Visible to the public Biblio

Found 352 results

Filters: Keyword is Intrusion detection  [Clear All Filters]
McCarthy, Andrew, Andriotis, Panagiotis, Ghadafi, Essam, Legg, Phil.  2021.  Feature Vulnerability and Robustness Assessment against Adversarial Machine Learning Attacks. 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–8.
Whilst machine learning has been widely adopted for various domains, it is important to consider how such techniques may be susceptible to malicious users through adversarial attacks. Given a trained classifier, a malicious attack may attempt to craft a data observation whereby the data features purposefully trigger the classifier to yield incorrect responses. This has been observed in various image classification tasks, including falsifying road sign detection and facial recognition, which could have severe consequences in real-world deployment. In this work, we investigate how these attacks could impact on network traffic analysis, and how a system could perform misclassification of common network attacks such as DDoS attacks. Using the CICIDS2017 data, we examine how vulnerable the data features used for intrusion detection are to perturbation attacks using FGSM adversarial examples. As a result, our method provides a defensive approach for assessing feature robustness that seeks to balance between classification accuracy whilst minimising the attack surface of the feature space.
Kalinin, Maxim O., Krundyshev, Vasiliy M..  2021.  Computational Intelligence Technologies Stack for Protecting the Critical Digital Infrastructures against Security Intrusions. 2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4). :118–122.
Over the past decade, an infotelecommunication technology has made significant strides forward. With the advent of new generation wireless networks and the massive digitalization of industries, the object of protection has changed. The digital transformation has led to an increased opportunity for cybercriminals. The ability of computational intelligence to quickly process large amounts of data makes the intrusions tailored to specific environments. Polymorphic attacks that have mutations in their sequences of acts adapt to the communication environments, operating systems and service frameworks, and also try to deceive the defense tools. The poor protection of most Internet of Things devices allows the attackers to take control over them creating the megabotnets. In this regard, traditional methods of network protection become rigid and low-effective. The paper reviews a computational intelligence (CI) enabled software- defined network (SDN) for the network management, providing dynamic network reconfiguration to improve network performance and security control. Advanced machine learning and artificial neural networks are promising in detection of false data injections. Bioinformatics methods make it possible to detect polymorphic attacks. Swarm intelligence detects dynamic routing anomalies. Quantum machine learning is effective at processing the large volumes of security-relevant datasets. The CI technology stack provides a comprehensive protection against a variative cyberthreats scope.
Allagi, Shridhar, Rachh, Rashmi, Anami, Basavaraj.  2021.  A Robust Support Vector Machine Based Auto-Encoder for DoS Attacks Identification in Computer Networks. 2021 International Conference on Intelligent Technologies (CONIT). :1–6.
An unprecedented upsurge in the number of cyberattacks and threats is the corollary of ubiquitous internet connectivity. Among a variety of threats and attacks, Denial of Service (DoS) attacks are crucial and conventional mechanisms currently being used for detection/ identification of these attacks are not adequate. The use of real-time and robust mechanisms is the way to handle this. Machine learning-based techniques have been extensively used for this in the recent past. In this paper, a robust mechanism using Support Vector Machine Based Auto-Encoder is proposed for identifying DoS attacks. The proposed technique is tested on the CICIDS dataset and has given 99.32 % accuracy for DoS attacks. To study the effect of the number of features on the performance of the technique, a discriminant component analysis is deployed for feature reduction and independent experiments, namely SVM with 25 features, SVM with 30 features, SVM with 35 features, and PCA-SVM with 25 features, are conducted. From the experiments, it is observed that AE-SVM has performed better than others.
Bardhan, Shuvo, Battou, Abdella.  2021.  Security Metric for Networks with Intrusion Detection Systems having Time Latency using Attack Graphs. 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). :1107–1113.
Probabilistic security metrics estimate the vulnerability of a network in terms of the likelihood of an attacker reaching the goal states (of a network) by exploiting the attack graph paths. The probability computation depends upon several assumptions regarding the possible attack scenarios. In this paper, we extend the existing security metric to model networks with intrusion detection systems and their associated uncertainties and time latencies. We consider learning capabilities of attackers as well as detection systems. Estimation of risk is obtained by using the attack paths that are undetectable owing to the latency of the detection system. Thus, we define the overall vulnerability (of a network) as a function of the time window available to an attacker for repeated exploring (via learning) and exploitation of a network, before the attack is mitigated by the detection system. Finally, we consider the realistic scenario where an attacker explores and abandons various partial paths in the attack graph before the actual exploitation. A dynamic programming formulation of the vulnerability computation methodology is proposed for this scenario. The nature of these metrics are explained using a case study showing the vulnerability spectrum from the case of zero detection latency to a no detection scenario.
Sallam, Youssef F., Ahmed, Hossam El-din H., Saleeb, Adel, El-Bahnasawy, Nirmeen A., El-Samie, Fathi E. Abd.  2021.  Implementation of Network Attack Detection Using Convolutional Neural Network. 2021 International Conference on Electronic Engineering (ICEEM). :1–6.
The Internet obviously has a major impact on the global economy and human life every day. This boundless use pushes the attack programmers to attack the data frameworks on the Internet. Web attacks influence the reliability of the Internet and its administrations. These attacks are classified as User-to-Root (U2R), Remote-to-Local (R2L), Denial-of-Service (DoS) and Probing (Probe). Subsequently, making sure about web framework security and protecting data are pivotal. The conventional layers of safeguards like antivirus scanners, firewalls and proxies, which are applied to treat the security weaknesses are insufficient. So, Intrusion Detection Systems (IDSs) are utilized to screen PC and data frameworks for security shortcomings. IDS adds more effectiveness in securing networks against attacks. This paper presents an IDS model based on Deep Learning (DL) with Convolutional Neural Network (CNN) hypothesis. The model has been evaluated on the NSLKDD dataset. It has been trained by Kddtrain+ and tested twice, once using kddtrain+ and the other using kddtest+. The achieved test accuracies are 99.7% and 98.43% with 0.002 and 0.02 wrong alert rates for the two test scenarios, respectively.
Gong, Jianhu.  2021.  Network Information Security Pipeline Based on Grey Relational Cluster and Neural Networks. 2021 5th International Conference on Computing Methodologies and Communication (ICCMC). :971–975.
Network information security pipeline based on the grey relational cluster and neural networks is designed and implemented in this paper. This method is based on the principle that the optimal selected feature set must contain the feature with the highest information entropy gain to the data set category. First, the feature with the largest information gain is selected from all features as the search starting point, and then the sample data set classification mark is fully considered. For the better performance, the neural networks are considered. The network learning ability is directly determined by its complexity. The learning of general complex problems and large sample data will bring about a core dramatic increase in network scale. The proposed model is validated through the simulation.
Mishra, Srinivas, Pradhan, Sateesh Kumar, Rath, Subhendu Kumar.  2021.  Detection of Zero-Day Attacks in Network IDS through High Performance Soft Computing. 2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS). :1199–1204.
The ever-evolving computers has its implications on the data and information and the threats that they are exposed to. With the exponential growth of internet, the chances of data breach are highly likely as unauthorized and ill minded users find new ways to get access to the data that they can use for their plans. Most of the systems today have well designed measures that examine the information for any abnormal behavior (Zero Day Attacks) compared to what has been seen and experienced over the years. These checks are done based on a predefined identity (signature) of information. This is being termed as Intrusion Detection Systems (IDS). The concept of IDS revolves around validation of data and/or information and detecting unauthorized access attempts with an intention of manipulating data. High Performance Soft Computing (HPSC) aims to internalize cumulative adoption of traditional and modern attempts to breach data security and expose it to high scale damage and altercations. Our effort in this paper is to emphasize on the multifaceted tactic and rationalize important functionalities of IDS available at the disposal of HPSC.
Alabugin, Sergei K., Sokolov, Alexander N..  2021.  Applying of Recurrent Neural Networks for Industrial Processes Anomaly Detection. 2021 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :0467–0470.
The paper considers the issue of recurrent neural networks applicability for detecting industrial process anomalies to detect intrusion in Industrial Control Systems. Cyberattack on Industrial Control Systems often leads to appearing of anomalies in industrial process. Thus, it is proposed to detect such anomalies by forecasting the state of an industrial process using a recurrent neural network and comparing the predicted state with actual process' state. In the course of experimental research, a recurrent neural network with one-dimensional convolutional layer was implemented. The Secure Water Treatment dataset was used to train model and assess its quality. The obtained results indicate the possibility of using the proposed method in practice. The proposed method is characterized by the absence of the need to use anomaly data for training. Also, the method has significant interpretability and allows to localize an anomaly by pointing to a sensor or actuator whose signal does not match the model's prediction.
Dobrea, Marius-Alexandru, Vasluianu, Mihaela, Neculoiu, Giorgian, Bichiu, Stefan.  2020.  Data Security in Smart Grid. 2020 12th International Conference on Electronics, Computers and Artificial Intelligence (ECAI). :1–6.
Looking at the Smart Grid as a Cyber - Physical system of great complexity, the paper synthesizes the main IT security issues that may arise. Security issues are seen from a hybrid point of view, combining theory of information with system theory. Smart Grid has changed dramatically over the past years. With modern technologies, such as Big Data or Internet of Things (IoT), the Smart Grid is evolving into a more interconnected and dynamic power network model.
Wang, Yixuan, Li, Yujun, Chen, Xiang, Luo, Yeni.  2020.  Implementing Network Attack Detection with a Novel NSSA Model Based on Knowledge Graphs. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1727–1732.
With the rapid development of networks, cyberspace security is facing increasingly severe challenges. Traditional alert aggregation process and alert correlation analysis process are susceptible to a large amount of redundancy and false alerts. To tackle the challenge, this paper proposes a network security situational awareness model KG-NSSA (Knowledge-Graph-based NSSA) based on knowledge graphs. This model provides an asset-based network security knowledge graph construction scheme. Based on the network security knowledge graph, a solution is provided for the classic problem in the field of network security situational awareness - network attack scenario discovery. The asset-based network security knowledge graph combines the asset information of the monitored network and fully considers the monitoring of network traffic. The attack scenario discovery according to the KG-NSSA model is to complete attack discovery and attack association through attribute graph mining and similarity calculation, which can effectively reflect specific network attack behaviors and mining attack scenarios. The effectiveness of the proposed method is verified on the MIT DARPA2000 data set. Our work provides a new approach for network security situational awareness.
Gajjar, Himali, Malek, Zakiya.  2020.  A Survey of Intrusion Detection System (IDS) using Openstack Private Cloud. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :162–168.
Computer Networks fights with a continues issues with attackers and intruders. Attacks on distributed systems becoming more powerful and more frequent day by day. Intrusion detection methods are performing main role to detect intruders and attackers. To identify intrusion on computer or computer networks an intrusion detection system methods are used. Network Intrusion Detection System (NIDS) performs an prime role by presenting the network security. It gives a defense layer by monitoring the traffic on network for predefined distrustful activity or pattern. In this paper we have analyze and compare existing signature based and anomaly based algorithm with Openstack private cloud.
Afroz, Sabrina, Ariful Islam, S.M, Nawer Rafa, Samin, Islam, Maheen.  2020.  A Two Layer Machine Learning System for Intrusion Detection Based on Random Forest and Support Vector Machine. 2020 IEEE International Women in Engineering (WIE) Conference on Electrical and Computer Engineering (WIECON-ECE). :300–303.
Unauthorized access or intrusion is a massive threatening issue in the modern era. This study focuses on designing a model for an ideal intrusion detection system capable of defending a network by alerting the admins upon detecting any sorts of malicious activities. The study proposes a two layered anomaly-based detection model that uses filter co-relation method for dimensionality reduction along with Random forest and Support Vector Machine as its classifiers. It achieved a very good detection rate against all sorts of attacks including a low rate of false alarms as well. The contribution of this study is that it could be of a major help to the computer scientists designing good intrusion detection systems to keep an industry or organization safe from the cyber threats as it has achieved the desired qualities of a functional IDS model.
Dawit, Nahom Aron, Mathew, Sujith Samuel, Hayawi, Kadhim.  2020.  Suitability of Blockchain for Collaborative Intrusion Detection Systems. 2020 12th Annual Undergraduate Research Conference on Applied Computing (URC). :1–6.
Cyber-security is indispensable as malicious incidents are ubiquitous on the Internet. Intrusion Detection Systems have an important role in detecting and thwarting cyber-attacks. However, it is more effective in a centralized system but not in peer-to-peer networks which makes it subject to central point failure, especially in collaborated intrusion detection systems. The novel blockchain technology assures a fully distributed security system through its powerful features of transparency, immutability, decentralization, and provenance. Therefore, in this paper, we investigate and demonstrate several methods of collaborative intrusion detection with blockchain to analyze the suitability and security of blockchain for collaborative intrusion detection systems. We also studied the difference between the existing means of the integration of intrusion detection systems with blockchain and categorized the major vulnerabilities of blockchain with their potential losses and current enhancements for mitigation.
Moustafa, Nour, Keshky, Marwa, Debiez, Essam, Janicke, Helge.  2020.  Federated TONİoT Windows Datasets for Evaluating AI-Based Security Applications. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :848–855.
Existing cyber security solutions have been basically developed using knowledge-based models that often cannot trigger new cyber-attack families. With the boom of Artificial Intelligence (AI), especially Deep Learning (DL) algorithms, those security solutions have been plugged-in with AI models to discover, trace, mitigate or respond to incidents of new security events. The algorithms demand a large number of heterogeneous data sources to train and validate new security systems. This paper presents the description of new datasets, the so-called ToNİoT, which involve federated data sources collected from Telemetry datasets of IoT services, Operating system datasets of Windows and Linux, and datasets of Network traffic. The paper introduces the testbed and description of TONİoT datasets for Windows operating systems. The testbed was implemented in three layers: edge, fog and cloud. The edge layer involves IoT and network devices, the fog layer contains virtual machines and gateways, and the cloud layer involves cloud services, such as data analytics, linked to the other two layers. These layers were dynamically managed using the platforms of software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Windows datasets were collected from audit traces of memories, processors, networks, processes and hard disks. The datasets would be used to evaluate various AI-based cyber security solutions, including intrusion detection, threat intelligence and hunting, privacy preservation and digital forensics. This is because the datasets have a wide range of recent normal and attack features and observations, as well as authentic ground truth events. The datasets can be publicly accessed from this link [1].
Latif, Shahid, Idrees, Zeba, Zou, Zhuo, Ahmad, Jawad.  2020.  DRaNN: A Deep Random Neural Network Model for Intrusion Detection in Industrial IoT. 2020 International Conference on UK-China Emerging Technologies (UCET). :1–4.
Industrial Internet of Things (IIoT) has arisen as an emerging trend in the industrial sector. Millions of sensors present in IIoT networks generate a massive amount of data that can open the doors for several cyber-attacks. An intrusion detection system (IDS) monitors real-time internet traffic and identify the behavior and type of network attacks. In this paper, we presented a deep random neural (DRaNN) based scheme for intrusion detection in IIoT. The proposed scheme is evaluated by using a new generation IIoT security dataset UNSW-NB15. Experimental results prove that the proposed model successfully classified nine different types of attacks with a low false-positive rate and great accuracy of 99.54%. To validate the feasibility of the proposed scheme, experimental results are also compared with state-of-the-art deep learning-based intrusion detection schemes. The proposed model achieved a higher attack detection rate of 99.41%.
Pamukov, Marin, Poulkov, Vladimir, Shterev, Vasil.  2020.  NSNN Algorithm Performance with Different Neural Network Architectures. 2020 43rd International Conference on Telecommunications and Signal Processing (TSP). :280–284.
Internet of Things (IoT) development and the addition of billions of computationally limited devices prohibit the use of classical security measures such as Intrusion Detection Systems (IDS). In this paper, we study the influence of the implementation of different feed-forward type of Neural Networks (NNs) on the detection Rate of the Negative Selection Neural Network (NSNN) algorithm. Feed-forward and cascade forward NN structures with different number of neurons and different number of hidden layers are tested. For training and testing the NSNN algorithm the labeled KDD NSL dataset is applied. The detection rates provided by the algorithm with several NN structures to determine the optimal solution are calculated and compared. The results show how these different feed-forward based NN architectures impact the performance of the NSNN algorithm.
Brzezinski Meyer, Maria Laura, Labit, Yann.  2020.  Combining Machine Learning and Behavior Analysis Techniques for Network Security. 2020 International Conference on Information Networking (ICOIN). :580–583.
Network traffic attacks are increasingly common and varied, this is a big problem especially when the target network is centralized. The creation of IDS (Intrusion Detection Systems) capable of detecting various types of attacks is necessary. Machine learning algorithms are widely used in the classification of data, bringing a good result in the area of computer networks. In addition, the analysis of entropy and distance between data sets are also very effective in detecting anomalies. However, each technique has its limitations, so this work aims to study their combination in order to improve their performance and create a new intrusion detection system capable of well detect some of the most common attacks. Reliability indices will be used as metrics to the combination decision and they will be updated in each new dataset according to the decision made earlier.
Zhe, Wang, Wei, Cheng, Chunlin, Li.  2020.  DoS attack detection model of smart grid based on machine learning method. 2020 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS). :735–738.
In recent years, smart grid has gradually become the common development trend of the world's power industry, and its security issues are increasingly valued by researchers. Smart grids have applied technologies such as physical control, data encryption, and authentication to improve their security, but there is still a lack of timely and effective detection methods to prevent the grid from being threatened by malicious intrusions. Aiming at this problem, a model based on machine learning to detect smart grid DoS attacks has been proposed. The model first collects network data, secondly selects features and uses PCA for data dimensionality reduction, and finally uses SVM algorithm for abnormality detection. By testing the SVM, Decision Tree and Naive Bayesian Network classification algorithms on the KDD99 dataset, it is found that the SVM model works best.
Swarna Sugi, S. Shinly, Ratna, S. Raja.  2020.  Investigation of Machine Learning Techniques in Intrusion Detection System for IoT Network. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS). :1164–1167.
Internet of Things (IoT) combines the internet and physical objects to transfer information among the objects. In the emerging IoT networks, providing security is the major issue. IoT device is exposed to various security issues due to its low computational efficiency. In recent years, the Intrusion Detection System valuable tool deployed to secure the information in the network. This article exposes the Intrusion Detection System (IDS) based on deep learning and machine learning to overcome the security attacks in IoT networks. Long Short-Term Memory (LSTM) and K-Nearest Neighbor (KNN) are used in the attack detection model and performances of those algorithms are compared with each other based on detection time, kappa statistic, geometric mean, and sensitivity. The effectiveness of the developed IDS is evaluated by using Bot-IoT datasets.
Qurashi, Mohammed Al, Angelopoulos, Constantinos Marios, Katos, Vasilios.  2020.  An Architecture for Resilient Intrusion Detection in IoT Networks. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1–7.
We introduce a lightweight architecture of Intrusion Detection Systems (IDS) for ad-hoc IoT networks. Current state-of-the-art IDS have been designed based on assumptions holding from conventional computer networks, and therefore, do not properly address the nature of IoT networks. In this work, we first identify the correlation between the communication overheads and the placement of an IDS (as captured by proper placement of active IDS agents in the network). We model such networks as Random Geometric Graphs. We then introduce a novel IDS architectural approach by having only a minimum subset of the nodes acting as IDS agents. These nodes are able to monitor the network and detect attacks at the networking layer in a collaborative manner by monitoring 1-hop network information provided by routing protocols such as RPL. Conducted experiments show that our proposed IDS architecture is resilient and robust against frequent topology changes due to node failures. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates.
Almohri, Hussain M. J., Watson, Layne T., Evans, David.  2020.  An Attack-Resilient Architecture for the Internet of Things. IEEE Transactions on Information Forensics and Security. 15:3940–3954.
With current IoT architectures, once a single device in a network is compromised, it can be used to disrupt the behavior of other devices on the same network. Even though system administrators can secure critical devices in the network using best practices and state-of-the-art technology, a single vulnerable device can undermine the security of the entire network. The goal of this work is to limit the ability of an attacker to exploit a vulnerable device on an IoT network and fabricate deceitful messages to co-opt other devices. The approach is to limit attackers by using device proxies that are used to retransmit and control network communications. We present an architecture that prevents deceitful messages generated by compromised devices from affecting the rest of the network. The design assumes a centralized and trustworthy machine that can observe the behavior of all devices on the network. The central machine collects application layer data, as opposed to low-level network traffic, from each IoT device. The collected data is used to train models that capture the normal behavior of each individual IoT device. The normal behavioral data is then used to monitor the IoT devices and detect anomalous behavior. This paper reports on our experiments using both a binary classifier and a density-based clustering algorithm to model benign IoT device behavior with a realistic test-bed, designed to capture normal behavior in an IoT-monitored environment. Results from the IoT testbed show that both the classifier and the clustering algorithms are promising and encourage the use of application-level data for detecting compromised IoT devices.
Conference Name: IEEE Transactions on Information Forensics and Security
Gupta, Anushikha, Kalra, Mala.  2020.  Intrusion Detection and Prevention System Using Cuckoo Search Algorithm with ANN in Cloud Computing. 2020 Sixth International Conference on Parallel, Distributed and Grid Computing (PDGC). :66–72.
The Security is a vital aspect of cloud service as it comprises of data that belong to multiple users. Cloud service providers are responsible for maintaining data integrity, confidentiality and availability. They must ensure that their infrastructure and data are protected from intruders. In this research work Intrusion Detection System is designed to detect malicious server by using Cuckoo Search (CS) along with Artificial Intelligence. CS is used for feature optimization with the help of fitness function, the server's nature is categorized into two types: normal and attackers. On the basis of extracted features, ANN classify the attackers which affect the networks in cloud environment. The main aim is to distinguish attacker servers that are affected by DoS/DDoS, Black and Gray hole attacks from the genuine servers. Thus, instead of passing data to attacker server, the server passes the data to the genuine servers and hence, the system is protected. To validate the performance of the system, QoS parameters such as PDR (Packet delivery rate), energy consumption rate and total delay before and after prevention algorithm are measured. When compared with existing work, the PDR and the delay have been enhanced by 3.0 %and 21.5 %.
Yamanoue, Takashi, Murakami, Junya.  2020.  Development of an Intrusion Detection System Using a Botnet with the R Statistical Computing System. 2020 9th International Congress on Advanced Applied Informatics (IIAI-AAI). :59–62.
Development of an intrusion detection system, which tries to detect signs of technology of malware, is discussed. The system can detect signs of technology of malware such as peer to peer (P2P) communication, DDoS attack, Domain Generation Algorithm (DGA), and network scanning. The system consists of beneficial botnet and the R statistical computing system. The beneficial botnet is a group of Wiki servers, agent bots and analyzing bots. The script in a Wiki page of the Wiki server controls an agent bot or an analyzing bot. An agent bot is placed between a LAN and its gateway. It can capture every packet between hosts in the LAN and hosts behind the gateway from the LAN. An analyzing bot can be placed anywhere in the LAN or WAN if it can communicate with the Wiki server for controlling the analyzing bot. The analyzing bot has R statistical computing system and it can analyze data which is collected by agent bots.
Huang, Weiqing, Peng, Xiao, Shi, Zhixin, Ma, Yuru.  2020.  Adversarial Attack against LSTM-Based DDoS Intrusion Detection System. 2020 IEEE 32nd International Conference on Tools with Artificial Intelligence (ICTAI). :686–693.
Nowadays, machine learning is a popular method for DDoS detection. However, machine learning algorithms are very vulnerable under the attacks of adversarial samples. Up to now, multiple methods of generating adversarial samples have been proposed. However, they cannot be applied to LSTM-based DDoS detection directly because of the discrete property and the utility requirement of its input samples. In this paper, we propose two methods to generate DDoS adversarial samples, named Genetic Attack (GA) and Probability Weighted Packet Saliency Attack (PWPSA) respectively. Both methods modify original input sample by inserting or replacing partial packets. In GA, we evolve a set of modified samples with genetic algorithm and find the evasive variant from it. In PWPSA, we modify original sample iteratively and use the position saliency as well as the packet score to determine insertion or replacement order at each step. Experimental results on CICIDS2017 dataset show that both methods can bypass DDoS detectors with high success rate.
Sudugala, A.U, Chanuka, W.H, Eshan, A.M.N, Bandara, U.C.S, Abeywardena, K.Y.  2020.  WANHEDA: A Machine Learning Based DDoS Detection System. 2020 2nd International Conference on Advancements in Computing (ICAC). 1:380–385.
In today's world computer communication is used almost everywhere and majority of them are connected to the world's largest network, the Internet. There is danger in using internet due to numerous cyber-attacks which are designed to attack Confidentiality, Integrity and Availability of systems connected to the internet. One of the most prominent threats to computer networking is Distributed Denial of Service (DDoS) Attack. They are designed to attack availability of the systems. Many users and ISPs are targeted and affected regularly by these attacks. Even though new protection technologies are continuously proposed, this immense threat continues to grow rapidly. Most of the DDoS attacks are undetectable because they act as legitimate traffic. This situation can be partially overcome by using Intrusion Detection Systems (IDSs). There are advanced attacks where there is no proper documented way to detect. In this paper authors present a Machine Learning (ML) based DDoS detection mechanism with improved accuracy and low false positive rates. The proposed approach gives inductions based on signatures previously extracted from samples of network traffic. Authors perform the experiments using four distinct benchmark datasets, four machine learning algorithms to address four of the most harmful DDoS attack vectors. Authors achieved maximum accuracy and compared the results with other applicable machine learning algorithms.