This paper concerns cybersecurity issues in one of the fastest growing fields of modern computer systems the Internet-of-Things (IoT). In this field, intrusion detection plays a significant role in ...allowing IoT systems’ safe functioning and continuous operation. Visualizing the IoT data using dimensionality reduction allows for an easy and straightforward traffic analysis based on a graphical data representation, eligible for interpretation even by non-experts. We present a study on IoT network intrusion detection using three dimensionality reduction methods, namely, the Self-Organizing Map (SOM), the t-distributed Stochastic Neighbor Embedding (t-SNE), and the Neighborhood Retrieval Visualizer (NeRV). We show that applying them to the IoT traffic allows for reducing the original traffic feature space to a 2-D one, where anomalies may be noticed visually as outliers. The purpose of our study and its original contribution is conducting a comparative analysis of the t-SNE versus NeRV dimensionality reduction approaches in both: theoretical and empirical aspects. We notice and point out specific significant differences between these methods, which, as we claim, are responsible for their different performance in the IoT field, which is validated by our empirical study on real-world IoT traffic datasets. The results of our experimental research provide an interesting insight into the behavior of the investigated techniques and confirm their effectiveness and usability in IoT anomalies detection.
•We present an IoT anomalies detection using dimensionality reduction and clustering.•We employ the PCA, SOM, t-SNE, and NeRV methods.•A theoretical and empirical comparative study of t-SNE against NeRV is conducted.•The results of our empirical analysis verify and confirm all the theoretical claims.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Cyber attacks are becoming more sophisticated and, hence, more difficult to detect. Using efficient and effective machine learning techniques to detect network anomalies and intrusions is an ...important aspect of cyber security. A variety of machine learning models have been employed to help detect malicious intentions of network users. In this paper, we evaluate performance of recurrent neural networks (Long Short-Term Memory and Gated Recurrent Unit) and Broad Learning System with its extensions to classify known network intrusions. We propose two BLS-based algorithms with and without incremental learning. The algorithms may be used to develop generalized models by using various subsets of input data and expanding the network structure. The models are trained and tested using Border Gateway Protocol routing records as well as network connection records from the NSL-KDD and Canadian Institute of Cybersecurity datasets. Performance of the models is evaluated based on selected features, accuracy, F-Score, and training time.
In recent decades, with the attracting features of mobiles including 4G and 5G, world is getting more connected to mobile communications. This results in the accumulation of large amount of data in ...the mobile network. The analysis of the network data is very complex but is essential in terms of resource and cost management. The network data analytics include detection of unusual network behaviour due to traffic created by the mobile users and Short Message Service (SMS) spammers. Research to an approach with the same impulsion is creating a new interest in the field of mobile network data analytics using machine learning tools. To attain this, Call Detail Record (CDR) provided by the telecom network industry is utilized. The timely analysis of CDR helps to understand the behaviour of the network due to various activities of mobile users. To analyse CDR, it has to be pre-processed to convert it from the raw data into machine understandable form. The proposed method is mean-normalization pre-processing which is suitable in understanding the behaviour of mobile users’ individual activities like incoming-outgoing calls, incoming-outgoing SMS and internet activity. Later, machine learning tools can be applied to analyse and predict the network anomalies like network traffic and Short.
The conventional distribution network is undergoing structural changes and becoming an active grid due to the advent of smart grid technologies encompassing distributed energy resources (DERs), ...aggregated demand response and electric vehicles (EVs). This establishes a need for state estimation-based tools and real-time monitoring of the distribution grid to correctly apply active controls. Although such new tools may be vulnerable to cyber-attacks, cyber-security of distribution grid has not received enough attention. As smart distribution grid intensively relies on communication infrastructures, the authors assume in this study that an attacker can compromise the communication and successfully conduct attacks against crucial functions of the distribution management system, making the distribution system prone to instability boundaries for collapses. They formulate the attack detection problem in the distribution grid as a statistical learning problem and demonstrate a comprehensive benchmark of statistical learning methods on various IEEE distribution test systems. The proposed learning algorithms are tested using various attack scenarios which include distinct features of modern distribution grid such as integration of DERs and EVs. Furthermore, the interaction between transmission and distribution systems and its effect on the attack detection problem are investigated. Simulation results show attack detection is more challenging in the distribution grid.
Full text
Available for:
FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SAZU, SBCE, SBMB, UL, UM, UPUK
In recent decades, with the attracting features of mobiles including 4G and 5G, world is getting more connected to mobile communications. This results in the accumulation of large amount of data in ...the mobile network. The analysis of the network data is very complex but is essential in terms of resource and cost management. The network data analytics include detection of unusual network behaviour due to traffic created by the mobile users and Short Message Service (SMS) spammers. Research to an approach with the same impulsion is creating a new interest in the field of mobile network data analytics using machine learning tools. To attain this, Call Detail Record (CDR) provided by the telecom network industry is utilized. The timely analysis of CDR helps to understand the behaviour of the network due to various activities of mobile users. To analyse CDR, it has to be pre-processed to convert it from the raw data into machine understandable form. The proposed method is mean-normalization pre-processing which is suitable in understanding the behaviour of mobile users' individual activities like incoming-outgoing calls, incoming-outgoing SMS and internet activity. Later, machine learning tools can be applied to analyse and predict the network anomalies like network traffic and Short.
The rising interest in the security of network infrastructure, including edge devices, the Internet of Things, and smart grids, has led to the development of numerous machine learning-based ...approaches that promise improvement to existing threat detection solutions. Among the popular methods to ensuring cybersecurity is the use of data science techniques and big data to analyse online threats and current trends. One important factor is that these techniques can identify trends, attacks, and events that are invisible or not easily detectable even to a network administrator. The goal of this paper is to suggest the optimal method for feature selection and to find the most suitable method to compare results between different studies in the context of imbalance datasets and threat detection in ICT. Furthermore, as part of this paper, the authors present the state of the data science discipline in the context of the ICT industry, in particular, its applications and the most frequently employed methods of data analysis. Based on these observations, the most common errors and shortcomings in adopting best practices in data analysis have been identified. The improper usage of imbalanced datasets is one of the most frequently occurring issues. This characteristic of data is an indispensable aspect in the case of the detection of infrequent events. The authors suggest several solutions that should be taken into account while conducting further studies related to the analysis of threats and trends in smart grids.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK
The Internet of Things (IoT) is on the rise and it is giving a new shape to several fields such as smart cities, smart homes, smart health, etc. as it facilitates the connection of physical objects ...to the internet. However, this advancement comes along with new challenges in terms of security of the devices in the IoT networks. Some of these challenges come as network anomalies. Hence, this has prompted the use of network anomaly mitigation schemes as an integral part of the defense mechanisms of IoT networks in order to protect the devices from malicious users. Thus, several schemes have been proposed to mitigate network anomalies. This paper covers a review of different network anomaly mitigation schemes in IoT networks. The schemes' objectives, operational procedures, and strengths are discussed. A comparison table of the reviewed schemes, as well as a taxonomy based on the detection methodology, is provided. In contrast to other surveys that presented qualitative evaluations, our survey provides both qualitative and quantitative evaluations. The UNSW-NB15 dataset was used to conduct a performance evaluation of some classification algorithms used for network anomaly mitigation schemes in IoT. Finally, challenges and open issues in the development of network anomaly mitigation schemes in IoT are discussed.
Network intrusion detection is a relevant cybersecurity research field. The growing number of intrusions requires more sophisticated methods to protect computer networks. Various machine learning ...algorithms are used to detect network intrusions and anomalies, but their accuracy is limited. In this research, we address the problem of improving network-level intrusion detection by applying hybrid machine-learning algorithms. The paper proposes three new hybrid machine learning methods and investigates their accuracy using two publicly available datasets CSE-CIC-IDS2018 and NSW-NB-15. In order to increase the accuracy of the classification models, hyperparameter optimization was performed. The iteration method and the Chi-square χ2 test were used to identify significant features of the data set. Analyzing the research results, it was found that the highest network anomaly recognition accuracy of 99.34% was achieved by applying a hybrid algorithm consisting of a decision tree, naive Bayesian, and multilayer perceptron algorithms. Achieved result is 3.13% higher than the best accuracy achieved by individual machine learning algorithms. In order to comprehensively evaluate the studied machine learning algorithms and their suitability for detecting intrusions in a computer network, the algorithms were ranked using the SCR, DR, FR ranking methods.
Full text
Available for:
IZUM, KILJ, NUK, ODKLJ, PILJ, PNG, SAZU, UL, UM, UPUK
Because of the increasing application of reinforcement learning (RL), particularly deep Q-learning algorithm, research organizations utilize it with increasing frequency. The prediction of cyber ...vulnerability and development of efficient real-time online network intrusion detection (NID) systems are progressions toward becoming RL-powered. An open issues in NID is the model design and prediction of real-time online data composed of a series of time-related feature patterns. There have been concerns regarding the operation of the developed systems because cyber-attack scenarios vary continuously to circumvent NID. These issues have been related to the human interaction significance and the decrease in accuracy verification. Therefore, we employ an RL that permits a deep auto-encoder in the Q-network (DAEQ-N). The proposed DAEQ-N attempts to achieve the maximum prediction accuracy in online learning systems into which continuous behavior patterns are fed and which are trained with more significant weights by classifying it as either “normal” or “anomalous.”
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
In order to monitor temporal and spatial crustal activities associated with earthquakes, ground- and satellite-based monitoring systems have been installed in China since the 1990s. In recent years, ...the correlation between monitoring strain anomalies and local major earthquakes has been verified. In this study, we further evaluate the possibility of strain anomalies containing earthquake precursors by using Receiver Operating Characteristic (ROC) prediction. First, strain network anomalies were extracted in the borehole strain data recorded in Western China during 2010–2017. Then, we proposed a new prediction strategy characterized by the number of network anomalies in an anomaly window, Nano, and the length of alarm window, Talm. We assumed that clusters of network anomalies indicate a probability increase of an impending earthquake, and consequently, the alarm window would be the duration during which a possible earthquake would occur. The Area Under the ROC Curve (AUC) between true predicted rate, tpr, and false alarm rate, fpr, is measured to evaluate the efficiency of the prediction strategies. We found that the optimal strategy of short-term forecasts was established by setting the number of anomalies greater than 7 within 14 days and the alarm window at one day. The results further show the prediction strategy performs significantly better when there are frequent enhanced network anomalies prior to the larger earthquakes surrounding the strain network region. The ROC detection indicates that strain data possibly contain the precursory information associated with major earthquakes and highlights the potential for short-term earthquake forecasting.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, PNG, SAZU, UL, UM, UPUK