Global ETD Search

241	Classification of Patterns in Streaming Data Using Clustering Signatures Awodokun, Olugbenga January 2017 (has links) No description available. Computer Science data mining hierarchical clustering unsupervised learning data analytics machine learning intrusion detection
242	Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet Bykova, Marina 12 April 2002 (has links) No description available. Computer Science malformed packets TCP/IP traffic analysis intrusion detection packet header
243	Compilation For Intrusion Detection Systems Lydon, Andrew 25 June 2004 (has links) No description available. Computer Science Security Intrusion Detection Computer Security Distributed Real-Time Complier
244	AI-Based Intrusion Detection Systems to Secure Internet of Things (IoT) Otoum, Yazan 20 September 2022 (has links) The Internet of Things (IoT) is comprised of numerous devices that are connected through wired or wireless networks, including sensors and actuators. The number of IoT applications has recently increased dramatically, including Smart Homes, Internet of Vehicles (IoV), Internet of Medical Things (IoMT), Smart Cities, and Wearables. IoT Analytics has reported that the number of connected devices is expected to grow 18% to 14.4 billion in 2022 and will be 27 billion by 2025. Security is a critical issue in today's IoT, due to the nature of the architecture, the types of devices, the different methods of communication (mainly wireless), and the volume of data being transmitted over the network. Furthermore, security will become even more important as the number of devices connected to the IoT increases. However, devices can protect themselves and detect threats with the Intrusion Detection System (IDS). IDS typically use one of two approaches: anomaly-based or signature-based. In this thesis, we define the problems and the particular requirements of securing the IoT environments, and we have proposed a Deep Learning (DL) anomaly-based model with optimal features selection to detect the different potential attacks in IoT environments. We then compare the performance results with other works that have been used for similar tasks. We also employ the idea of reinforcement learning to combine the two different IDS approaches (i.e., anomaly-based and signature-based) to enable the model to detect known and unknown IoT attacks and classify the recognized attacked into five classes: Denial of Service (DDoS), Probe, User-to-Root (U2R), Remote-to-Local (R2L), and Normal traffic. We have also shown the effectiveness of two trending machine-learning techniques, Federated and Transfer learning (FL/TL), over using the traditional centralized Machine and Deep Learning (ML/DL) algorithms. Our proposed models improve the model's performance, increase the learning speed, reduce the amount of data that needs to be trained, and reserve user data privacy when compared with the traditional learning approaches. The proposed models are implemented using the three benchmark datasets generated by the Canadian Institute for Cybersecurity (CIC), NSL-KDD, CICIDS2017, and the CSE-CIC-IDS2018. The performance results were evaluated in different metrics, including Accuracy, Detection Rate (DR), False Alarm Rate (FAR), Sensitivity, Specificity, F-measure, and training and fine-tuning times. Internet of Things (IoT) Intrusion Detection System (IDS) IoT Security Machine Learning (ML)
245	Performance Evaluation Study of Intrusion Detection Systems. Alhomoud, Adeeb M., Munir, Rashid, Pagna Disso, Jules F., Al-Dhelaan, A., Awan, Irfan U. 2011 August 1917 (has links) With the thriving technology and the great increase in the usage of computer networks, the risk of having these network to be under attacks have been increased. Number of techniques have been created and designed to help in detecting and/or preventing such attacks. One common technique is the use of Network Intrusion Detection / Prevention Systems NIDS. Today, number of open sources and commercial Intrusion Detection Systems are available to match enterprises requirements but the performance of these Intrusion Detection Systems is still the main concern. In this paper, we have tested and analyzed the performance of the well know IDS system Snort and the new coming IDS system Suricata. Both Snort and Suricata were implemented on three different platforms (ESXi virtual server, Linux 2.6 and FreeBSD) to simulate a real environment. Finally, in our results and analysis a comparison of the performance of the two IDS systems is provided along with some recommendations as to what and when will be the ideal environment for Snort and Suricata. Attacks ; Intrusion Detection Systems (IDS) ; Traffic ; Performance evaluation ; Packet drops ; Suricata ; Snort ; Alerts ; Network security
246	Anomaly diagnosis based on regression and classification analysis of statistical traffic features Liu, Lei, Jin, X.L., Min, Geyong, Xu, L. 30 September 2013 (has links) No / Traffic anomalies caused by Distributed Denial-of-Service (DDoS) attacks are major threats to both network service providers and legitimate customers. The DDoS attacks regularly consume and exhaust the resources of victims and hence result in abnormal bursty traffic through end-user systems. Additionally, malicious traffic aggregated into normal traffic often show dramatic changes in the traffic nature and statistical features. This study focuses on early detection of traffic anomalies caused by DDoS attacks in light of analyzing the network traffic behavior. Key statistical features including variance, autocorrelation, and self-similarity are employed to characterize the network traffic. Further, artificial neural network and support vector machine subject to the performance metrics are employed to predict and classify the abnormal traffic. The proposed diagnosis mechanism is validated through experiments where the datasets consist of two groups. The first group is the Massachusetts Institute of Technology Lincoln Laboratory dataset containing labeled DoS attack. The second group collected from DDoS attack simulation experiments covers three representative traffic shapes resulting from the dynamic attack rate configuration, namely, constant intensity, ramp-up behavior, and pulsing behavior. The experimental results demonstrate that the developed mechanism can effectively and precisely alert the abnormal traffic within short response period. Intrusion detection ; DDoS ; Feature regression and classification ; Traffic measurement ; Anomaly diagnosis ; Of-service attacks ; DDoS attacks ; Network
247	Hidden Markov models and alert correlations for the prediction of advanced persistent threats Ghafir, Ibrahim, Kyriakopoulos, K.G., Lambotharan, S., Aparicio-Navarro, F.J., Assadhan, B., Binsalleeh, H., Diab, D.M. 24 January 2020 (has links) Yes / Cyber security has become a matter of a global interest, and several attacks target industrial companies and governmental organizations. The advanced persistent threats (APTs) have emerged as a new and complex version of multi-stage attacks (MSAs), targeting selected companies and organizations. Current APT detection systems focus on raising the detection alerts rather than predicting APTs. Forecasting the APT stages not only reveals the APT life cycle in its early stages but also helps to understand the attacker's strategies and aims. This paper proposes a novel intrusion detection system for APT detection and prediction. This system undergoes two main phases; the first one achieves the attack scenario reconstruction. This phase has a correlation framework to link the elementary alerts that belong to the same APT campaign. The correlation is based on matching the attributes of the elementary alerts that are generated over a configurable time window. The second phase of the proposed system is the attack decoding. This phase utilizes the hidden Markov model (HMM) to determine the most likely sequence of APT stages for a given sequence of correlated alerts. Moreover, a prediction algorithm is developed to predict the next step of the APT campaign after computing the probability of each APT stage to be the next step of the attacker. The proposed approach estimates the sequence of APT stages with a prediction accuracy of at least 91.80%. In addition, it predicts the next step of the APT campaign with an accuracy of 66.50%, 92.70%, and 100% based on two, three, and four correlated alerts, respectively. / The Gulf Science, Innovation and Knowledge Economy Programme of the U.K. Government under UK-Gulf Institutional Link Grant IL 279339985 and in part by the Engineering and Physical Sciences Research Council (EPSRC), U.K., under Grant EP/R006385/1. Advanced persistent threat Intrusion detection system Alert correlation Hidden Markov model Attack prediction
248	Detection of advanced persistent threat using machine-learning correlation analysis Ghafir, Ibrahim, Hammoudeh, M., Prenosil, V., Han, L., Hegarty, R., Rabie, K., Aparicio-Navarro, F.J. 24 January 2020 (has links) Yes / As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%. Cyber attacks Advanced persistent threat Malware Intrusion detection system Alert correlation Machine learning
249	BotDet: a system for real time Botnet command and control traffic detection Ghafir, Ibrahim, Prenosil, V., Hammoudeh, M., Baker, T., Jabbar, S., Khalid, S., Jaf, S. 24 January 2020 (has links) Yes / Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed system: 1) we have developed four detection modules to detect different possible techniques used in botnet C&C communications and 2) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6%, respectively. Furthermore, it proves BotDet capability of real time detection. Critical infrastructure security Healthcare cyber attacks Malware Botnet Command and control server Intrusion detection system Alert correlation
250	Unsupervised Learning for Feature Selection: A Proposed Solution for Botnet Detection in 5G Networks Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 01 August 2022 (has links) Yes / The world has seen exponential growth in deploying Internet of Things (IoT) devices. In recent years, connected IoT devices have surpassed the number of connected non-IoT devices. The number of IoT devices continues to grow and they are becoming a critical component of the national infrastructure. IoT devices' characteristics and inherent limitations make them attractive targets for hackers and cyber criminals. Botnet attack is one of the serious threats on the Internet today. This article proposes pattern-based feature selection methods as part of a machine learning (ML) based botnet detection system. Specifically, two methods are proposed: the first is based on the most dominant pattern feature values and the second is based on Maximal Frequent Itemset (MFI) mining. The proposed feature selection method uses Gini Impurity (GI) and an unsupervised clustering method to select the most influential features automatically. The evaluation results show that the proposed methods have improved the performance of the detection system. The developed system has a True Positive Rate (TPR) of 100% and a False Positive Rate (FPR) of 0% for best performing models. In addition, the proposed methods reduce the computational cost of the system as evidenced by the detection speed of the system. Botnet attack Internet of Things Network security Intrusion detection system Machine learning Feature selection

Search results