In this new era of cloud computing, Intrusion Detection System (IDS) is very essential for the continual monitoring of computing resources for signs of compromise since the number of attack vectors and malware are in increase. Only few IDS datasets are publicly available and those available are outdated, lack cloud‐specific attacks. This article presents a novel dataset based on Virtual Machine Introspected data for the implementation of IDS in cloud. The dataset was generated from the behavioral characteristics of malware and benign sample execution traces on virtual machines using Virtual Machine Introspection (VMI) technique. A vector space model based on system call approach is applied to analyze the behavioral characteristics for the generation of proposed dataset. The purpose of this study is to compare the proposed dataset with existing datasets and evaluate the effectiveness of these datasets by applying Machine Learning (ML) algorithms with 10‐fold cross‐validation. The ML algorithms used in the experiments are C4.5, Random Forest, JRip, NaiveBayes, K‐Nearest Neighbors (KNN), and Support Vector Machine (SVM). The effectiveness of detecting intrusions using proposed dataset is promising compared with other datasets in‐terms of intrusion detection accuracy, recall value, precision, and F1‐score metrics. For example, the intrusion detection accuracy in proposed dataset is 0.11% improved than UNM dataset, 6.28% higher than ADFA dataset, and 1.88% higher than LID dataset with C4.5 algorithm. Therefore, the proposed dataset is best suitable for implementing IDS for cloud.
Security in mobile ad hoc networks is difficult to achieve, because of the dynamic topologies, limited resources, the absence of a certification authority and the lack of a centralized monitoring point [1]. Most of the attacks in MANETs are routing protocol attacks. The sinkhole effect is caused by attempts to draw all network traffic to malicious nodes that broadcast fake shortest path routing information. The sinkhole nodes should be detected and detached as early as possible. The detection mechanism should also guarantee higher detection rate and lower cross over error rate. In this paper we propose a novel technique to detect the sinkholes which uses the mutual understanding among the mobile nodes.
This study propose the use of AI enabled machine learning algorithms with the Bag‐of‐Word (BoW) methods for the detection of intrusions by analysing the system call patterns. Host based Intrusion Detection System can make use of system call patterns to differentiate between normal and anomalous program behaviours. First, the system call patterns are pre‐processed with different approaches like BoW, BoW with Boolean value, BoW with Probability value and BoW with TF‐IDF. Next machine learning algorithms are used to evaluate the performance of classifier models. We used J48 (C4.5), Random Forrest, RIPPER, KNN, SVM, and NaiveBayes ML algorithms. This process was carried out on ADFA‐LD and on our proposed virtual machine monitor (VMM) malware attack data set for analysis. The proposed work is evaluated based on detection accuracy and false alarm rate metrics. Random Forrest algorithm performs better compared with other ML algorithms in terms of intrusion detection accuracy and false alarm rate on ADFA and VMM malware data set. The proposed data set provide better results compared with ADFA‐LD analysed using ML algorithms. The classifier model trained with ADFA and VMM malware system call data sets may do predictive analytics in detecting security issues for Industry 4.0 systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.