Visible to the public Biblio

Found 419 results

Filters: Keyword is Intrusion detection  [Clear All Filters]
Mao, Lina, Tang, Linyan.  2021.  The Design of the Hybrid Intrusion Detection System ABHIDS. 2021 3rd International Conference on Artificial Intelligence and Advanced Manufacture (AIAM). :354–358.
Information system security is very important and very complicated, security is to prevent potential crisis. To detect both from external invasion behavior, also want to check the internal unauthorized behavior. Presented here ABHIDS hybrid intrusion detection system model, designed a component Agent, controller, storage, filter, manager component (database), puts forward a new detecting DDoS attacks (trinoo) algorithm and the implementation. ABHIDS adopts object-oriented design method, a study on intrusion detection can be used as a working mechanism of the algorithms and test verification platform.
Bašić, B., Udovičić, P., Orel, O..  2021.  In-database Auditing Subsystem for Security Enhancement. 2021 44th International Convention on Information, Communication and Electronic Technology (MIPRO). :1642—1647.
Many information systems have been around for several decades, and most of them have their underlying databases. The data accumulated in those databases over the years could be a very valuable asset, which must be protected. The first role of database auditing is to ensure and confirm that security measures are set correctly. However, tracing user behavior and collecting a rich audit trail enables us to use that trail in a more proactive ways. As an example, audit trail could be analyzed ad hoc and used to prevent intrusion, or analyzed afterwards, to detect user behavior patterns, forecast workloads, etc. In this paper, we present a simple, secure, configurable, role-separated, and effective in-database auditing subsystem, which can be used as a base for access control, intrusion detection, fraud detection and other security-related analyses and procedures. It consists of a management relations, code and data object generators and several administrative tools. This auditing subsystem, implemented in several information systems, is capable of keeping the entire audit trail (data history) of a database, as well as all the executed SQL statements, which enables different security applications, from ad hoc intrusion prevention to complex a posteriori security analyses.
Tufail, Shahid, Batool, Shanzeh, Sarwat, Arif I..  2021.  False Data Injection Impact Analysis In AI-Based Smart Grid. SoutheastCon 2021. :01—07.
As the traditional grids are transitioning to the smart grid, they are getting more prone to cyber-attacks. Among all the cyber-attack one of the most dangerous attack is false data injection attack. When this attack is performed with historical information of the data packet the attack goes undetected. As the false data is included for training and testing the model, the accuracy is decreased, and decision making is affected. In this paper we analyzed the impact of the false data injection attack(FDIA) on AI based smart grid. These analyses were performed using two different multi-layer perceptron architectures with one of the independent variables being compared and modified by the attacker. The root-mean squared values were compared with different models.
Cao, Wanqin, Huang, Yunhui, Li, Dezheng, Yang, Feng, Jiang, Xiaofeng, Yang, Jian.  2021.  A Blockchain Based Link-Flooding Attack Detection Scheme. 2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). 4:1665–1669.
Distributed Denial-of-Service (DDoS) attack is a long-lived attack that is hugely harmful to the Internet. In particular, the emergence of a new type of DDoS called Link Flooding Attack (LFA) makes the detection and defense more difficult. In LFA, the attacker cuts off a specific area by controlling large numbers of bots to send low-rate traffic to congest selected links. Since the attack flows are similar to the legitimate ones, traditional schemes like anomaly detection and intrusion detection are no longer applicable. Blockchain provides a new solution to address this issue. In this paper, we propose a blockchain-based LFA detection scheme, which is deployed on routers and servers in and around the area that we want to protect. Blockchain technology is used to record and share the traceroute information, which enables the hosts in the protected region to easily trace the flow paths. We implement our scheme in Ethereum and conduct simulation experiments to evaluate its performance. The results show that our scheme can achieve timely detection of LFA with a high detection rate and a low false positive rate, as well as a low overhead.
Zuech, Richard, Hancock, John, Khoshgoftaar, Taghi M..  2021.  Feature Popularity Between Different Web Attacks with Supervised Feature Selection Rankers. 2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA). :30–37.
We introduce the novel concept of feature popularity with three different web attacks and big data from the CSE-CIC-IDS2018 dataset: Brute Force, SQL Injection, and XSS web attacks. Feature popularity is based upon ensemble Feature Selection Techniques (FSTs) and allows us to more easily understand common important features between different cyberattacks, for two main reasons. First, feature popularity lists can be generated to provide an easy comprehension of important features across different attacks. Second, the Jaccard similarity metric can provide a quantitative score for how similar feature subsets are between different attacks. Both of these approaches not only provide more explainable and easier-to-understand models, but they can also reduce the complexity of implementing models in real-world systems. Four supervised learning-based FSTs are used to generate feature subsets for each of our three different web attack datasets, and then our feature popularity frameworks are applied. For these three web attacks, the XSS and SQL Injection feature subsets are the most similar per the Jaccard similarity. The most popular features across all three web attacks are: Flow\_Bytes\_s, FlowİAT\_Max, and Flow\_Packets\_s. While this introductory study is only a simple example using only three web attacks, this feature popularity concept can be easily extended, allowing an automated framework to more easily determine the most popular features across a very large number of attacks and features.
Hancock, John, Khoshgoftaar, Taghi M., Leevy, Joffrey L..  2021.  Detecting SSH and FTP Brute Force Attacks in Big Data. 2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA). :760–765.
We present a simple approach for detecting brute force attacks in the CSE-CIC-IDS2018 Big Data dataset. We show our approach is preferable to more complex approaches since it is simpler, and yields stronger classification performance. Our contribution is to show that it is possible to train and test simple Decision Tree models with two independent variables to classify CSE-CIC-IDS2018 data with better results than reported in previous research, where more complex Deep Learning models are employed. Moreover, we show that Decision Tree models trained on data with two independent variables perform similarly to Decision Tree models trained on a larger number independent variables. Our experiments reveal that simple models, with AUC and AUPRC scores greater than 0.99, are capable of detecting brute force attacks in CSE-CIC-IDS2018. To the best of our knowledge, these are the strongest performance metrics published for the machine learning task of detecting these types of attacks. Furthermore, the simplicity of our approach, combined with its strong performance, makes it an appealing technique.
Manoj Vignesh, K M, Sujanani, Anish, Bangalore, Raghu A..  2021.  Modelling Trust Frameworks for Network-IDS. 2021 2nd International Conference for Emerging Technology (INCET). :1–5.
Though intrusion detection systems provide actionable alerts based on signature-based or anomaly-based traffic patterns, the majority of systems still rely on human analysts to identify and contain the root cause of security incidents. This process is naturally susceptible to human error and is time-consuming, which may allow for further enumeration and pivoting within a compromised environment. Through this paper, we have augmented traditional signature-based network intrusion detection systems with a trust framework whose reduction and redemption values are a function of the severity of the incident, the degree of connectivity of nodes and the time elapsed. A lightweight implementation on the nodes coupled with a multithreaded approach on the central trust server has shown the capability to scale to larger networks with high traffic volumes and a varying proportion of suspicious traffic patterns.
Sethi, Tanmay, Mathew, Rejo.  2021.  A Study on Advancement in Honeypot based Network Security Model. 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV). :94–97.
Throughout the years, honeypots have been very useful in tracking down attackers and preventing different types of cyber attacks on a very large scale. It's been almost 3 decades since the discover of honeypots and still more than 80% of the companies rely on this system because of intrusion detection features and low false positive rate. But with time, the attackers tend to start discovering loopholes in the system. Hence it is very important to be up to date with the technology when it comes to protecting a computing device from the emerging cyber attacks. Timely advancements in the security model provided by the honeypots helps in a more efficient use of the resource and also leads to better innovations in that field. The following paper reviews different methods of honeypot network and also gives an insight about the problems that those techniques can face along with their solution. Further it also gives the detail about the most preferred solution among all of the listed techniques in the paper.
Fu, Chen, Rui, Yu, Wen-mao, Liu.  2021.  Internet of Things Attack Group Identification Model Combined with Spectral Clustering. 2021 IEEE 21st International Conference on Communication Technology (ICCT). :778–782.
In order to solve the problem that the ordinary intrusion detection model cannot effectively identify the increasingly complex, continuous, multi-source and organized network attacks, this paper proposes an Internet of Things attack group identification model to identify the planned and organized attack groups. The model takes the common attack source IP, target IP, time stamp and target port as the characteristics of the attack log data to establish the identification benchmark of the attack gang behavior. The model also combines the spectral clustering algorithm to cluster different attackers with similar attack behaviors, and carries out the specific image analysis of the attack gang. In this paper, an experimental detection was carried out based on real IoT honey pot attack log data. The spectral clustering was compared with Kmeans, DBSCAN and other clustering algorithms. The experimental results shows that the contour coefficient of spectral clustering was significantly higher than that of other clustering algorithms. The recognition model based on spectral clustering proposed in this paper has a better effect, which can effectively identify the attack groups and mine the attack preferences of the groups.
Deshmukh, Monika S., Bhaladhare, Pavan Ravikesh.  2021.  Intrusion Detection System (DBN-IDS) for IoT using Optimization Enabled Deep Belief Neural Network. 2021 5th International Conference on Information Systems and Computer Networks (ISCON). :1–4.
In the era of Internet of Things (IoT), the connection links are established from devices easily, which is vulnerable to insecure attacks from intruders, hence intrusion detection system in IoT is the need of an hour. One of the important thing for any organization is securing the confidential information and data from outside attacks as well as unauthorized access. There are many attempts made by the researchers to develop the strong intrusion detection system having high accuracy. These systems suffer from many disadvantages like unacceptable accuracy rates including high False Positive Rate (FPR) and high False Negative Rate (FNR), more execution time and failure rate. More of these system models are developed by using traditional machine learning techniques, which have performance limitations in terms of accuracy and timeliness both. These limitations can be overcome by using the deep learning techniques. Deep learning techniques have the capability to generate highly accurate results and are fault tolerant. Here, the intrusion detection model for IoT is designed by using the Taylor-Spider Monkey optimization (Taylor-SMO) which will be developed to train the Deep belief neural network (DBN) towards achieving an accurate intrusion detection model. The deep learning accuracy gets increased with increasing number of training data samples and testing data samples. The optimization based algorithm for training DBN helps to reduce the FPR and FNR in intrusion detection. The system will be implemented by using the NSL KDD dataset. Also, this model will be trained by using the samples from this dataset, before which feature extraction will be applied and only relevant set of attributes will be selected for model development. This approach can lead to better and satisfactory results in intrusion detection.
Hu, Peng, Yang, Baihua, Wang, Dong, Wang, Qile, Meng, Kaifeng, Wang, Yinsheng, Chen, Zhen.  2021.  Research on Cybersecurity Strategy and Key Technology of the Wind Farms’ Industrial Control System. 2021 IEEE International Conference on Electrical Engineering and Mechatronics Technology (ICEEMT). :357–361.
Affected by the inherent ideas like "Focus on Function Realization, Despise Security Protection", there are lots of hidden threats in the industrial control system of wind farms (ICS-WF), such as unreasonable IP configuration, failure in virus detection and killing, which are prone to illegal invasion and attack from the cyberspace. Those unexpected unauthorized accesses are quite harmful for the stable operation of the wind farms and regional power grid. Therefore, by investigating the current security situation and needs of ICS-WF, analyzing the characteristics of ICS-WF’s architecture and internal communication, and integrating the ideas of the classified protection of cybersecurity, this paper proposes a new customized cybersecurity strategy for ICS-WF based on the barrel theory. We also introduce an new anomalous intrusion detection technology for ICS-WF, which is developed based on statistical models of wind farm network characteristics. Finally, combined all these work with the network security offense and defense drill in the industrial control safety simulation laboratory of wind farms, this research formulates a three-dimensional comprehensive protection solution for ICS-WF, which significantly improves the cybersecurity level of ICS-WF.
Pyatnitsky, Ilya A., Sokolov, Alexander N..  2021.  Determination of the Optimal Ratio of Normal to Anomalous Points in the Problem of Detecting Anomalies in the Work of Industrial Control Systems. 2021 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :0478–0480.
Algorithms for unsupervised anomaly detection have proven their effectiveness and flexibility, however, first it is necessary to calculate with what ratio a certain class begins to be considered anomalous by the autoencoder. For this reason, we propose to conduct a study of the efficiency of autoencoders depending on the ratio of anomalous and non-anomalous classes. The emergence of high-speed networks in electric power systems creates a tight interaction of cyberinfrastructure with the physical infrastructure and makes the power system susceptible to cyber penetration and attacks. To address this problem, this paper proposes an innovative approach to develop a specification-based intrusion detection framework that leverages available information provided by components in a contemporary power system. An autoencoder is used to encode the causal relations among the available information to create patterns with temporal state transitions, which are used as features in the proposed intrusion detection. This allows the proposed method to detect anomalies and cyber attacks.
Trifonov, Roumen, Manolov, Slavcho, Yoshinov, Radoslav, Tsochev, Georgy, Pavlova, Galya.  2021.  Applying the Experience of Artificial Intelligence Methods for Information Systems Cyber Protection at Industrial Control Systems. 2021 25th International Conference on Circuits, Systems, Communications and Computers (CSCC). :21–25.
The rapid development of the Industry 4.0 initiative highlights the problems of Cyber-security of Industrial Computer Systems and, following global trends in Cyber Defense, the implementation of Artificial Intelligence instruments. The authors, having certain achievement in the implementation of Artificial Intelligence tools in Cyber Protection of Information Systems and, more precisely, creating and successfully experimenting with a hybrid model of Intrusion Detection and Prevention System (IDPS), decided to study and experiment with the possibility of applying a similar model to Industrial Control Systems. This raises the question: can the experience of applying Artificial Intelligence methods in Information Systems, where this development went beyond the experimental phase and has entered into the real implementation phase, be useful for experimenting with these methods in Industrial Systems.
Fadhlillah, Aghnia, Karna, Nyoman, Irawan, Arif.  2021.  IDS Performance Analysis using Anomaly-based Detection Method for DOS Attack. 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS). :18–22.
Intrusion Detection System (IDS) is a system that could detect suspicious activity in a network. Two approaches are known for IDS, namely signature-based and anomaly-based. The anomaly-based detection method was chosen to detect suspicious and abnormal activity for the system that cannot be performed by the signature-based method. In this study, attack testing was carried out using three DoS tools, namely the LOIC, Torshammer, and Xerxes tools, with a test scenario using IDS and without IDS. From the test results that have been carried out, IDS has successfully detected the attacks that were sent, for the delivery of the most consecutive attack packages, namely Torshammer, Xerxes, and LOIC. In the detection of Torshammer attack tools on the target FTP Server, 9421 packages were obtained, for Xerxes tools as many as 10618 packages and LOIC tools as many as 6115 packages. Meanwhile, attacks on the target Web Server for Torshammer tools were 299 packages, for Xerxes tools as many as 530 packages, and for LOIC tools as many as 103 packages. The accuracy of the IDS performance results is 88.66%, the precision is 88.58% and the false positive rate is 63.17%.
Jisna, P, Jarin, T, Praveen, P N.  2021.  Advanced Intrusion Detection Using Deep Learning-LSTM Network On Cloud Environment. 2021 Fourth International Conference on Microelectronics, Signals Systems (ICMSS). :1–6.
Cloud Computing is a favored choice of any IT organization in the current context since that provides flexibility and pay-per-use service to the users. Moreover, due to its open and inclusive architecture which is accessible to attackers. Security and privacy are a big roadblock to its success. For any IT organization, intrusion detection systems are essential to the detection and endurance of effective detection system against attacker aggressive attacks. To recognize minor occurrences and become significant breaches, a fully managed intrusion detection system is required. The most prevalent approach for intrusion detection on the cloud is the Intrusion Detection System (IDS). This research introduces a cloud-based deep learning-LSTM IDS model and evaluates it to a hybrid Stacked Contractive Auto Encoder (SCAE) + Support Vector Machine (SVM) IDS model. Deep learning algorithms like basic machine learning can be built to conduct attack detection and classification simultaneously. Also examine the detection methodologies used by certain existing intrusion detection systems. On two well-known Intrusion Detection datasets (KDD Cup 99 and NSL-KDD), our strategy outperforms current methods in terms of accurate detection.
Alsyaibani, Omar Muhammad Altoumi, Utami, Ema, Hartanto, Anggit Dwi.  2021.  An Intrusion Detection System Model Based on Bidirectional LSTM. 2021 3rd International Conference on Cybernetics and Intelligent System (ICORIS). :1–6.
Intrusion Detection System (IDS) is used to identify malicious traffic on the network. Apart from rule-based IDS, machine learning and deep learning based on IDS are also being developed to improve the accuracy of IDS detection. In this study, the public dataset CIC IDS 2017 was used in developing deep learning-based IDS because this dataset contains the new types of attacks. In addition, this dataset also meets the criteria as an intrusion detection dataset. The dataset was split into train data, validation data and test data. We proposed Bidirectional Long-Short Term Memory (LSTM) for building neural network. We created 24 scenarios with various changes in training parameters which were trained for 100 epochs. The training parameters used as research variables are optimizer, activation function, and learning rate. As addition, Dropout layer and L2-regularizer were implemented on every scenario. The result shows that the model used Adam optimizer, Tanh activation function and a learning rate of 0.0001 produced the highest accuracy compared to other scenarios. The accuracy and F1 score reached 97.7264% and 97.7516%. The best model was trained again until 1000 iterations and the performance increased to 98.3448% in accuracy and 98.3793% in F1 score. The result exceeded several previous works on the same dataset.
Ali, Jokha.  2021.  Intrusion Detection Systems Trends to Counteract Growing Cyber-Attacks on Cyber-Physical Systems. 2021 22nd International Arab Conference on Information Technology (ACIT). :1–6.
Cyber-Physical Systems (CPS) suffer from extendable vulnerabilities due to the convergence of the physical world with the cyber world, which makes it victim to a number of sophisticated cyber-attacks. The motives behind such attacks range from criminal enterprises to military, economic, espionage, political, and terrorism-related activities. Many governments are more concerned than ever with securing their critical infrastructure. One of the effective means of detecting threats and securing their infrastructure is the use of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). A number of studies have been conducted and proposed to assess the efficacy and effectiveness of IDS through the use of self-learning techniques, especially in the Industrial Control Systems (ICS) era. This paper investigates and analyzes the utilization of IDS systems and their proposed solutions used to enhance the effectiveness of such systems for CPS. The targeted data extraction was from 2011 to 2021 from five selected sources: IEEE, ACM, Springer, Wiley, and ScienceDirect. After applying the inclusion and exclusion criteria, 20 primary studies were selected from a total of 51 studies in the field of threat detection in CPS, ICS, SCADA systems, and the IoT. The outcome revealed the trends in recent research in this area and identified essential techniques to improve detection performance, accuracy, reliability, and robustness. In addition, this study also identified the most vulnerable target layer for cyber-attacks in CPS. Various challenges, opportunities, and solutions were identified. The findings can help scholars in the field learn about how machine learning (ML) methods are used in intrusion detection systems. As a future direction, more research should explore the benefits of ML to safeguard cyber-physical systems.
Iashvili, Giorgi, Iavich, Maksim, Bocu, Razvan, Odarchenko, Roman, Gnatyuk, Sergiy.  2021.  Intrusion Detection System for 5G with a Focus on DOS/DDOS Attacks. 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). 2:861–864.
The industry of telecommunications is being transformed towards 5G technology, because it has to deal with the emerging and existing use cases. Because, 5G wireless networks need rather large data rates and much higher coverage of the dense base station deployment with the bigger capacity, much better Quality of Service - QoS, and the need very low latency [1–3]. The provision of the needed services which are envisioned by 5G technologies need the new service models of deployment, networking architectures, processing technologies and storage to be defined. These technologies will cause the new problems for the cybersecurity of 5G systems and the security of their functionality. The developers and researchers working in this field make their best to secure 5G systems. The researchers showed that 5G systems have the security challenges. The researchers found the vulnerabilities in 5G systems which allow attackers to integrate malicious code into the system and make the different types of the illegitimate actions. MNmap, Battery drain attacks and MiTM can be successfully implemented on 5G. The paper makes the analysis of the existing cyber security problems in 5G technology. Based on the analysis, we suggest the novel Intrusion Detection System - IDS by means of the machine-learning algorithms. In the related papers the scientists offer to use NSL-KDD in order to train IDS. In our paper we offer to train IDS using the big datasets of DOS/DDOS attacks, besides of training using NSL-KDD. The research also offers the methodology of integration of the offered intrusion detection systems into an standard architecture of 5G. The paper also offers the pseudo code of the designed system.
Jin, Shiyi, Chung, Jin-Gyun, Xu, Yinan.  2021.  Signature-Based Intrusion Detection System (IDS) for In-Vehicle CAN Bus Network. 2021 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.
In-vehicle CAN (Controller Area Network) bus network does not have any network security protection measures, which is facing a serious network security threat. However, most of the intrusion detection solutions requiring extensive computational resources cannot be implemented in in- vehicle network system because of the resource constrained ECUs. To add additional hardware or to utilize cloud computing, we need to solve the cost problem and the reliable communication requirement between vehicles and cloud platform, which is difficult to be applied in a short time. Therefore, we need to propose a short-term solution for automobile manufacturers. In this paper, we propose a signature-based light-weight intrusion detection system, which can be applied directly and promptly to vehicle's ECUs (Electronic Control Units). We detect the anomalies caused by several attack modes on CAN bus from real-world scenarios, which provide the basis for selecting signatures. Experimental results show that our method can effectively detect CAN traffic related anomalies. For the content related anomalies, the detection ratio can be improved by exploiting the relationship between the signals.
Qiu, Bin, Chen, Ke, He, Kexun, Fang, Xiyu.  2021.  Research on vehicle network intrusion detection technology based on dynamic data set. 2021 IEEE 3rd International Conference on Frontiers Technology of Information and Computer (ICFTIC). :386–390.
A new round of scientific and technological revolution and industrial reform promote the intelligent development of automobile and promote the deep integration of automobile with Internet, big data, communication and other industries. At the same time, it also brings network and data security problems to automobile, which is very easy to cause national security and social security risks. Intelligent vehicle Ethernet intrusion detection can effectively alleviate the security risk of vehicle network, but the complex attack means and vehicle compatibility have not been effectively solved. This research takes the vehicle Ethernet as the research object, constructs the machine learning samples for neural network, applies the self coding network technology combined with the original characteristics to the network intrusion detection algorithm, and studies a self-learning vehicle Ethernet intrusion detection algorithm. Through the application and test of vehicle terminal, the algorithm generated in this study can be used for vehicle terminal with Ethernet communication function, and can effectively resist 34 kinds of network attacks in four categories. This method effectively improves the network security defense capability of vehicle Ethernet, provides technical support for the network security of intelligent vehicles, and can be widely used in mass-produced intelligent vehicles with Ethernet.
Sun, Xiaoshuang, Wang, Yu, Shi, Zengkai.  2021.  Insider Threat Detection Using An Unsupervised Learning Method: COPOD. 2021 International Conference on Communications, Information System and Computer Engineering (CISCE). :749–754.
In recent years, insider threat incidents and losses of companies or organizations are on the rise, and internal network security is facing great challenges. Traditional intrusion detection methods cannot identify malicious behaviors of insiders. As an effective method, insider threat detection technology has been widely concerned and studied. In this paper, we use the tree structure method to analyze user behavior, form feature sequences, and combine the Copula Based Outlier Detection (COPOD) method to detect the difference between feature sequences and identify abnormal users. We experimented on the insider threat dataset CERT-IT and compared it with common methods such as Isolation Forest.
Baniya, Babu Kaji.  2021.  Intrusion Representation and Classification using Learning Algorithm. 2021 23rd International Conference on Advanced Communication Technology (ICACT). :279–284.
At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.
Ma, Lele.  2021.  One Layer for All: Efficient System Security Monitoring for Edge Servers. 2021 IEEE International Performance, Computing, and Communications Conference (IPCCC). :1–8.
Edge computing promises higher bandwidth and lower latency to end-users. However, edge servers usually have limited computing resources and are geographically distributed over the edge. This imposes new challenges for efficient system monitoring and control of edge servers.In this paper, we propose EdgeVMI, a framework to monitor and control services running on edge servers with lightweight virtual machine introspection(VMI). The key of our technique is to run the monitor in a lightweight virtual machine which can leverage hardware events for monitoring memory read and writes. In addition, the small binary size and memory footprints of the monitor could reduce the start/stop time of service, the runtime overhead, as well as the deployment efforts.Inspired by unikernels, we build our monitor with only the necessary system modules, libraries, and functionalities of a specific monitor task. To reduce the security risk of the monitoring behavior, we separate the monitor into two isolated modules: one acts as a sensor to collect security information and another acts as an actuator to conduct control commands. Our evaluation shows the effectiveness and the efficiency of the monitoring system, with an average performance overhead of 2.7%.
Rokade, Monika D., Sharma, Yogesh Kumar.  2021.  MLIDS: A Machine Learning Approach for Intrusion Detection for Real Time Network Dataset. 2021 International Conference on Emerging Smart Computing and Informatics (ESCI). :533–536.
Computer network and virtual machine security is very essential in today's era. Various architectures have been proposed for network security or prevent malicious access of internal or external users. Various existing systems have already developed to detect malicious activity on victim machines; sometimes any external user creates some malicious behavior and gets unauthorized access of victim machines to such a behavior system considered as malicious activities or Intruder. Numerous machine learning and soft computing techniques design to detect the activities in real-time network log audit data. KKDDCUP99 and NLSKDD most utilized data set to detect the Intruder on benchmark data set. In this paper, we proposed the identification of intruders using machine learning algorithms. Two different techniques have been proposed like a signature with detection and anomaly-based detection. In the experimental analysis, demonstrates SVM, Naïve Bayes and ANN algorithm with various data sets and demonstrate system performance on the real-time network environment.
Bezzateev, S. V., Fomicheva, S. G., Zhemelev, G. A..  2021.  Agent-based ZeroLogon Vulnerability Detection. 2021 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). :1–5.
Intrusion detection systems installed on the information security devices that control the internal and external perimeter of the demilitarized zones are not able to detect the vulnerability of ZeroLogon after the successful penetration of the intruder into the zone. Component solution for ZeroLogon control is offered. The paper presents the research results of the capabilities for built-in Active Directory audit mechanisms and open source intrusion detection/prevention systems, which allow identification of the critical vulnerability CVE-2020-1472. These features can be used to improve the quality of cyber-physical systems management, to perform audits, as well as to check corporate domains for ZeroLogon vulnerabilities.