The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists fac...The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists face the challenge of producing systems to identify and offset these attacks.This researchmanages IoT security through the emerging Software-Defined Networking(SDN)standard by developing a unified framework(RNN-RYU).We thoroughly assess multiple deep learning frameworks,including Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),Feed-Forward Convolutional Neural Network(FFCNN),and Recurrent Neural Network(RNN),and present the novel usage of Synthetic Minority Over-Sampling Technique(SMOTE)tailored for IoT-SDN contexts to manage class imbalance during training and enhance performance metrics.Our research has significant practical implications as we authenticate the approache using both the self-generated SD_IoT_Smart_City dataset and the publicly available CICIoT23 dataset.The system utilizes only eleven features to identify DDoS attacks efficiently.Results indicate that the RNN can reliably and precisely differentiate between DDoS traffic and benign traffic by easily identifying temporal relationships and sequences in the data.展开更多
As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic...As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.展开更多
Previous studies have shown that deep learning is very effective in detecting known attacks.However,when facing unknown attacks,models such as Deep Neural Networks(DNN)combined with Long Short-Term Memory(LSTM),Convol...Previous studies have shown that deep learning is very effective in detecting known attacks.However,when facing unknown attacks,models such as Deep Neural Networks(DNN)combined with Long Short-Term Memory(LSTM),Convolutional Neural Networks(CNN)combined with LSTM,and so on are built by simple stacking,which has the problems of feature loss,low efficiency,and low accuracy.Therefore,this paper proposes an autonomous detectionmodel for Distributed Denial of Service attacks,Multi-Scale Convolutional Neural Network-Bidirectional Gated Recurrent Units-Single Headed Attention(MSCNN-BiGRU-SHA),which is based on a Multistrategy Integrated Zebra Optimization Algorithm(MI-ZOA).The model undergoes training and testing with the CICDDoS2019 dataset,and its performance is evaluated on a new GINKS2023 dataset.The hyperparameters for Conv_filter and GRU_unit are optimized using the Multi-strategy Integrated Zebra Optimization Algorithm(MIZOA).The experimental results show that the test accuracy of the MSCNN-BiGRU-SHA model based on the MIZOA proposed in this paper is as high as 0.9971 in the CICDDoS 2019 dataset.The evaluation accuracy of the new dataset GINKS2023 created in this paper is 0.9386.Compared to the MSCNN-BiGRU-SHA model based on the Zebra Optimization Algorithm(ZOA),the detection accuracy on the GINKS2023 dataset has improved by 5.81%,precisionhas increasedby 1.35%,the recallhas improvedby 9%,and theF1scorehas increasedby 5.55%.Compared to the MSCNN-BiGRU-SHA models developed using Grid Search,Random Search,and Bayesian Optimization,the MSCNN-BiGRU-SHA model optimized with the MI-ZOA exhibits better performance in terms of accuracy,precision,recall,and F1 score.展开更多
Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt sa...Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt safety-critical channels and undermine reliability.This paper presents a robust,scalable framework for detecting DDoS attacks in highway VANETs.We construct a new dataset with Network Simulator 3(NS-3)and Simulation of Urban Mobility(SUMO),enriched with real mobility traces from Germany’s A81 highway(OpenStreetMap).Three traffic classes are modeled:DDoS,Voice over IP(VoIP),and Transmission Control Protocol Based(TCP-based)video streaming(VideoTCP).The pipeline includes normalization,feature selection with SHapley Additive exPlanations(SHAP),and class balancing via Synthetic Minority Over-sampling Technique(SMOTE).Eleven classifiers are benchmarked—including eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),Adaptive Boosting(AdaBoost),Gradient Boosting(GB),and an Artificial Neural Network(ANN)—using stratified 5-fold cross-validation.XGBoost,GB,CatBoost and ANN achieve the highest performance(weighted F1-score=97%).To assess robustness under non-ideal conditions,we introduce an adversarial evaluation with packet-loss and traffic-jitter(small-sample deformation);the top models retain strong performance,supporting real-time applicability.Collectively,these results demonstrate that the proposed highway-focused framework is accurate,resilient,and well-suited for deployment in VANET security for emergency communications.展开更多
The era of big data brings new challenges for information network systems(INS),simultaneously offering unprecedented opportunities for advancing intelligent intrusion detection systems.In this work,we propose a data-d...The era of big data brings new challenges for information network systems(INS),simultaneously offering unprecedented opportunities for advancing intelligent intrusion detection systems.In this work,we propose a data-driven intrusion detection system for Distributed Denial of Service(DDoS)attack detection.The system focuses on intrusion detection from a big data perceptive.As intelligent information processing methods,big data and artificial intelligence have been widely used in information systems.The INS system is an important information system in cyberspace.In advanced INS systems,the network architectures have become more complex.And the smart devices in INS systems collect a large scale of network data.How to improve the performance of a complex intrusion detection system with big data and artificial intelligence is a big challenge.To address the problem,we design a novel intrusion detection system(IDS)from a big data perspective.The IDS system uses tensors to represent large-scale and complex multi-source network data in a unified tensor.Then,a novel tensor decomposition(TD)method is developed to complete big data mining.The TD method seamlessly collaborates with the XGBoost(eXtreme Gradient Boosting)method to complete the intrusion detection.To verify the proposed IDS system,a series of experiments is conducted on two real network datasets.The results revealed that the proposed IDS system attained an impressive accuracy rate over 98%.Additionally,by altering the scale of the datasets,the proposed IDS system still maintains excellent detection performance,which demonstrates the proposed IDS system’s robustness.展开更多
Satellite Internet(SI)provides broadband access as a critical information infrastructure in 6G.However,with the integration of the terrestrial Internet,the influx of massive terrestrial traffic will bring significant ...Satellite Internet(SI)provides broadband access as a critical information infrastructure in 6G.However,with the integration of the terrestrial Internet,the influx of massive terrestrial traffic will bring significant threats to SI,among which DDoS attack will intensify the erosion of limited bandwidth resources.Therefore,this paper proposes a DDoS attack tracking scheme using a multi-round iterative Viterbi algorithm to achieve high-accuracy attack path reconstruction and fast internal source locking,protecting SI from the source.Firstly,to reduce communication overhead,the logarithmic representation of the traffic volume is added to the digests after modeling SI,generating the lightweight deviation degree to construct the observation probability matrix for the Viterbi algorithm.Secondly,the path node matrix is expanded to multi-index matrices in the Viterbi algorithm to store index information for all probability values,deriving the path with non-repeatability and maximum probability.Finally,multiple rounds of iterative Viterbi tracking are performed locally to track DDoS attack based on trimming tracking results.Simulation and experimental results show that the scheme can achieve 96.8%tracking accuracy of external and internal DDoS attack at 2.5 seconds,with the communication overhead at 268KB/s,effectively protecting the limited bandwidth resources of SI.展开更多
物联网(Internet of Things,IoT)技术的发展给工业界和日常生活带来便利的同时,海量易受到各种攻击和破坏的IoT设备也降低了分布式拒绝服务(Distributed Denial of Service,DDoS)攻击发起的成本,使被攻击方无法响应正常用户访问.为了在...物联网(Internet of Things,IoT)技术的发展给工业界和日常生活带来便利的同时,海量易受到各种攻击和破坏的IoT设备也降低了分布式拒绝服务(Distributed Denial of Service,DDoS)攻击发起的成本,使被攻击方无法响应正常用户访问.为了在物联网边缘中快速、准确地完成DDoS攻击检测,弥补现有方法资源开销大、不精确的缺陷,本文提出了一种基于轻量化卷积神经网络(Lightweight Convolutional Neural Networks,LCNN)的DDoS检测方法.面向物联网流量特性,方法首先提取包级特征和经冗余分析筛选得到的流级特征.之后设计了低参数和运算量的卷积神经网络LCNN,最后基于变维后的特征,快速检测定位攻击.实验结果表明,方法检测准确率达99.4%.同时LCNN在FPGA中能够以较少的资源消耗,保证在1ms时间内完成对一条流的推理判断.展开更多
In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by Io...In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.展开更多
网络流量分类在网络管理和安全中至关重要,尤其是精准识别分布式拒绝服务(Distributed Denial of Service,DDoS)攻击这一威胁。DDoS攻击会导致服务中断、资源耗尽和经济损失,严重影响服务质量(QoS)。尽管集中式模型在DDoS攻击检测中取...网络流量分类在网络管理和安全中至关重要,尤其是精准识别分布式拒绝服务(Distributed Denial of Service,DDoS)攻击这一威胁。DDoS攻击会导致服务中断、资源耗尽和经济损失,严重影响服务质量(QoS)。尽管集中式模型在DDoS攻击检测中取得了一定成效,但在实际应用中存在挑战:数据分布不均、数据集中传输困难,以及异构设备和动态网络环境的限制,从而难以实现实时检测。为应对这些问题,本文提出了一种基于异步个性化联邦学习的DDoS攻击检测与缓解方法AdaPerFed(Adaptive Personalized Federated Learning)。首先,通过定制的ResNet架构高效处理一维流量数据,并集成Net模块增强特征提取能力。然后,通过软件定义网络(SDN,Software-Defined Networking)模拟复杂动态网络环境,并引入完善的缓解系统应对多样化攻击场景。个性化联邦学习框架有效处理了非独立同分布(Non-IID,Non-Independent and Identically Distributed)数据问题,并通过异步学习机制适应异构设备和网络条件的差异,提升了系统的鲁棒性和扩展性。实验结果表明,AdaPerFed在CICDDoS2019、CIC-IDS2017和InSDN等数据集上均优于其他联邦学习算法,在不同客户端数量下展现出更快的收敛速度和更强的鲁棒性,DDoS检测准确率提升了15%~20%。消融实验进一步验证了个性化聚合模块对系统性能的显著提升。展开更多
Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.展开更多
The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati...The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.展开更多
The primary concern of modern technology is cyber attacks targeting the Internet of Things.As it is one of the most widely used networks today and vulnerable to attacks.Real-time threats pose with modern cyber attacks...The primary concern of modern technology is cyber attacks targeting the Internet of Things.As it is one of the most widely used networks today and vulnerable to attacks.Real-time threats pose with modern cyber attacks that pose a great danger to the Internet of Things(IoT)networks,as devices can be monitored or service isolated from them and affect users in one way or another.Securing Internet of Things networks is an important matter,as it requires the use of modern technologies and methods,and real and up-to-date data to design and train systems to keep pace with the modernity that attackers use to confront these attacks.One of the most common types of attacks against IoT devices is Distributed Denial-of-Service(DDoS)attacks.Our paper makes a unique contribution that differs from existing studies,in that we use recent data that contains real traffic and real attacks on IoT networks.And a hybrid method for selecting relevant features,And also how to choose highly efficient algorithms.What gives the model a high ability to detect distributed denial-of-service attacks.the model proposed is based on a two-stage process:selecting essential features and constructing a detection model using the K-neighbors algorithm with two classifier algorithms logistic regression and Stochastic Gradient Descent classifier(SGD),combining these classifiers through ensemble machine learning(stacking),and optimizing parameters through Grid Search-CV to enhance system accuracy.Experiments were conducted to evaluate the effectiveness of the proposed model using the CIC-IoT2023 and CIC-DDoS2019 datasets.Performance evaluation demonstrated the potential of our model in robust intrusion detection in IoT networks,achieving an accuracy of 99.965%and a detection time of 0.20 s for the CIC-IoT2023 dataset,and 99.968%accuracy with a detection time of 0.23 s for the CIC-DDoS 2019 dataset.Furthermore,a comparative analysis with recent related works highlighted the superiority of our methodology in intrusion detection,showing improvements in accuracy,recall,and detection time.展开更多
Cyberspace is extremely dynamic,with new attacks arising daily.Protecting cybersecurity controls is vital for network security.Deep Learning(DL)models find widespread use across various fields,with cybersecurity being...Cyberspace is extremely dynamic,with new attacks arising daily.Protecting cybersecurity controls is vital for network security.Deep Learning(DL)models find widespread use across various fields,with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts.The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns.This study presents novel lightweight DL models,known as Cybernet models,for the detection and recognition of various cyber Distributed Denial of Service(DDoS)attacks.These models were constructed to have a reasonable number of learnable parameters,i.e.,less than 225,000,hence the name“lightweight.”This not only helps reduce the number of computations required but also results in faster training and inference times.Additionally,these models were designed to extract features in parallel from 1D Convolutional Neural Networks(CNN)and Long Short-Term Memory(LSTM),which makes them unique compared to earlier existing architectures and results in better performance measures.To validate their robustness and effectiveness,they were tested on the CIC-DDoS2019 dataset,which is an imbalanced and large dataset that contains different types of DDoS attacks.Experimental results revealed that bothmodels yielded promising results,with 99.99% for the detectionmodel and 99.76% for the recognition model in terms of accuracy,precision,recall,and F1 score.Furthermore,they outperformed the existing state-of-the-art models proposed for the same task.Thus,the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.展开更多
基金supported by NSTC 113-2221-E-155-055NSTC 113-2222-E-155-007,Taiwan.
文摘The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists face the challenge of producing systems to identify and offset these attacks.This researchmanages IoT security through the emerging Software-Defined Networking(SDN)standard by developing a unified framework(RNN-RYU).We thoroughly assess multiple deep learning frameworks,including Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),Feed-Forward Convolutional Neural Network(FFCNN),and Recurrent Neural Network(RNN),and present the novel usage of Synthetic Minority Over-Sampling Technique(SMOTE)tailored for IoT-SDN contexts to manage class imbalance during training and enhance performance metrics.Our research has significant practical implications as we authenticate the approache using both the self-generated SD_IoT_Smart_City dataset and the publicly available CICIoT23 dataset.The system utilizes only eleven features to identify DDoS attacks efficiently.Results indicate that the RNN can reliably and precisely differentiate between DDoS traffic and benign traffic by easily identifying temporal relationships and sequences in the data.
基金supported by Korea National University of Transportation Industry-Academy Cooperation Foundation in 2024.
文摘As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.
基金supported by Science and Technology Innovation Programfor Postgraduate Students in IDP Subsidized by Fundamental Research Funds for the Central Universities(Project No.ZY20240335)support of the Research Project of the Key Technology of Malicious Code Detection Based on Data Mining in APT Attack(Project No.2022IT173)the Research Project of the Big Data Sensitive Information Supervision Technology Based on Convolutional Neural Network(Project No.2022011033).
文摘Previous studies have shown that deep learning is very effective in detecting known attacks.However,when facing unknown attacks,models such as Deep Neural Networks(DNN)combined with Long Short-Term Memory(LSTM),Convolutional Neural Networks(CNN)combined with LSTM,and so on are built by simple stacking,which has the problems of feature loss,low efficiency,and low accuracy.Therefore,this paper proposes an autonomous detectionmodel for Distributed Denial of Service attacks,Multi-Scale Convolutional Neural Network-Bidirectional Gated Recurrent Units-Single Headed Attention(MSCNN-BiGRU-SHA),which is based on a Multistrategy Integrated Zebra Optimization Algorithm(MI-ZOA).The model undergoes training and testing with the CICDDoS2019 dataset,and its performance is evaluated on a new GINKS2023 dataset.The hyperparameters for Conv_filter and GRU_unit are optimized using the Multi-strategy Integrated Zebra Optimization Algorithm(MIZOA).The experimental results show that the test accuracy of the MSCNN-BiGRU-SHA model based on the MIZOA proposed in this paper is as high as 0.9971 in the CICDDoS 2019 dataset.The evaluation accuracy of the new dataset GINKS2023 created in this paper is 0.9386.Compared to the MSCNN-BiGRU-SHA model based on the Zebra Optimization Algorithm(ZOA),the detection accuracy on the GINKS2023 dataset has improved by 5.81%,precisionhas increasedby 1.35%,the recallhas improvedby 9%,and theF1scorehas increasedby 5.55%.Compared to the MSCNN-BiGRU-SHA models developed using Grid Search,Random Search,and Bayesian Optimization,the MSCNN-BiGRU-SHA model optimized with the MI-ZOA exhibits better performance in terms of accuracy,precision,recall,and F1 score.
文摘Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt safety-critical channels and undermine reliability.This paper presents a robust,scalable framework for detecting DDoS attacks in highway VANETs.We construct a new dataset with Network Simulator 3(NS-3)and Simulation of Urban Mobility(SUMO),enriched with real mobility traces from Germany’s A81 highway(OpenStreetMap).Three traffic classes are modeled:DDoS,Voice over IP(VoIP),and Transmission Control Protocol Based(TCP-based)video streaming(VideoTCP).The pipeline includes normalization,feature selection with SHapley Additive exPlanations(SHAP),and class balancing via Synthetic Minority Over-sampling Technique(SMOTE).Eleven classifiers are benchmarked—including eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),Adaptive Boosting(AdaBoost),Gradient Boosting(GB),and an Artificial Neural Network(ANN)—using stratified 5-fold cross-validation.XGBoost,GB,CatBoost and ANN achieve the highest performance(weighted F1-score=97%).To assess robustness under non-ideal conditions,we introduce an adversarial evaluation with packet-loss and traffic-jitter(small-sample deformation);the top models retain strong performance,supporting real-time applicability.Collectively,these results demonstrate that the proposed highway-focused framework is accurate,resilient,and well-suited for deployment in VANET security for emergency communications.
基金supported in part by the National Nature Science Foundation of China under Project 62166047in part by the Yunnan International Joint Laboratory of Natural Rubber Intelligent Monitor and Digital Applications under Grant 202403AP140001in part by the Xingdian Talent Support Program under Grant YNWR-QNBJ-2019-270.
文摘The era of big data brings new challenges for information network systems(INS),simultaneously offering unprecedented opportunities for advancing intelligent intrusion detection systems.In this work,we propose a data-driven intrusion detection system for Distributed Denial of Service(DDoS)attack detection.The system focuses on intrusion detection from a big data perceptive.As intelligent information processing methods,big data and artificial intelligence have been widely used in information systems.The INS system is an important information system in cyberspace.In advanced INS systems,the network architectures have become more complex.And the smart devices in INS systems collect a large scale of network data.How to improve the performance of a complex intrusion detection system with big data and artificial intelligence is a big challenge.To address the problem,we design a novel intrusion detection system(IDS)from a big data perspective.The IDS system uses tensors to represent large-scale and complex multi-source network data in a unified tensor.Then,a novel tensor decomposition(TD)method is developed to complete big data mining.The TD method seamlessly collaborates with the XGBoost(eXtreme Gradient Boosting)method to complete the intrusion detection.To verify the proposed IDS system,a series of experiments is conducted on two real network datasets.The results revealed that the proposed IDS system attained an impressive accuracy rate over 98%.Additionally,by altering the scale of the datasets,the proposed IDS system still maintains excellent detection performance,which demonstrates the proposed IDS system’s robustness.
基金supported by the National Key R&D Program of China(Grant No.2022YFA1005000)the National Natural Science Foundation of China(Grant No.62025110 and 62101308).
文摘Satellite Internet(SI)provides broadband access as a critical information infrastructure in 6G.However,with the integration of the terrestrial Internet,the influx of massive terrestrial traffic will bring significant threats to SI,among which DDoS attack will intensify the erosion of limited bandwidth resources.Therefore,this paper proposes a DDoS attack tracking scheme using a multi-round iterative Viterbi algorithm to achieve high-accuracy attack path reconstruction and fast internal source locking,protecting SI from the source.Firstly,to reduce communication overhead,the logarithmic representation of the traffic volume is added to the digests after modeling SI,generating the lightweight deviation degree to construct the observation probability matrix for the Viterbi algorithm.Secondly,the path node matrix is expanded to multi-index matrices in the Viterbi algorithm to store index information for all probability values,deriving the path with non-repeatability and maximum probability.Finally,multiple rounds of iterative Viterbi tracking are performed locally to track DDoS attack based on trimming tracking results.Simulation and experimental results show that the scheme can achieve 96.8%tracking accuracy of external and internal DDoS attack at 2.5 seconds,with the communication overhead at 268KB/s,effectively protecting the limited bandwidth resources of SI.
文摘物联网(Internet of Things,IoT)技术的发展给工业界和日常生活带来便利的同时,海量易受到各种攻击和破坏的IoT设备也降低了分布式拒绝服务(Distributed Denial of Service,DDoS)攻击发起的成本,使被攻击方无法响应正常用户访问.为了在物联网边缘中快速、准确地完成DDoS攻击检测,弥补现有方法资源开销大、不精确的缺陷,本文提出了一种基于轻量化卷积神经网络(Lightweight Convolutional Neural Networks,LCNN)的DDoS检测方法.面向物联网流量特性,方法首先提取包级特征和经冗余分析筛选得到的流级特征.之后设计了低参数和运算量的卷积神经网络LCNN,最后基于变维后的特征,快速检测定位攻击.实验结果表明,方法检测准确率达99.4%.同时LCNN在FPGA中能够以较少的资源消耗,保证在1ms时间内完成对一条流的推理判断.
文摘In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.
文摘The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.
文摘The primary concern of modern technology is cyber attacks targeting the Internet of Things.As it is one of the most widely used networks today and vulnerable to attacks.Real-time threats pose with modern cyber attacks that pose a great danger to the Internet of Things(IoT)networks,as devices can be monitored or service isolated from them and affect users in one way or another.Securing Internet of Things networks is an important matter,as it requires the use of modern technologies and methods,and real and up-to-date data to design and train systems to keep pace with the modernity that attackers use to confront these attacks.One of the most common types of attacks against IoT devices is Distributed Denial-of-Service(DDoS)attacks.Our paper makes a unique contribution that differs from existing studies,in that we use recent data that contains real traffic and real attacks on IoT networks.And a hybrid method for selecting relevant features,And also how to choose highly efficient algorithms.What gives the model a high ability to detect distributed denial-of-service attacks.the model proposed is based on a two-stage process:selecting essential features and constructing a detection model using the K-neighbors algorithm with two classifier algorithms logistic regression and Stochastic Gradient Descent classifier(SGD),combining these classifiers through ensemble machine learning(stacking),and optimizing parameters through Grid Search-CV to enhance system accuracy.Experiments were conducted to evaluate the effectiveness of the proposed model using the CIC-IoT2023 and CIC-DDoS2019 datasets.Performance evaluation demonstrated the potential of our model in robust intrusion detection in IoT networks,achieving an accuracy of 99.965%and a detection time of 0.20 s for the CIC-IoT2023 dataset,and 99.968%accuracy with a detection time of 0.23 s for the CIC-DDoS 2019 dataset.Furthermore,a comparative analysis with recent related works highlighted the superiority of our methodology in intrusion detection,showing improvements in accuracy,recall,and detection time.
文摘Cyberspace is extremely dynamic,with new attacks arising daily.Protecting cybersecurity controls is vital for network security.Deep Learning(DL)models find widespread use across various fields,with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts.The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns.This study presents novel lightweight DL models,known as Cybernet models,for the detection and recognition of various cyber Distributed Denial of Service(DDoS)attacks.These models were constructed to have a reasonable number of learnable parameters,i.e.,less than 225,000,hence the name“lightweight.”This not only helps reduce the number of computations required but also results in faster training and inference times.Additionally,these models were designed to extract features in parallel from 1D Convolutional Neural Networks(CNN)and Long Short-Term Memory(LSTM),which makes them unique compared to earlier existing architectures and results in better performance measures.To validate their robustness and effectiveness,they were tested on the CIC-DDoS2019 dataset,which is an imbalanced and large dataset that contains different types of DDoS attacks.Experimental results revealed that bothmodels yielded promising results,with 99.99% for the detectionmodel and 99.76% for the recognition model in terms of accuracy,precision,recall,and F1 score.Furthermore,they outperformed the existing state-of-the-art models proposed for the same task.Thus,the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.
