This paper uses a hybrid feature selection process and classification techniques to classify cyber‐attacks in the UNSW‐NB15 dataset. A combination of k‐means clustering, and a correlation‐based feature selection, were used to come up with an optimum subset of features and then two classification techniques, one probabilistic, Naïve Bayes (NB), and a second, based on decision trees (J48), were employed. Our results show that this hybrid feature selection method in combination with the NB model was able to improve the classification accuracy of most attacks, especially the rare attacks. The false alarm rates were lower for most of the attacks, and particularly the rare attacks, with this combination of feature selection and the NB model. The J48 decision tree model, however, did not perform any better with the feature selection, but its classification rate for all attack families was already very high, with or without feature selection.
Network traffic classification and characterisation is playing an increasingly vital role in understanding and solving securityrelated issues in internet-based applications. The priority of research studies in this area has focused on characterisation of network traffic based on various layers of communication protocols as outlined in the TCP/IP stack and even further expanded to concentrate on specific application-layer protocols. Virtual Private Networks (VPNs) have become one of the most popular remote access communication methods among users over the public internet and other Internet Protocol (IP)-based networks. VPNs are governed by IP Security, which is a suite of protocols used for tunnelling the already encrypted IP traffic, to guarantee secure remote access to servers. In this paper, we propose and develop a framework to classify VPN or non-VPN network traffic using timerelated features. Our focus is on classification of network traffic which is encrypted, tunnelled through a VPN, and the one which is normally encrypted (non-VPN transmission), using machine-learning techniques on data sets of time-related features. Six classification models: logistic regression, support vector machine, Naïve Bayes, k-nearest neighbour and ensemble methodsthe Random Forest (RF) classifier and Gradient Boosting Tree (GBT) classifiersare compared, and recommendations of optimised RF and GBT models over other models are provided in terms of high accuracy and low overfitting. Features which contributed to achieve 90% accuracy in each category were also identified.
The inception of malware disguised as a solution to fix a problem to the current sophisticated malware demanding huge money, ransomware has attained significant proliferation through various advancements in information technologies. As a result of this development, cybercriminals have become adept and highly successful in compromising advanced information systems. Computer and network systems infected with ransomware are also often infected with various forms of malicious software. Ransomware targets have become more educated, aware and cautious of malware, motivating cybercriminals to respond with innovative attacks. In this paper, we analyse the evolution of ransomware from the perspective of what makes an individual or an organisation susceptible to the succumbing demands of ransomware. Finally, we conclude with few suggestions about the predictions of future trends of ransomware.
ARTICLE HISTORY
The IEEE 802.15.4 standard specifies two network topologies: star and cluster-tree. A cluster-tree network comprises of multiple clusters that allow the network to scale by connecting devices over multiple wireless hops. The role of a cluster-head (CH) is to aggregate data from all the devices in the cluster and then transmit it to the overall personal area network (PAN) coordinator. This specific role of CH needs to be rotated among multiple coordinators in the cluster to prevent it from energy drain out. Prior works on CH rotation are either based on threshold energy levels or rely on periodic rotation. Both approaches have their respective limitations and, at times, result in unnecessary CH rotations or non-optimal selection of CH. To address this, we propose a non-threshold clusterhead rotation scheme (NCHR), which incurs minimal rotation overhead. It supports topological changes, node heterogeneity, and can also handle CH failures. Through simulations and hardware implementation, the performance of the proposed NCHR scheme is analyzed in terms of network lifetime, CH rotation overhead, and the number of CH rotations. It is shown that the proposed scheme boosts network lifetime, incurs less rotation overhead, and needs fewer CH rotations compared to other related schemes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.