Contemporary Sequential Network Attacks Prediction using Hidden Markov Model

Chadza, Timothy A.; Kyriakopoulos, K.; Lambotharan, Sangarapillai

doi:10.1109/pst47121.2019.8949035

Cited by 28 publications

(11 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The method of encrypted IoT traffics identification based on HMM (Hidden Markov Model) extracts the behavior characteristics from a time-sequence change perspective instead of a local one [25]. The behavior characteristics are implied in the process of data packages flowing into and out of the devices, which can be modeled with HMM.…”

Section: A Methods Base On Time-sequence Behavior Analysismentioning

confidence: 99%

Edge Intelligence Based Identification and Classification of Encrypted Traffic of Internet of Things

Zhao¹,

Yang²,

Tian³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

A detection model of Internet of Things encrypted traffic based on edge intelligence is proposed in the paper, which can reduce the communication times of distributed Internet of Things gateways in the process of edge intelligence as well as the encrypted traffic detection model establishment time, in order to solve the problems that it is difficult to carry out efficient classification and accurate identification of the encrypted traffic of Internet of Things. In this paper, four new classification and identification methods for encrypted traffic are put forward, namely time-sequence behavior analysis, dynamic behavior analysis, key behavior analysis and two-round filtering analysis. The experimental results show that when the sample size is 1600, the encrypted traffic detection model establishment time is less than 100 seconds, and the accuracy of all the four new traffic classification methods is more than 92% and the recall rates of them are more than 83%.INDEX TERMS Internet of things, edge intelligence, encrypted traffic, identification and classification, IoT gateway.

show abstract

Section: A Methods Base On Time-sequence Behavior Analysismentioning

confidence: 99%

Edge Intelligence Based Identification and Classification of Encrypted Traffic of Internet of Things

Zhao¹,

Yang²,

Tian³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Also, there have been many studies using session management [21], [22]. There have been studies that use metadata such as session generation time, packet size, and packet reception time to generate features at the packet layer and use them for machine learning, or create features at the session layer and use them for machine learning [23].…”

Section: Studies Of Security Challengesmentioning

confidence: 99%

Session Management for Security Systems in 5G Standalone Network

Park

Kwon²,

Park³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

As 5G telecom services evolve rapidly across a broad technological environment, network security in 5G landscape emerges as a critically challenging issue. One of typical network security tools is an intrusion prevention system (IPS) that monitors a network for malicious activity across the cyber-attack chain and takes action to prevent it. Vulnerabilities in 5G core networks become more varied and protocols become increasingly complex, whereby conventional Next Generation Firewall (NGFW) is not enough anymore to respond to cyber attacks. As a typical 5G vulnerability attack, PFCP-in-GTP and IPSec disable attack are highly complex to detect and cannot identify attackers without integrated session management. However, the 5G core network uses various protocols such as Non-Access Stratum (NAS), Hyper Text Transfer Protocol (HTTP), Packet Forwarding Control Protocol (PFCP), and GPRS Tunnelling Protocol (GTP), and packets of the interface used by each protocol are managed as identities that are difficult to identify. Analyzing the relationship of these interfaces in real time is an important key to integrated session management. In addition, unlike existing 4G, as 3rd Generation Partnership Project (3GPP) specs mandate encrypting 5G Standalone (SA) user IDs, it is much more difficult to identify from which user traffic has occurred in IPSs exclusive for cellular network. With regard to the above subject, this paper introduces an efficient session management scheme for users not affordable in conventional NFGW but necessarily useful for security systems in 5G SA. Furthermore, this study compared performances between conventional NGFWs and a 5G IPS system with the scheme employed, to ascertain that the scheme is feasibly implementable in 5G SA network. The actual test results show a detection rate of 99.7% and reasonable resource overhead (Memory usage 37.8%, CPU usage 42-44%).

show abstract

“…Furthermore, variations of an original experiment may be performed on the same dataset. However, providing [17] 97.00 n/a n/a n/a Chastikova and Sotnikov [18] n/a n/a n/a n/a D'hooge et al [ these scores may be valuable for future comparative research. Table 3 provides an alphabetical listing by author of the papers discussed in this section, along with the proposed respective model(s) for CICIDS2018, and Table 4 shows the same ordered listing by author coupled with the associated computing environment(s) for CICIDS2018.…”

Section: Research Papers Using Cicids2018mentioning

confidence: 99%

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

2020

View full text Add to dashboard Cite

The exponential growth in computer networks and network applications worldwide has been matched by a surge in cyberattacks. For this reason, datasets such as CSE-CIC-IDS2018 were created to train predictive models on network-based intrusion detection. These datasets are not meant to serve as repositories for signature-based detection systems, but rather to promote research on anomaly-based detection through various machine learning approaches. CSE-CIC-IDS2018 contains about 16,000,000 instances collected over the course of ten days. It is the most recent intrusion detection dataset that is big data, publicly available, and covers a wide range of attack types. This multi-class dataset has a class imbalance, with roughly 17% of the instances comprising attack (anomalous) traffic. Our survey work contributes several key findings. We determined that the best performance scores for each study, where available, were unexpectedly high overall, which may be due to overfitting. We also found that most of the works did not address class imbalance, the effects of which can bias results in a big data study. Lastly, we discovered that information on the data cleaning of CSE-CIC-IDS2018 was inadequate across the board, a finding that may indicate problems with reproducibility of experiments. In our survey, major research gaps have also been identified.

show abstract

Contemporary Sequential Network Attacks Prediction using Hidden Markov Model

Cited by 28 publications

References 8 publications

Edge Intelligence Based Identification and Classification of Encrypted Traffic of Internet of Things

Edge Intelligence Based Identification and Classification of Encrypted Traffic of Internet of Things

Session Management for Security Systems in 5G Standalone Network

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

Contact Info

Product

Resources

About