarcity of spectrum. A basic operation of the CRs is spectrum sensing. Whenever a primary signal is detected, CRs have to vacate the specific spectrum band. Malicious users can mimic incumbent transmitters so as to enforce CRs to vacate the specific band. Cognitive radio networks (CRNs) are expected to bring an evolution to the spectrum scarcity problem through intelligent use of the fallow spectrum bands. However, as CRNs are wireless in nature, they face all common security threats found in the traditional wireless networks. Common security combating measures for wireless environments consist of authorization, authentication, and access control. But CRNs face new security threats and challenges that have arisen due to their unique cognitive (self-configuration, self-healing, self-optimization, and self-protection) characteristics. Because of these new security threats, the use of traditional security combating measures would be inadequate to address the challenges. Consequently, this research work proposes an Intrusion Detection and Response Model (IDRM) to enhance security in cognitive radio networks. Intrusion detection monitors all the activities in order to detect the intrusion. It searches for security violation incidents, recognizes unauthorized accesses, and identifies information leakages. Unfortunately, system administrators neither can keep up with the pace that an intrusion detection system is delivering responses or alerts, nor can they react within adequate time limits. Therefore, an automatic response system has to take over this task by reacting without human intervention within the cognitive radio network. / Thesis (M.Sc.(Computer Science) North-West University, Mafikeng Campus, 2012

Intrusion detection systems

Computer security

APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.

Kalibjian, Jeffrey R.

10 1900

International Telemetering Conference Proceedings / October 23-26, 2000 / Town & Country Hotel and Conference Center, San Diego, California / Over the past few years models for Internet based sharing and selling of telemetry data have been presented [1] [2] [3] at ITC conferences. A key element of these sharing/selling architectures was security. This element was needed to insure that information was not compromised while in transit or to insure particular parties had a legitimate right to access the telemetry data. While the software managing the telemetry data needs to be security conscious, the networked computer hosting the telemetry data to be shared or sold also needs to be resistant to compromise. Intrusion Detection Systems (IDS) may be used to help identify and protect computers from malicious attacks in which data can be compromised.

Intrusion Detection Systems

Computer Security

An Adaptive Database Intrusion Detection System

Barrios, Rita M.

01 January 2011

Intrusion detection is difficult to accomplish when attempting to employ current methodologies when considering the database and the authorized entity. It is a common understanding that current methodologies focus on the network architecture rather than the database, which is not an adequate solution when considering the insider threat. Recent findings suggest that many have attempted to address this concern with the utilization of various detection methodologies in the areas of database authorization, security policy management and behavior analysis but have not been able to find an adequate solution to achieve the level of detection that is required. While each of these methodologies has been addressed on an individual basis, there has been very limited work to address the methodologies as a single entity in an attempt to function within the detection environment in a harmonious fashion. Authorization is at the heart of most database implementations however, is not enough to prevent a rogue, authorized entity from instantiating a malicious action. Similarly, eliminating the current security policies only exacerbates the problem due to a lack of knowledge in a fashion when the policies have been modified. The behavior of the authorized entity is the most significant concern in terms of intrusion detection. However, behavior identification methodologies alone will not produce a complete solution. The detection of the insider threat during database access by merging the individual intrusion detection methodologies as noted will be investigated. To achieve the goal, this research is proposing the creation of a procedural framework to be implemented as a precursor to the effecting of the data retrieval statement. The intrusion model and probability thresholds will be built utilizing the intrusion detection standards as put forth in research and industry. Once an intrusion has been indicated, the appropriate notifications will be distributed for further action by the security administrator while the transaction will continue to completion. This research is proposing the development of a Database Intrusion Detection framework with the introduction of a process as defined in this research, to be implemented prior to data retrieval. This addition will enable an effective and robust methodology to determine the probability of an intrusion by the authorized entity, which will ultimately address the insider threat phenomena.

Database

Intrusion Detection

Computer Sciences

Design of Efficient FPGA Circuits For Matching Complex Patterns in Network Intrusion Detection Systems

Clark, Christopher R.

03 March 2004

The objective of this research is to design and develop a reconfigurable string matching co-processor using field-programmable gate array (FPGA) technology that is capable of matching thousands of complex patterns at gigabit network rates for network intrusion detection systems (NIDS). The motivation for this work is to eliminate the most significant bottleneck in current NIDS software, which is the pattern matching process. The tasks involved with this research include designing efficient, high-performance hardware circuits for pattern matching and integrating the pattern matching co-processor with other NIDS components running on a network processor. The products of this work include a system to translate standard intrusion detection patterns to FPGA pattern matching circuits that support all the functionality required by modern NIDS. The system generates circuits efficient enough to enable the entire ruleset of a popular NIDS containing over 1,500 patterns and 17,000 characters to fit into a single low-end FPGA chip and process data at an input rate of over 800 Mb/s. The capacity and throughput both scale linearly, so larger and faster FPGA devices can be used to further increase performance. The FPGA co-processor allows the task of pattern matching to be completely offloaded from a NIDS, significantly improving the overall performance of the system.

Network security

Intrusion detection

IDS

Implementation and Evaluation of A Low-Cost Intrusion Detection System For Community Wireless Mesh Networks

2015 February 1900

Rural Community Wireless Mesh Networks (WMN) can be great assets to rural communities, helping them connect to the rest of their region and beyond. However, they can be a liability in terms of security. Due to the ad-hoc nature of a WMN, and the wide variety of applications and systems that can be found in such a heterogeneous environment there are multiple points of intrusion for an attacker. An unsecured WMN can lead to privacy and legal problems for the users of the network. Due to the resource constrained environment, traditional Intrusion Detection Systems (IDS) have not been as successful in defending these wireless network environments, as they were in wired network deployments. This thesis proposes that an IDS made up of low cost, low power devices can be an acceptable base for a Wireless Mesh Network Intrusion Detection System. Because of the device's low power, cost and ease of use, such a device could be easily deployed and maintained in a rural setting such as a Community WMN. The proposed system was compared to a standard IDS solution that would not cover the entire network, but had much more computing power but also a higher capital cost as well as maintenance costs. By comparing the low cost low power IDS to a standard deployment of an open source IDS, based on network coverage and deployment costs, a determination can be made that a low power solution can be feasible in a rural deployment of a WMN.

WMN, IDS, Intrusion Detection System.

Behavior-based Worm Detection

Stafford, John, Stafford, John

January 2012

The Internet has become a core component of our lives and businesses. Its reliability and availability are of paramount importance. There are many types of malware that impact the availability of the Internet, including network worms, bot-nets, viruses, etc. Detecting such attacks is a critical component of defending against them. This dissertation focuses on detecting and understanding self-propagating network worms, a type of malware with a proven record of disrupting the Internet. According to

Intrusion detection

Malware

Networks

Worm