An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

Alshammri, Ghalib H.; Samha, Amani K.; Hemdan, Ezz El‐Din; Amoon, Mohammed; El‐Shafai, Walid

doi:10.32604/cmc.2022.025262

Cited by 5 publications

(3 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This step aims to eliminate zero-values or null attributes and represent the features in an appropriate format before feeding them into the machine learning (ML) classifiers being investigated. Specifically, we utilized eight distinct ML models, namely Logistic Regression (LR), Linear Discriminant Analysis (LDA), Naive Bayes (NB), k-nearest neighbor (KNN), Decision Tree (CART), Ada Boost (AB), Random Forest (RF), and Support Vector Machine (SVM) [858], [859].…”

Section: B Case Study II Category-based Analysismentioning

confidence: 99%

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

Billions of people globally use Android devices a . As such, these devices are highly targeted by security attackers. One of the most threatening attacks is to infect devices with malicious software (malware). Fortunately, there are various ways to counteract these attacks and prevent them. One of these methods is developing a comprehensive malware dataset that researchers can utilize for malware analysis, detection, prediction, and prevention systems. This paper introduces a unique, up-to-date, labeled Android malware dataset (Maloid-DS) comprising a comprehensive set of malware families that reached 345 families with 47,971 malware samples. First, we intensely studied existing datasets utilized by previous research works. These datasets are limited in (a) the number of studied families, (b) the number of samples under each family, (c) the number of new malware samples, (d) the proper categorization of the malware families, (e) the accurate mapping of the sample with its corresponding malware family, (f) providing well structuring of the malware families and subfamilies, and (g) presenting a profound description of each family behavior. All these limitations were seriously tackled by introducing Maloid-DS. The process of creating Maloid is detailed in this paper. Moreover, several case studies are demonstrated in this paper to show the value of Maloid and how different types of analysis systems and AI-based detection and prediction solutions could utilize it. While the full potential of Maloid-DS in real-world scenarios is subject to ongoing research and practical application, it represents a substantial contribution to the cybersecurity community, offering a broad and detailed foundation for protecting Android devices against malware threats.

show abstract

Section: B Case Study II Category-based Analysismentioning

confidence: 99%

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…Recently, the security of the IoT has become perilous; therefore, different studies are related to this area [7][8][9][10][11][12][13][14][15][16][17][18][19]. Several works have been proposed for detecting intrusion using intelligent approaches like classification and detection [20][21][22][23][24][25][26][27][28][29][30].…”

Section: Related Workmentioning

confidence: 99%

An Efficient Intrusion Detection Framework for Industrial Internet of Things Security

Alshathri¹,

El‐Sayed²,

El‐Shafai³

et al. 2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Recently, the Internet of Things (IoT) has been used in various applications such as manufacturing, transportation, agriculture, and healthcare that can enhance efficiency and productivity via an intelligent management console remotely. With the increased use of Industrial IoT (IIoT) applications, the risk of brutal cyber-attacks also increased. This leads researchers worldwide to work on developing effective Intrusion Detection Systems (IDS) for IoT infrastructure against any malicious activities. Therefore, this paper provides effective IDS to detect and classify unpredicted and unpredictable severe attacks in contradiction to the IoT infrastructure. A comprehensive evaluation examined on a new available benchmark TON_IoT dataset is introduced. The data-driven IoT/IIoT dataset incorporates a label feature indicating classes of normal and attack-targeting IoT/IIoT applications. Correspondingly, this data involves IoT/IIoT services-based telemetry data that involves operating systems logs and IoT-based traffic networks collected from a realistic medium-scale IoT network. This is to classify and recognize the intrusion activity and provide the intrusion detection objectives in IoT environments in an efficient fashion. Therefore, several machine learning algorithms such as Logistic Regression (LR), Linear Discriminant Analysis (LDA), K-Nearest Neighbors (KNN), Gaussian Naive Bayes (NB), Classification and Regression Tree (CART), Random Forest (RF), and AdaBoost (AB) are used for the detection intent on thirteen different intrusion datasets. Several performance metrics like accuracy, precision, recall, and F1-score are used to estimate the proposed framework. The experimental results show that the CART surpasses the other algorithms with the highest accuracy values like 0.97, 1.00, 0.99, 0.99, 1.00, 1.00, and 1.00 for effectively detecting the intrusion activities on the IoT/ IIoT infrastructure on most of the employed datasets. In addition, the proposed work accomplishes high performance compared to other recent related works in terms of different security and detection evaluation parameters.

show abstract

“…This approach uses eight different ML models to train and test the extracted features from the APK files. These ML classifiers are Support Vector Machine (SVM), Random Forest (RF), Ada Boost (AB), Decision Tree (CART), K-Nearest Neighbor (KNN), Naive Bayes (NB), Linear Discriminant Analysis (LDA), and Logistic Regression (LR) [42][43][44]. Finally, the detection efficacy of the used ML classifiers is evaluated using different assessment tools such as precision, recall, F1-score, ROC curve, confusion matrix, and accuracy [45,46].…”

Section: The Proposed Static-based Rd Approachmentioning

confidence: 99%

E2E-RDS: Efficient End-to-End Ransomware Detection System Based on Static-Based ML and Vision-Based DL Approaches

Almomani

Alkhayer

El‐Shafai

2023

Sensors

View full text Add to dashboard Cite

Nowadays, ransomware is considered one of the most critical cyber-malware categories. In recent years various malware detection and classification approaches have been proposed to analyze and explore malicious software precisely. Malware originators implement innovative techniques to bypass existing security solutions. This paper introduces an efficient End-to-End Ransomware Detection System (E2E-RDS) that comprehensively utilizes existing Ransomware Detection (RD) approaches. E2E-RDS considers reverse engineering the ransomware code to parse its features and extract the important ones for prediction purposes, as in the case of static-based RD. Moreover, E2E-RDS can keep the ransomware in its executable format, convert it to an image, and then analyze it, as in the case of vision-based RD. In the static-based RD approach, the extracted features are forwarded to eight various ML models to test their detection efficiency. In the vision-based RD approach, the binary executable files of the benign and ransomware apps are converted into a 2D visual (color and gray) images. Then, these images are forwarded to 19 different Convolutional Neural Network (CNN) models while exploiting the substantial advantages of Fine-Tuning (FT) and Transfer Learning (TL) processes to differentiate ransomware apps from benign apps. The main benefit of the vision-based approach is that it can efficiently detect and identify ransomware with high accuracy without using data augmentation or complicated feature extraction processes. Extensive simulations and performance analyses using various evaluation metrics for the proposed E2E-RDS were investigated using a newly collected balanced dataset that composes 500 benign and 500 ransomware apps. The obtained outcomes demonstrate that the static-based RD approach using the AB (Ada Boost) model achieved high classification accuracy compared to other examined ML models, which reached 97%. While the vision-based RD approach achieved high classification accuracy, reaching 99.5% for the FT ResNet50 CNN model. It is declared that the vision-based RD approach is more cost-effective, powerful, and efficient in detecting ransomware than the static-based RD approach by avoiding feature engineering processes. Overall, E2E-RDS is a versatile solution for end-to-end ransomware detection that has proven its high efficiency from computational and accuracy perspectives, making it a promising solution for real-time ransomware detection in various systems.

show abstract

An Efficient Intrusion Detection Framework in Software-Defined Networking for Cybersecurity Applications

Cited by 5 publications

References 46 publications

Maloid-DS: Labeled Dataset for Android Malware Forensics

Maloid-DS: Labeled Dataset for Android Malware Forensics

An Efficient Intrusion Detection Framework for Industrial Internet of Things Security

E2E-RDS: Efficient End-to-End Ransomware Detection System Based on Static-Based ML and Vision-Based DL Approaches

Contact Info

Product

Resources

About