Towards Automated Matching of Cyber Threat Intelligence Reports based on Cluster Analysis in an Internet-of-Vehicles Environment

Raptis, George; Katsini, Christina; Alexakos, Christos

doi:10.1109/csr51186.2021.9527983

Cited by 6 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A synonymous IP flood attack is a type of DDoS attack that aims to consume the resources of DNS servers by sending a high volume of requests for a nonexistent domain. This attack, which uses the TCP protocol, uses high-speed packets [27].…”

Section: Ddosmentioning

confidence: 99%

IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm

Yaras,

Dener

2024

Electronics

View full text Add to dashboard Cite

The most significant threat that networks established in IoT may encounter is cyber attacks. The most commonly encountered attacks among these threats are DDoS attacks. After attacks, the communication traffic of the network can be disrupted, and the energy of sensor nodes can quickly deplete. Therefore, the detection of occurring attacks is of great importance. Considering numerous sensor nodes in the established network, analyzing the network traffic data through traditional methods can become impossible. Analyzing this network traffic in a big data environment is necessary. This study aims to analyze the obtained network traffic dataset in a big data environment and detect attacks in the network using a deep learning algorithm. This study is conducted using PySpark with Apache Spark in the Google Colaboratory (Colab) environment. Keras and Scikit-Learn libraries are utilized in the study. ‘CICIoT2023’ and ‘TON_IoT’ datasets are used for training and testing the model. The features in the datasets are reduced using the correlation method, ensuring the inclusion of significant features in the tests. A hybrid deep learning algorithm is designed using one-dimensional CNN and LSTM. The developed method was compared with ten machine learning and deep learning algorithms. The model’s performance was evaluated using accuracy, precision, recall, and F1 parameters. Following the study, an accuracy rate of 99.995% for binary classification and 99.96% for multiclassification is achieved in the ‘CICIoT2023’ dataset. In the ‘TON_IoT’ dataset, a binary classification success rate of 98.75% is reached.

show abstract

Section: Ddosmentioning

confidence: 99%

IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm

Yaras,

Dener

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…• ACK Fragmentation: a relatively small number of maximum-sized packets is used to compromise the network operation. In many cases, these fragmented packets are successfully sent and handled by routers, firewalls, and intrusion prevention systems, given that fragmented packets recompilation is not performed [62] Synonymous IP Flood: an extensive number of manipulated TCP-SYN packets with source and destination addresses as the targeted address, which leads the server to use its resources to process the incoming traffic [72].…”

Section: Executing Dos and Ddos Attacksmentioning

confidence: 99%

CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment

Neto

Dadkhah

Ferreira

et al. 2023

Sensors

View full text Add to dashboard Cite

Nowadays, the Internet of Things (IoT) concept plays a pivotal role in society and brings new capabilities to different industries. The number of IoT solutions in areas such as transportation and healthcare is increasing and new services are under development. In the last decade, society has experienced a drastic increase in IoT connections. In fact, IoT connections will increase in the next few years across different areas. Conversely, several challenges still need to be faced to enable efficient and secure operations (e.g., interoperability, security, and standards). Furthermore, although efforts have been made to produce datasets composed of attacks against IoT devices, several possible attacks are not considered. Most existing efforts do not consider an extensive network topology with real IoT devices. The main goal of this research is to propose a novel and extensive IoT attack dataset to foster the development of security analytics applications in real IoT operations. To accomplish this, 33 attacks are executed in an IoT topology composed of 105 devices. These attacks are classified into seven categories, namely DDoS, DoS, Recon, Web-based, brute force, spoofing, and Mirai. Finally, all attacks are executed by malicious IoT devices targeting other IoT devices. The dataset is available on the CIC Dataset website.

show abstract

“…• Attack Attribution [12], which attempts to identify indicators of compromise, aiming to help security experts to attribute the incoming attack to known threat actors by identifying common tactics, techniques, and procedures, with the use of machine learning approaches, and • Digital Forensics Readiness [1], which attempts to automatically collect digital forensics relative data and to create a forensics investigation report with all the necessary information, while preserving the soundness and integrity of the acquired data and maintaining a valid chain of custody.…”

Section: Niove Frameworkmentioning

confidence: 99%

FoRePlan: Supporting Digital Forensics Readiness Planning for Internet of Vehicles

Katsini

Raptis

Alexakos

et al. 2021

25th Pan-Hellenic Conference on Informatics

Self Cite

View full text Add to dashboard Cite

The massive amount of data collected by the connected and autonomous vehicles can be used as digital evidence for investigating cyberattacks, identifying vulnerabilities and providing response and recovery solutions to increase the security in the Internet-of-Vehicles ecosystems. In this respect, the investigation of digital incidents, (e.g., cyber-attacks) requires setting appropriate digital forensics readiness plans for screening data and acquiring those that are more relevant to the incident. Aiming to support the process of creating and executing digital forensics readiness plans, in this paper, we present FoRePlan, which provides the security experts with means to prepare, manage, and execute customized digital forensics readiness plans tailored to the detected attacks in Internet-of-Vehicles ecosystems.CCS Concepts: • Security and privacy → Usability in security and privacy; • Applied computing → Computer forensics; • Software and its engineering → Designing software;

show abstract

Towards Automated Matching of Cyber Threat Intelligence Reports based on Cluster Analysis in an Internet-of-Vehicles Environment

Cited by 6 publications

References 13 publications

IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm

IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm

CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment

FoRePlan: Supporting Digital Forensics Readiness Planning for Internet of Vehicles

Contact Info

Product

Resources

About