Computer networks target several kinds of attacks every hour and day; they evolved to make significant risks. They pass new attacks and trends; these attacks target every open port available on the network. Several tools are designed for this purpose, such as mapping networks and vulnerabilities scanning. Recently, machine learning (ML) is a widespread technique offered to feed the Intrusion Detection System (IDS) to detect malicious network traffic. The core of ML models’ detection efficiency relies on the dataset’s quality to train the model. This research proposes a detection framework with an ML model for feeding IDS to detect network traffic anomalies. This detection model uses a dataset constructed from malicious and normal traffic. This research’s significant challenges are the extracted features used to train the ML model about various attacks to distinguish whether it is an anomaly or regular traffic. The dataset ISOT-CID network traffic part uses for the training ML model. We added some significant column features, and we approved that feature supports the ML model in the training phase. The ISOT-CID dataset traffic part contains two types of features, the first extracted from network traffic flow, and the others computed in specific interval time. We also presented a novel column feature added to the dataset and approved that it increases the detection quality. This feature is depending on the rambling packet payload length in the traffic flow. Our presented results and experiment produced by this research are significant and encourage other researchers and us to expand the work as future work.
Due to the lack of adequate public datasets, the proponents of many existing cloud intrusion detection systems (IDS) have relied on the DARPA dataset to design and evaluate their models. In the current paper, we show empirically that the DARPA dataset by failing to meet important statistical characteristics of real world cloud traffic data center is inadequate for evaluating cloud IDS. We present, as alternative, a new public dataset collected through a cooperation between our lab and a non-profit cloud service provider, which contains benign data and a wide variety of attack data. We present a new hypervisor-based cloud IDS using instanceoriented feature model and supervised machine learning techniques. We investigate 3 different classifiers: Logistic Regression (LR), Random Forest (RF), and Support Vector Machine (SVM) algorithms. Experimental evaluation on a diversified dataset yields a detection rate of 92.08% and a false positive rate of 1.49% for random forest, the best performing of the three classifiers.
In the dynamic and ever-evolving realm of network security, the ability to accurately identify and classify portscan attacks both inside and outside networks is of paramount importance. This study delves into the underexplored potential of fusing graph theory with machine learning models to elevate their anomaly detection capabilities in the context of industrial Internet of things (IIoT) network data analysis. We employed a comprehensive experimental approach, encompassing data preprocessing, visualization, feature analysis, and machine learning model comparison, to assess the efficacy of graph theory representation in improving classification accuracy. More specifically, we converted network traffic data into a graph-based representation, where nodes represent devices and edges represent communication instances. We then incorporated these graph features into our machine learning models. Our findings reveal that incorporating graph theory into the analysis of network data results in a modest-yet-meaningful improvement in the performance of the tested machine learning models, including logistic regression, support vector machines, and K-means clustering. These results underscore the significance of graph theory representation in bolstering the discriminative capabilities of machine learning algorithms when applied to network data.
Emerging growth in technology has rapidly changed our homes and cities. Present homes and cities will be upgraded to smart homes and smart cities in the near future. Various solutions used to build the smart-city network demand a scalable and decentralized solution. This study proposes a blockchain-empowered decentralized and scalable solution for a sustainable smart-city network. The Internet of Things (IoT), fog nodes, permissioned trust chain, smart contract, blockchain, and InterPlanetary file system (IPFS) are deployed to construct a scalable and decentralized solution for a sustainable smart city. Three main public sector departments, i.e., electricity, water supply, and health care, are studied over the proposed solution. The proposed solution is implemented over constrained application protocol (CoAP) and Ethereum blockchain. The performance of the proposed model is evaluated for 1500 devices and over 10,000 records. A total 77.44% improvement is registered during performance evaluation over a scalable environment. The performance evaluation of each case study and collaborative performance evaluation concludes the improvised performance of the proposed solution for scalable and distributed applications. Better performance, scalability, and the distributed nature of the presented model make it suitable for the sustainable smart-city network.
The adoption of cloud computing has increased dramatically in recent years due to attractive features such as flexibility, cost reductions, scalability, and pay per use. Shifting towards cloud computing is attracting not only industry but also government and academia. However, given their stringent privacy and security policies, this shift is still hindered by many security concerns related to the cloud computing features, namely shared resources, virtualization and multi-tenancy. These security concerns vary from privacy threats and lack of transparency to intrusions from within and outside the cloud infrastructure. Therefore, to overcome these concerns and establish a strong trust in cloud computing, there is a need to develop adequate security mechanisms for effectively handling the threats faced in the cloud. Intrusion Detection Systems (IDSs) represent an important part of such mechanisms. Developing cloud based IDS that can capture suspicious activity or threats, and prevent attacks and data leakage from both inside and outside the cloud environment is paramount. However, cloud computing is faced with a multidimensional and rapidly evolving threat landscape, which makes cloud based IDS more challenging. Moreover, one of the most significant hurdles for developing such cloud IDS is the lack of publicly available datasets collected from a real cloud computing environment. In this dissertation, we introduce the first public dataset of its kind, named ISOT Cloud Intrusion Dataset (ISOT-CID), for cloud intrusion detection. The dataset consists of several terabytes of data, involving normal activities and a wide variety of attack vectors, collected over multiple phases and periods of time in a real cloud environment. We also introduce a new hypervisor-based cloud intrusion detection system (HIDS) that uses online multivariate statistical change analysis to detect anomalous network behaviors. As a departure from the conventional monolithic network IDS feature model, we leverage the fact that a hypervisor consists of a collection of instances, to introduce an instance-oriented feature model that exploits individual as well as correlated behaviors of instances to improve the detection capability. The proposed approach is evaluated using ISOT-CID and the experiments along with results are presented.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.