Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of att...Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.展开更多
With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detectin...With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.展开更多
Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.展开更多
Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) atta...Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.展开更多
An attack-resilient distributed Nash equilibrium(NE) seeking problem is addressed for noncooperative games of networked systems under malicious cyber-attacks,i.e.,false data injection(FDI) attacks.Different from many ...An attack-resilient distributed Nash equilibrium(NE) seeking problem is addressed for noncooperative games of networked systems under malicious cyber-attacks,i.e.,false data injection(FDI) attacks.Different from many existing distributed NE seeking works,it is practical and challenging to get resilient adaptively distributed NE seeking under unknown and unbounded FDI attacks.An attack-resilient NE seeking algorithm that is distributed(i.e.,independent of global information on the graph's algebraic connectivity,Lipschitz and monotone constants of pseudo-gradients,or number of players),is presented by means of incorporating the consensus-based gradient play with a distributed attack identifier so as to achieve simultaneous NE seeking and attack identification asymptotically.Another key characteristic is that FDI attacks are allowed to be unknown and unbounded.By exploiting nonsmooth analysis and stability theory,the global asymptotic convergence of the developed algorithm to the NE is ensured.Moreover,we extend this design to further consider the attack-resilient NE seeking of double-integrator players.Lastly,numerical simulation and practical experiment results are presented to validate the developed algorithms' effectiveness.展开更多
Intrusion detection is a hot field in the direction of network security.Classical intrusion detection systems are usually based on supervised machine learning models.These offline-trained models usually have better pe...Intrusion detection is a hot field in the direction of network security.Classical intrusion detection systems are usually based on supervised machine learning models.These offline-trained models usually have better performance in the initial stages of system construction.However,due to the diversity and rapid development of intrusion techniques,the trained models are often difficult to detect new attacks.In addition,very little noisy data in the training process often has a considerable impact on the performance of the intrusion detection system.This paper proposes an intrusion detection system based on active incremental learning with the adaptive capability to solve these problems.IDS consists of two modules,namely the improved incremental stacking ensemble learning detection method called Multi-Stacking model and the active learning query module.The stacking model can cope well with concept drift due to the diversity and generalization selection of its base classifiers,but the accuracy does not meet the requirements.The Multi-Stacking model improves the accuracy of the model by adding a voting layer on the basis of the original stacking.The active learning query module improves the detection of known attacks through the committee algorithm,and the improved KNN algorithm can better help detect unknown attacks.We have tested the latest industrial IoT dataset with satisfactory results.展开更多
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2018R1D1A1B07050864,and was supported by another the Agency for Defense Development,UD200020ED.
文摘Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.
基金The author extends the appreciation to the Deanship of Postgraduate Studies and Scientific Research atMajmaah University for funding this research work through the project number(R-2024-920).
文摘With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.
基金Supported by the National Natural Science Foundation of China (61202387, 61103220)Major Projects of National Science and Technology of China(2010ZX03006-001-01)+3 种基金Doctoral Fund of Ministry of Education of China (2012014110002)China Postdoctoral Science Foundation (2012M510641)Hubei Province Natural Science Foundation (2011CDB456)Wuhan Chenguang Plan Project(2012710367)
文摘Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.
基金supported in part by the National Natural Science Foundation of China(62373022,U2241217,62141604)Beijing Natural Science Foundation(4252043,JQ23019)+4 种基金the Fundamental Research Funds for the Central Universities(JKF-2025037448805,JKF-2025086098295)the Aeronautical Science Fund(2023Z034051001)the Academic Excellence Foundation of BUAA for Ph.D. Studentsthe Science and Technology Innovation2030—Key Project of New Generation Artificial Intelligence(2020AAA0108200)the National Key Research and Development Program of China(2022YFB3305600)。
文摘An attack-resilient distributed Nash equilibrium(NE) seeking problem is addressed for noncooperative games of networked systems under malicious cyber-attacks,i.e.,false data injection(FDI) attacks.Different from many existing distributed NE seeking works,it is practical and challenging to get resilient adaptively distributed NE seeking under unknown and unbounded FDI attacks.An attack-resilient NE seeking algorithm that is distributed(i.e.,independent of global information on the graph's algebraic connectivity,Lipschitz and monotone constants of pseudo-gradients,or number of players),is presented by means of incorporating the consensus-based gradient play with a distributed attack identifier so as to achieve simultaneous NE seeking and attack identification asymptotically.Another key characteristic is that FDI attacks are allowed to be unknown and unbounded.By exploiting nonsmooth analysis and stability theory,the global asymptotic convergence of the developed algorithm to the NE is ensured.Moreover,we extend this design to further consider the attack-resilient NE seeking of double-integrator players.Lastly,numerical simulation and practical experiment results are presented to validate the developed algorithms' effectiveness.
基金sponsored by the National Natural Science Foundation of China under Grants 62271264,61972207,and 42175194the Project through the Priority Academic Program Development(PAPD)of Jiangsu Higher Education Institution.
文摘Intrusion detection is a hot field in the direction of network security.Classical intrusion detection systems are usually based on supervised machine learning models.These offline-trained models usually have better performance in the initial stages of system construction.However,due to the diversity and rapid development of intrusion techniques,the trained models are often difficult to detect new attacks.In addition,very little noisy data in the training process often has a considerable impact on the performance of the intrusion detection system.This paper proposes an intrusion detection system based on active incremental learning with the adaptive capability to solve these problems.IDS consists of two modules,namely the improved incremental stacking ensemble learning detection method called Multi-Stacking model and the active learning query module.The stacking model can cope well with concept drift due to the diversity and generalization selection of its base classifiers,but the accuracy does not meet the requirements.The Multi-Stacking model improves the accuracy of the model by adding a voting layer on the basis of the original stacking.The active learning query module improves the detection of known attacks through the committee algorithm,and the improved KNN algorithm can better help detect unknown attacks.We have tested the latest industrial IoT dataset with satisfactory results.
