The topic of security challenges and solutions for Automatic Dependent Surveillance-Broadcast (ADS-B) systems is becoming more critical day-to-day because of the increasing air traffic volume. Since aircraft and groun...
详细信息
The topic of security challenges and solutions for Automatic Dependent Surveillance-Broadcast (ADS-B) systems is becoming more critical day-to-day because of the increasing air traffic volume. Since aircraft and ground stations receive broadcast ADS-B data cannot check the source and integrity of data, ADS-B systems can be spoofed easily by transmitting false data. In this paper, we develop an anomaly detection system for ADS-B data as a security solution. Various parameter sets were analyzed to identify critical ones. We created attack vectors for eight different attack scenarios, such as spoofing, message injection, and virtual trajectory change attacks, and created hybrid datasets by combining different attack vectors to increase the detection ability of different attack scenarios. These datasets have covered a wide range of attack scenarios to increase the robustness of anomalydetection assessments. We used attack datasets to evaluate the performance of different ML and DL models. The random forest classifier and the extra tree classifier are the standout performers, both achieving an impressive accuracy of 0.999. The decision tree classifier, with an accuracy of 0.992, also demonstrates strong performance, though slightly below that of the random forest and extra tree models. The results of the decision tree classifier have the lowest false negative and false positive rate, which are 0.004 and 0, respectively. Among the deep learning models, the multilayer perceptron model achieves notable success with an accuracy of 0.981744. Based on the results of our model, we increase the accuracy and reliability compared to existing methods. Additionally, we share our datasets to encourage further research and enable other researchers to expand our findings.
The rapid expansion of Internet-of-Things (IoT) devices has revolutionized connectivity, facilitating the exchange of extensive data within IoT networks via the traditional internet. However, this innovation has also ...
详细信息
ISBN:
(纸本)9783031624940;9783031624957
The rapid expansion of Internet-of-Things (IoT) devices has revolutionized connectivity, facilitating the exchange of extensive data within IoT networks via the traditional internet. However, this innovation has also increased security concerns due to the presence of sensitive nature of data exchanged within IoT networks. To address these concerns, network-based anomaly detection systems play a crucial role in ensuring the security of IoT networks through continuous network traffic monitoring. However, despite significant efforts from researchers, these detectionsystems still suffer from lower accuracy in detecting new anomalies and often generate high false alarms. To this end, this study proposes an efficient Hybrid Ensemble learning-based anomaly detection system (HEADS) to secure an IoT network from all types of anomalies. The proposed solution is based on a novel hybrid approach to improve the voting strategy for ensemble learning. The ensemble prediction is assisted by a Random Forest-based model obtained through the best F1 score for each label through dataset subset selection. The efficiency of HEADS is evaluated using the publicly available CICIoT2023 dataset. The evaluation results demonstrate an F1 score of 99.75% and a false alarm rate of 0.038%. These observations signify an average 4% improvement in the F1 score while a reduction of 0.7% in the false alarm rate comparing other anomalydetection-based strategies.
The boring and repetitive task of monitoring video feeds makes real-time anomalydetection tasks difficult for humans. Hence, crimes are usually detected hours or days after the occurrence. To mitigate this, the resea...
详细信息
The boring and repetitive task of monitoring video feeds makes real-time anomalydetection tasks difficult for humans. Hence, crimes are usually detected hours or days after the occurrence. To mitigate this, the research community proposes the use of a deep learning-based anomalydetection model (ADM) for automating the monitoring process. However, the isolated setup of existing surveillance systems makes ADM inefficient and susceptible to staleness due to the lack of resource sharing and continuous learning (CL). CL is the incremental development of models that adapts continuously to the external world. Thus, for efficient CL in surveillance systems, devices must share resources and cooperate with neighbor sites. Yet, solutions from the literature focus on the isolated environment thereby neglecting the need for resource sharing and CL. To address this gap, this paper proposes a cooperative surveillance system called SurveilNet that allows for resource sharing between surveillance sites under the control of a cooperator node. We further propose a lightweight subscription scheme that allows for a joint specialized model development process that continually adapts to the dynamics of the secured environment. Our proposed scheme offers the ability to learn from the neighboring site's data without compromising data privacy. The performance of our scheme is evaluated using a reclassified UCF-Crime dataset with the result showing the efficiency of our proposed scheme when compared to the state-of-the-art.
Advanced metering infrastructures (AMIs) aim to enhance the efficiency, reliability, and stability of electrical systems while offering advanced functionality. However, an AMI collects copious volumes of data and info...
详细信息
Advanced metering infrastructures (AMIs) aim to enhance the efficiency, reliability, and stability of electrical systems while offering advanced functionality. However, an AMI collects copious volumes of data and information, making the entire system sensitive and vulnerable to malicious attacks that may cause substantial damage, such as a deficit in national security, a disturbance of public order, or significant economic harm. As a result, it is critical to guarantee a steady and dependable supply of information and electricity. Furthermore, storing massive quantities of data in one central entity leads to compromised data privacy. As such, it is imperative to engineer decentralized, federated learning (FL) solutions. In this context, the performance of participating clients has a significant impact on global performance. Moreover, FL models have the potential for a Single Point of Failure (SPoF). These limitations contribute to system failure and performance degradation. This work aims to develop a performance-based hierarchical federated learning (HFL) anomaly detection system for an AMI through (1) developing a deep learning model that detects attacks against this critical infrastructure;(2) developing a novel aggregation strategy, FedAvg-P, to enhance global performance;and (3) proposing a peer-to-peer architecture guarding against a SPoF. The proposed system was employed in experiments on the CIC-IDS2017 dataset. The experimental results demonstrate that the proposed system can be used to develop a reliable anomaly detection system for AMI networks.
Les systèmes SCADA sont de plus en plus ciblés par les cyberattaques en raison de nombreuses vulnérabilités dans le matériel, les logiciels, les protocoles et la pile de communication. Ces sys...
详细信息
Les systèmes SCADA sont de plus en plus ciblés par les cyberattaques en raison de nombreuses vulnérabilités dans le matériel, les logiciels, les protocoles et la pile de communication. Ces systèmes utilisent aujourd'hui du matériel, des logiciels, des systèmes d'exploitation et des protocoles standard. De plus, les systèmes SCADA qui étaient auparavant isolés sont désormais interconnectés aux réseaux d'entreprise et à Internet, élargissant ainsi la surface d'attaque. Dans cette thèse, nous utilisons une approche deep learning pour proposer un réseau de neurones profonds hybride efficace pour la détection d'anomalies dans les systèmes SCADA. Les principales caractéristiques des données SCADA sont apprises de manière automatique et non supervisée, puis transmises à un classificateur supervisé afin de déterminer si ces données sont normales ou anormales, c'est-à-dire s'il y a une cyber-attaque ou non. Par la suite, en réponse au défi dû au temps d’entraînement élevé des modèles deep learning, nous avons proposé une approche distribuée de notre système de détection d'anomalies afin de réduire le temps d’entraînement de notre modèle. SCADA systems are more and more targeted by cyber-attacks because of many vulnerabilities inhardware, software, protocols and the communication stack. Those systems nowadays use standard hardware, software, operating systems and protocols. Furthermore, SCADA systems which used to be air-gaped are now interconnected to corporate networks and to the Internet, widening the attack *** this thesis, we are using a deep learning approach to propose an efficient hybrid deep neural network for anomalydetection in SCADA systems. The salient features of SCADA data are automatically and unsupervisingly learnt, and then fed to a supervised classifier in order to dertermine if those data are normal or abnormal, i.e if there is a cyber-attack or not. Afterwards, as a response to the challenge caused by high training time of deep learning models, we
Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. ...
详细信息
Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. Thus, it is essential to create an Intrusion detectionsystem (IDS) to detect both insider and outsider attacks with high detection accuracy in cloud environment. This work proposes an anomaly detection system at the hypervisor layer named Hypervisor Detector that uses a hybrid algorithm which is a mixture of Fuzzy C-Means clustering algorithm and Artificial Neural Network (FCM-ANN) to improve the accuracy of the detectionsystem. The proposed system is implemented and compared with Na < ve Bayes classifier and Classic ANN algorithm. The DARPA's KDD cup dataset 1999 is used for experiments. Based on extensive theoretical and performance analysis, it is evident that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate even for low frequent attacks thereby outperforming Na < ve Bayes classifier and Classic ANN.
In this work, we propose a framework for a Virtual Machine Monitor (VMM)-based anomaly detection system (ADS). This framework uses a sequence-based analysis Hidden Markov Model (HMM) on static probe instrumentation da...
详细信息
ISBN:
(纸本)9781509009466
In this work, we propose a framework for a Virtual Machine Monitor (VMM)-based anomaly detection system (ADS). This framework uses a sequence-based analysis Hidden Markov Model (HMM) on static probe instrumentation data collected within the VMM. Long observations are split into multiple, uniformed-length, small sequences. The list of likelihood score of sequences in the new observation is compared to a reference list of likelihood scores created from a normal scenario dataset. Statistical distance values from both lists are used to predict the new observation anomaly status. We evaluated the effectiveness of the approach over multiple statistical distance measures and multiple sequence lengths. We also compared our sequence-based analysis results with a frequency-based analysis results that used the One-Class Support Vector Machine (OCSVM). The results show that the HMM sequence-based analysis can distinguish normal datasets from anomalous datasets better than the OC-SVM frequency-based analysis.
With the rapid development of computer systems, intrusion attack methods have become large-scale, distributed and complex. Traditional protection means such as vulnerability database, virus database and rule matching ...
详细信息
With the rapid development of computer systems, intrusion attack methods have become large-scale, distributed and complex. Traditional protection means such as vulnerability database, virus database and rule matching can't cope with the attacks hidden inside the terminals. This paper proposed a terminal anomaly detection system based on dynamic taint analysis technology from the data dimension of the terminals. Firstly we built a standard data path model based on HMM and evaluated the deviation degree of the current operating mode with it to find the abnormal working status of the terminals. The experimental results show that the structure is valid to discover the intrusion attacks with a high detection rate and low false alarm rate.
This paper introduces an anomaly/intrusion detectionsystem utilizing machine learning techniques for detecting attacks in the Automatic detectionsystem-Broadcast (ADS-B). Real ADS-B messages between Turkiye's co...
详细信息
ISBN:
(纸本)9783031734199;9783031734205
This paper introduces an anomaly/intrusion detectionsystem utilizing machine learning techniques for detecting attacks in the Automatic detectionsystem-Broadcast (ADS-B). Real ADS-B messages between Turkiye's coordinates are collected to train and test machine learning models. After data collection and pre-processing steps, the authors generate the attack datasets by using real ADS-B data to simulate two attack scenarios, which are constant velocity increase/decrease and gradually velocity increase or decrease attacks. The efficacy of fivemachine learning algorithms, including decision trees, extra trees, gaussian naive bayes, k-nearest neighbors, and logistic regression, is evaluated across different attack types. This paper demonstrates that tree-based algorithms consistently exhibit superior performance across a spectrum of attack scenarios. Moreover, the research underscores the significance of anomaly or intrusion detection mechanisms for ADS-B systems, highlights the practical viability of employing tree-based algorithms in air traffic management, and suggests avenues for enhancing safety protocols and mitigating potential risks in the airspace domain.
Cloud's operating-system-level virtualization has introduced a new phase of lightweight virtualization through containers. The architecture of cloud-native and microservices-based application development strongly ...
详细信息
Cloud's operating-system-level virtualization has introduced a new phase of lightweight virtualization through containers. The architecture of cloud-native and microservices-based application development strongly advocates for the use of containers due to their swift and convenient deployment capabilities. However, the security of applications within containers is important, as malicious or vulnerable content could jeopardize the container and the host system. This vulnerability also extends to neighboring containers and may compromise data integrity and confidentiality. The article focuses on developing an intrusion detectionsystem tailored to containerized cloud environments by identifying system call analysis techniques and also proposes an anomaly-based host intrusion detectionsystem (Ab-HIDS). This system employs the frequency of N-grams system calls as distinctive features. To enhance performance, two ensemble learning models, namely voting-based ensemble learning and XGBoost ensemble learning, are employed for training and testing the data. The proposed system is evaluated using the Leipzig Intrusion detection Data Set (LID-DS), demonstrating substantial performance compared to existing state-of-the-art methods. Ab-HIDS is validated for class imbalance using the imbalance ratio and synthetic minority over-sampling technique methods. Our system achieved significant improvements in detection accuracy with 4% increase for the voting-based ensemble model and 6% increase for the XGBoost ensemble model. Additionally, we observed reductions in the false positive rate by 0.9% and 0.8% for these models, respectively, compared to existing state-of-the-art methods. These results illustrate the potential of our proposed approach in improving security measures within containerized environments.
暂无评论