Machine Learning for Network Security

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (20 August 2023) | Viewed by 31598

Special Issue Editor

Department of Computing and Software, McMaster University, Hamilton, ON, Canada
Interests: big data systems; cloud computing; mobile and pervasive computing; security and privacy

Special Issue Information

Dear Colleagues,

As cyberattacks grow in volume and complexity, machine learning has been widely adopted to deal with various cybersecurity attacks and malicious behaviors. On the other hand, machine learning models are vulnerable to data pollution attacks. Enhancing network security and achieving robustness of ML-driven network systems are the critical issues in the development of cyberphysical systems. In this special issue, we invite submissions leveraging the power of machine learning to detect various attacks and understand the vulnerability of network systems, exploring cutting-edge machine learning technologies in the field of network security, and addressing the robustness of machine learning models against imperfect training samples in untrusted cyberphysical systems. Both theoretical and experimental studies are welcome, as well as comprehensive review and survey papers.

Dr. Wenbo He
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • network security
  • cyberphysical systems
  • anomaly detection
  • vulnerability analysis
  • machine learning
  • privacy and security

Published Papers (16 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

15 pages, 2845 KiB  
Article
Reinforcement Learning as a Path to Autonomous Intelligent Cyber-Defense Agents in Vehicle Platforms
by Stephen Raio, Kevin Corder, Travis W. Parker, Gregory G. Shearer, Joshua S. Edwards, Manik R. Thogaripally, Song J. Park and Frederica F. Nelson
Appl. Sci. 2023, 13(21), 11621; https://doi.org/10.3390/app132111621 - 24 Oct 2023
Viewed by 809
Abstract
Technological advancement of vehicle platforms exposes opportunities for new attack paths and vulnerabilities. Static cyber defenses can help mitigate certain attacks, but those attacks must generally be known ahead of time, and the cyber defenses must be hand-crafted by experts. This research explores [...] Read more.
Technological advancement of vehicle platforms exposes opportunities for new attack paths and vulnerabilities. Static cyber defenses can help mitigate certain attacks, but those attacks must generally be known ahead of time, and the cyber defenses must be hand-crafted by experts. This research explores reinforcement learning (RL) as a path to achieve autonomous, intelligent cyber defense of vehicle control networks—namely, the controller area network (CAN) bus. We train an RL agent for the CAN bus using Toyota’s Portable Automotive Security Testbed with Adaptability (PASTA). We then apply the U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory’s methodology for quantitative measurement of cyber resilience to assess the agent’s effect on the vehicle testbed in a contested cyberspace environment. Despite all defenses having similar traditional performance measures, our RL agent averaged a 90% cyber resilience measurement during drive cycles executed on hardware versus 41% for a naïve static timing defense and 98% for the bespoke timing-based defense. Our results also show that an RL-based agent can detect and block injection attacks on a vehicle CAN bus in a laboratory environment with greater cyber resilience than prior learning approaches (1% for convolutional networks and 0% for recurrent networks). With further research, we believe there is potential for using RL in the autonomous intelligent cyber defense agent concept. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

31 pages, 4653 KiB  
Article
A Lightweight Model for DDoS Attack Detection Using Machine Learning Techniques
by Sapna Sadhwani, Baranidharan Manibalan, Raja Muthalagu and Pranav Pawar
Appl. Sci. 2023, 13(17), 9937; https://doi.org/10.3390/app13179937 - 02 Sep 2023
Cited by 1 | Viewed by 3638
Abstract
The study in this paper characterizes lightweight IoT networks as being established by devices with few computer resources, such as reduced battery life, processing power, memory, and, more critically, minimal security and protection, which are easily vulnerable to DDoS attacks and propagating malware. [...] Read more.
The study in this paper characterizes lightweight IoT networks as being established by devices with few computer resources, such as reduced battery life, processing power, memory, and, more critically, minimal security and protection, which are easily vulnerable to DDoS attacks and propagating malware. A DDoS attack detection model is crucial for attacks in various industries, ensuring the availability and reliability of their networks and systems. The model distinguishes between legitimate and malicious traffic by analyzing network traffic patterns and identifying anomalies. This safeguards critical infrastructure, preserves business continuity, and protects the user experience, minimizing the impact of DDoS attacks. Numerous scholars have studied the notion that protecting lightweight IoT networks essentially requires improving intrusion detection systems. This research is valuable, as it follows a tailored pre-processing methodology specific to IoT network challenges, addressing a pressing need in cybersecurity by focusing on a growing concern related to IoT devices and DDoS attacks, enhancing the security of essential network systems in various industries by effectively detecting DDoS attacks, and developing a lightweight intrusion detection system that aligns with the limited resources of IoT devices. This manuscript proposes a compact and lightweight intrusion detection system that blends machine learning classifiers with a fresh approach to data pre-processing. The handling of missing values, data standardization using Standard Scalar, feature selection using ExtraTreeClassifier wherein only the 15 best features are extracted, and anomaly detection using a classifier are performed. The network dataset of TON-IOT and BOT-IOT datasets is used for experiments, specifically binary classifications and multiple-class classification for the experiment with DDoS and all attacks, respectively. There is an imbalance between the TON-IOT and BOT-IOT attack classes. In trials using the TON-IOT and BOT-IOT datasets, the classes were balanced using several iterations of the SMOTE approach. This research provides a number of classifier types, namely logistic regression, random forest, naïve bayes, artificial neural network, and k nearest neighbor algorithms, which are used to build a lightweight intrusion detection system that is ideally suited for protecting against DDoS attacks in IoT networks. The time taken to train and predict the DDoS attacks is also implemented. Random forest performed well under TON-IOT and naïve bayes performed well under BOT-IOT under binary and multiple-class classification, achieving an accuracy of 100% with less training and prediction time. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

26 pages, 903 KiB  
Article
Improving Reliability for Detecting Anomalies in the MQTT Network by Applying Correlation Analysis for Feature Selection Using Machine Learning Techniques
by Imran, Megat Farez Azril Zuhairi, Syed Mubashir Ali, Zeeshan Shahid, Muhammad Mansoor Alam and Mazliham Mohd Su’ud
Appl. Sci. 2023, 13(11), 6753; https://doi.org/10.3390/app13116753 - 01 Jun 2023
Cited by 1 | Viewed by 1410
Abstract
Anomaly detection (AD) has captured a significant amount of focus from the research field in recent years, with the rise of the Internet of Things (IoT) application. Anomalies, often known as outliers, are defined as the discovery of anomalous occurrences or observations that [...] Read more.
Anomaly detection (AD) has captured a significant amount of focus from the research field in recent years, with the rise of the Internet of Things (IoT) application. Anomalies, often known as outliers, are defined as the discovery of anomalous occurrences or observations that differ considerably from the mainstream of the data. The IoT which is described as a network of Internet-based digital sensors that continuously generate massive volumes of data and use to communicate with one another theMessage Queuing Telemetry Transport (MQTT) protocol. Brute-force, Denial-of-Service (DoS), Malformed, Flood, and Slowite attacks are the most common in theMQTT network. One of the significant factors in IoT AD is the time consumed to predict an attack and take preemptive measures. For instance, if an attack is detected late, the loss of attack is irreversible. This paper investigates the time to detect an attack using machine learning approaches and proposes a novel approach that applies correlation analysis to reduce the training and testing time of these algorithms. The new approach has been evaluated on Random Forest, Decision Tree, Naïve Bayes, Multi-Layer Perceptron, Artificial Neural Network, Logistic Regression, and Gradient Boost. The findings indicate that the correlation analysis is significantly beneficial in the process of feature engineering, primarily to determine the most relevant features in the MQTT dataset. This is, to the best of our knowledge, the first study on MQTTset that reduces the prediction time for DoS 0.92 (95% CI −0.378, 2.22) reduced to 0.77 (95% CI −0.414, 1.97) and for Malformed 2.92 (95% CI −2.6, 8.44) reduced to 0.49 (95% CI −0.273, 1.25). Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

29 pages, 5921 KiB  
Article
Breaking Alert Fatigue: AI-Assisted SIEM Framework for Effective Incident Response
by Tao Ban, Takeshi Takahashi, Samuel Ndichu and Daisuke Inoue
Appl. Sci. 2023, 13(11), 6610; https://doi.org/10.3390/app13116610 - 29 May 2023
Cited by 3 | Viewed by 2952
Abstract
Contemporary security information and event management (SIEM) solutions struggle to identify critical security incidents effectively due to the overwhelming number of false alerts generated by disparate security products, which results in significant alert fatigue and hinders effective incident response. To overcome this challenge, [...] Read more.
Contemporary security information and event management (SIEM) solutions struggle to identify critical security incidents effectively due to the overwhelming number of false alerts generated by disparate security products, which results in significant alert fatigue and hinders effective incident response. To overcome this challenge, we propose a next-generation SIEM framework that integrates security orchestration automation and response capabilities and utilizes a divide-and-conquer strategy to mitigate the impact of low-quality IDS alerts. The proposed framework leverages advanced machine learning and data visualization tools—including a cost-sensitive learning method and an event segmenting algorithm—to filter and correlate alerts plus an augmented visualization tool to expedite the triage process. The proposed framework was evaluated experimentally on a dataset collected from a real-world enterprise network, and we report highly convincing results. The alert screening scheme demonstrates significant potential for real-world security operations. We believe that our findings will contributing to the development of a next-generation SIEM system that effectively addresses alert fatigue and lays the foundation for future research in this field. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

23 pages, 2658 KiB  
Article
Intrusion Detection Model Based on Improved Transformer
by Yi Liu and Lanjian Wu
Appl. Sci. 2023, 13(10), 6251; https://doi.org/10.3390/app13106251 - 19 May 2023
Cited by 4 | Viewed by 1653
Abstract
This paper proposes an enhanced Transformer-based intrusion detection model to tackle the challenges of lengthy training time, inaccurate detection of overlapping classes, and poor performance in multi-class classification of current intrusion detection models. Specifically, the proposed model includes the following: (i) A data [...] Read more.
This paper proposes an enhanced Transformer-based intrusion detection model to tackle the challenges of lengthy training time, inaccurate detection of overlapping classes, and poor performance in multi-class classification of current intrusion detection models. Specifically, the proposed model includes the following: (i) A data processing strategy that initially reduces the data dimension using a stacked auto-encoder to speed up training. In addition, a novel under-sampling method based on the KNN principle is introduced, along with the Borderline-SMOTE over-sampling method, for hybrid data sampling that balances the dataset while addressing the issue of low detection accuracy in overlapping data classes. (ii) An improved position encoding method for the Transformer model that effectively learns the dependencies between features by embedding the position information of features, resulting in better classification accuracy. (iii) A two-stage learning strategy in which the model first performs rough binary prediction (determining whether it is an illegal intrusion) and then inputs the prediction value and original features together for further multi-class prediction (predicting the intrusion category), addressing the issue of low accuracy in multi-class classification. Experimental results on the official NSL-KDD test set demonstrate that the proposed model achieves an accuracy of 88.7% and an F1-score of 88.2% in binary classification and an accuracy of 84.1% and an F1-score of 83.8% in multi-class classification. Compared to existing intrusion detection models, our model exhibits higher accuracy and F1-score and trains faster than other models. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

26 pages, 2762 KiB  
Article
ATWin: An Improved and Detailed Startup Model of TTP/C
by Tingting Yang, Xudong Sun, Baoyue Yan and Chao Tong
Appl. Sci. 2023, 13(9), 5607; https://doi.org/10.3390/app13095607 - 01 May 2023
Cited by 1 | Viewed by 933
Abstract
TTP/C (Time-Triggered Protocol Class C) is a mainstream communication protocol commonly utilized in cyber–physical systems within the aerospace and automotive industry. Unfortunately, when it comes to the startup model, there are three issues in the standard of TTP/C (namely AS6003). Firstly, AS6003 only [...] Read more.
TTP/C (Time-Triggered Protocol Class C) is a mainstream communication protocol commonly utilized in cyber–physical systems within the aerospace and automotive industry. Unfortunately, when it comes to the startup model, there are three issues in the standard of TTP/C (namely AS6003). Firstly, AS6003 only mentions a high-level specification, which leads to a gap between the standard and its implementation. Secondly, the standard startup model in AS6003 aggressively handles the multi-clique problem by dropping the first valid frame unconditionally without a contention-detecting mechanism, resulting in additional time consumption in some types of contention scenarios. At last, there is lack of the formal verification for the validity of the standard startup model with an arbitrary number of nodes and the formal derivation of its upper bound of startup time. To address these limitations, we propose a detailed and improved startup model named ATWin based on AS6003. It not only bridges the gap between the top-level standard and its implementation by supplementing the undefined details, but it also enhances the efficiency of the startup time by adding a contention-detecting strategy to the standard startup model. The ATWin model is developed as an open-source implementation for TTP/C’s startup. We also formally demonstrate the validity of ATWin and deduce its upper bound of startup time with an arbitrary number of nodes in this paper. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

33 pages, 1387 KiB  
Article
A Machine-Learning-Based Cyberattack Detector for a Cloud-Based SDN Controller
by Alberto Mozo, Amit Karamchandani, Luis de la Cal, Sandra Gómez-Canaval, Antonio Pastor and Lluis Gifre
Appl. Sci. 2023, 13(8), 4914; https://doi.org/10.3390/app13084914 - 13 Apr 2023
Cited by 3 | Viewed by 1852
Abstract
The rapid evolution of network infrastructure through the softwarization of network elements has led to an exponential increase in the attack surface, thereby increasing the complexity of threat protection. In light of this pressing concern, European Telecommunications Standards Institute (ETSI) TeraFlowSDN (TFS), an [...] Read more.
The rapid evolution of network infrastructure through the softwarization of network elements has led to an exponential increase in the attack surface, thereby increasing the complexity of threat protection. In light of this pressing concern, European Telecommunications Standards Institute (ETSI) TeraFlowSDN (TFS), an open-source microservice-based cloud-native Software-Defined Networking (SDN) controller, integrates robust Machine-Learning components to safeguard its network and infrastructure against potential malicious actors. This work presents a comprehensive study of the integration of these Machine-Learning components in a distributed scenario to provide secure end-to-end protection against cyber threats occurring at the packet level of the telecom operator’s Virtual Private Network (VPN) services configured with that feature. To illustrate the effectiveness of this integration, a real-world emerging attack vector (the cryptomining malware attack) is used as a demonstration. Furthermore, to address the pressing challenge of energy consumption in the telecom industry, we harness the full potential of state-of-the-art Green Artificial Intelligence techniques to optimize the size and complexity of Machine-Learning models in order to reduce their energy usage while maintaining their ability to accurately detect potential cyber threats. Additionally, to enhance the integrity and security of TeraFlowSDN’s cybersecurity components, Machine-Learning models are safeguarded from sophisticated adversarial attacks that attempt to deceive them by subtly perturbing input data. To accomplish this goal, Machine-Learning models are retrained with high-quality adversarial examples generated using a Generative Adversarial Network. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

24 pages, 1491 KiB  
Article
Image-Based Malware Detection Using α-Cuts and Binary Visualisation
by Betty Saridou, Isidoros Moulas, Stavros Shiaeles and Basil Papadopoulos
Appl. Sci. 2023, 13(7), 4624; https://doi.org/10.3390/app13074624 - 06 Apr 2023
Cited by 2 | Viewed by 1920
Abstract
Image conversion of malicious binaries, or binary visualisation, is a relevant approach in the security community. Recently, it has exceeded the role of a single-file malware analysis tool and has become a part of Intrusion Detection Systems (IDSs) thanks to the adoption of [...] Read more.
Image conversion of malicious binaries, or binary visualisation, is a relevant approach in the security community. Recently, it has exceeded the role of a single-file malware analysis tool and has become a part of Intrusion Detection Systems (IDSs) thanks to the adoption of Convolutional Neural Networks (CNNs). However, there has been little effort toward image segmentation for the converted images. In this study, we propose a novel method that serves a dual purpose: (a) it enhances colour and pattern segmentation, and (b) it achieves a sparse representation of the images. According to this, we considered the R, G, and B colour values of each pixel as respective fuzzy sets. We then performed α-cuts as a defuzzification method across all pixels of the image, which converted them to sparse matrices of 0s and 1s. Our method was tested on a variety of dataset sizes and evaluated according to the detection rates of hyperparameterised ResNet50 models. Our findings demonstrated that for larger datasets, sparse representations of intelligently coloured binary images can exceed the model performance of unprocessed ones, with 93.60% accuracy, 94.48% precision, 92.60% recall, and 93.53% f-score. This is the first time that α-cuts were used in image processing and according to our results, we believe that they provide an important contribution to image processing for challenging datasets. Overall, it shows that it can become an integrated component of image-based IDS operations and other demanding real-time practices. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

23 pages, 3865 KiB  
Article
MM-ConvBERT-LMS: Detecting Malicious Web Pages via Multi-Modal Learning and Pre-Trained Model
by Xin Tong, Bo Jin, Jingya Wang, Ying Yang, Qiwei Suo and Yong Wu
Appl. Sci. 2023, 13(5), 3327; https://doi.org/10.3390/app13053327 - 06 Mar 2023
Cited by 1 | Viewed by 1755
Abstract
In recent years, the number of malicious web pages has increased dramatically, posing a great challenge to network security. While current machine learning-based detection methods have emerged as a promising alternative to traditional detection techniques. However, these methods are commonly based on single-modal [...] Read more.
In recent years, the number of malicious web pages has increased dramatically, posing a great challenge to network security. While current machine learning-based detection methods have emerged as a promising alternative to traditional detection techniques. However, these methods are commonly based on single-modal features or simple stacking of classifiers built on various features. As a result, these techniques are not capable of effectively fusing features from different modalities, ultimately limiting the detection effectiveness. To address this limitation, we propose a malicious web page detection method based on multi-modal learning and pre-trained models. First, in the input stage, the raw URL and HTML tag sequences of web pages are used as input features. To help the subsequent model learn the relationship between the two modalities and avoid information confusion, modal-type encoding, and positional encoding are introduced. Next, a single-stream neural network based on the ConvBERT pre-trained model is used as the backbone classifier, and it learns the representation of multi-modal features through fine-tuning. For the output part of the model, a linear layer based on large margin softmax is applied to the decision-making. This activation function effectively increases the classification boundary and improves the robustness. In addition, a coarse-grained modal matching loss is added to the model optimization objective to assist the models in learning the cross-modal association features. Experimental results on synthetic datasets show that our proposed method outperforms traditional single-modal detection methods in general, and has advantages over baseline models in terms of accuracy and reliability. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

22 pages, 7590 KiB  
Article
Hierarchical LSTM-Based Network Intrusion Detection System Using Hybrid Classification
by Jonghoo Han and Wooguil Pak
Appl. Sci. 2023, 13(5), 3089; https://doi.org/10.3390/app13053089 - 27 Feb 2023
Cited by 3 | Viewed by 1602
Abstract
Most existing network intrusion detection systems (NIDSs) perform intrusion detection using only a partial packet data of fixed size, but they suffer to increase the detection rate. In this study, in order to find the cause of a limited detection rate, accurate intrusion [...] Read more.
Most existing network intrusion detection systems (NIDSs) perform intrusion detection using only a partial packet data of fixed size, but they suffer to increase the detection rate. In this study, in order to find the cause of a limited detection rate, accurate intrusion detection performance was analyzed by adjusting the amount of information used as features according to the size of the packet and length of the session. The results indicate that the total packet data and all packets in the session should be used for the maximum detection rate. However, existing NIDS cannot be extended to use all packet data of each session because the model could be too large owing to the excessive number of features, hampering realistic training and classification speeds. Therefore, in this paper, we present a novel approach for the classifier of NIDSs. The proposed NIDS can effectively handle the entire packet information using the hierarchical long short-term memory and achieves higher detection accuracy than existing methods. Performance evaluation confirms that detection performance can be greatly improved compared to existing NIDSs that use only partial packet information. The proposed NIDS achieves a detection rate of 95.16% and 99.70% when the existing NIDS show the highest detection rate of 93.49% and 98.31% based on the F1-score using two datasets. The proposed method can improve the limitations of existing NIDS and safeguard the network from malicious users by utilizing information on the entire packet. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

17 pages, 5175 KiB  
Article
Explainable Artificial Intelligence Enabled Intrusion Detection Technique for Secure Cyber-Physical Systems
by Latifah Almuqren, Mashael S. Maashi, Mohammad Alamgeer, Heba Mohsen, Manar Ahmed Hamza and Amgad Atta Abdelmageed
Appl. Sci. 2023, 13(5), 3081; https://doi.org/10.3390/app13053081 - 27 Feb 2023
Cited by 4 | Viewed by 1742
Abstract
A cyber-physical system (CPS) can be referred to as a network of cyber and physical components that communicate with each other in a feedback manner. A CPS is essential for daily activities and approves critical infrastructure as it provides the base for innovative [...] Read more.
A cyber-physical system (CPS) can be referred to as a network of cyber and physical components that communicate with each other in a feedback manner. A CPS is essential for daily activities and approves critical infrastructure as it provides the base for innovative smart devices. The recent advances in the field of explainable artificial intelligence have contributed to the development of robust intrusion detection modes for CPS environments. This study develops an Explainable Artificial Intelligence Enabled Intrusion Detection Technique for Secure Cyber-Physical Systems (XAIID-SCPS). The proposed XAIID-SCPS technique mainly concentrates on the detection and classification of intrusions in the CPS platform. In the XAIID-SCPS technique, a Hybrid Enhanced Glowworm Swarm Optimization (HEGSO) algorithm is applied for feature selection purposes. For intrusion detection, the Improved Elman Neural Network (IENN) model was utilized with an Enhanced Fruitfly Optimization (EFFO) algorithm for parameter optimization. Moreover, the XAIID-SCPS technique integrates the XAI approach LIME for better understanding and explainability of the black-box method for accurate classification of intrusions. The simulation values demonstrate the promising performance of the XAIID-SCPS technique over other approaches with maximum accuracy of 98.87%. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

16 pages, 5132 KiB  
Article
Enhanced Chimp Optimization-Based Feature Selection with Fuzzy Logic-Based Intrusion Detection System in Cloud Environment
by Manal Abdullah Alohali, Muna Elsadig, Fahd N. Al-Wesabi, Mesfer Al Duhayyim, Anwer Mustafa Hilal and Abdelwahed Motwakel
Appl. Sci. 2023, 13(4), 2580; https://doi.org/10.3390/app13042580 - 16 Feb 2023
Cited by 5 | Viewed by 1257
Abstract
Cloud computing (CC) refers to an Internet-based computing technology in which shared resources, such as storage, software, information, and platform, are offered to users on demand. CC is a technology through which virtualized and dynamically scalable resources are presented to users on the [...] Read more.
Cloud computing (CC) refers to an Internet-based computing technology in which shared resources, such as storage, software, information, and platform, are offered to users on demand. CC is a technology through which virtualized and dynamically scalable resources are presented to users on the Internet. Security is highly significant in this on-demand CC. Therefore, this paper presents improved metaheuristics with a fuzzy logic-based intrusion detection system for the cloud security (IMFL-IDSCS) technique. The IMFL-IDSCS technique can identify intrusions in the distributed CC platform and secure it from probable threats. An individual sample of IDS is deployed for every client, and it utilizes an individual controller for data management. In addition, the IMFL-IDSCS technique uses an enhanced chimp optimization algorithm-based feature selection (ECOA-FS) method for choosing optimal features, followed by an adaptive neuro-fuzzy inference system (ANFIS) model enforced to recognize intrusions. Finally, the hybrid jaya shark smell optimization (JSSO) algorithm is used to optimize the membership functions (MFs). A widespread simulation analysis is performed to examine the enhanced outcomes of the IMFL-IDSCS technique. The extensive comparison study reported the enhanced outcomes of the IMFL-IDSCS model with maximum detection efficiency with accuracy of 99.31%, precision of 92.03%, recall of 78.25%, and F-score of 81.80%. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

17 pages, 5092 KiB  
Article
Collaborative Detection of Black Hole and Gray Hole Attacks for Secure Data Communication in VANETs
by Shamim Younas, Faisal Rehman, Tahir Maqsood, Saad Mustafa, Adnan Akhunzada and Abdullah Gani
Appl. Sci. 2022, 12(23), 12448; https://doi.org/10.3390/app122312448 - 05 Dec 2022
Cited by 7 | Viewed by 1841
Abstract
Vehicle ad hoc networks (VANETs) are vital towards the success and comfort of self-driving as well as semi-automobile vehicles. Such vehicles rely heavily on data management and the exchange of Cooperative Awareness Messages (CAMs) for external communication with the environment. VANETs are vulnerable [...] Read more.
Vehicle ad hoc networks (VANETs) are vital towards the success and comfort of self-driving as well as semi-automobile vehicles. Such vehicles rely heavily on data management and the exchange of Cooperative Awareness Messages (CAMs) for external communication with the environment. VANETs are vulnerable to a variety of attacks, including Black Hole, Gray Hole, wormhole, and rush attacks. These attacks are aimed at disrupting traffic between cars and on the roadside. The discovery of Black Hole attack has become an increasingly critical problem due to widespread adoption of autonomous and connected vehicles (ACVs). Due to the critical nature of ACVs, delay or failure of even a single packet can have disastrous effects, leading to accidents. In this work, we present a neural network-based technique for detection and prevention of rushed Black and Gray Hole attacks in vehicular networks. The work also studies novel systematic reactions protecting the vehicle against dangerous behavior. Experimental results show a superior detection rate of the proposed system in comparison with state-of-the-art techniques. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

22 pages, 5986 KiB  
Article
Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework
by Gwanghyun Ahn, Kookjin Kim, Wonhyung Park and Dongkyoo Shin
Appl. Sci. 2022, 12(21), 10761; https://doi.org/10.3390/app122110761 - 24 Oct 2022
Cited by 5 | Viewed by 3435
Abstract
With advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached, and [...] Read more.
With advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached, and inaccurate detection rates for unknown malicious codes are increasing. Thus, this study used a machine learning algorithm to achieve a malicious file detection accuracy of more than 99%, along with a method for visualizing data for the detection of malicious files using the dynamic-analysis-based MITRE ATT&CK framework. The PE malware dataset was classified into Random Forest, Adaboost, and Gradient Boosting models. These models achieved accuracies of 99.3%, 98.4%, and 98.8%, respectively, and malicious file analysis results were derived through visualization by applying the MITRE ATT&CK matrix. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

12 pages, 2187 KiB  
Article
Stylized Pairing for Robust Adversarial Defense
by Dejian Guan, Wentao Zhao and Xiao Liu
Appl. Sci. 2022, 12(18), 9357; https://doi.org/10.3390/app12189357 - 18 Sep 2022
Viewed by 1144
Abstract
Recent studies show that deep neural networks (DNNs)-based object recognition algorithms overly rely on object textures rather than global object shapes, and DNNs are also vulnerable to human-less perceptible adversarial perturbations. Based on these two phenomenons, we conjecture that the preference of DNNs [...] Read more.
Recent studies show that deep neural networks (DNNs)-based object recognition algorithms overly rely on object textures rather than global object shapes, and DNNs are also vulnerable to human-less perceptible adversarial perturbations. Based on these two phenomenons, we conjecture that the preference of DNNs on exploiting object textures for decisions is one of the most important reasons for the existence of adversarial examples. At present, most adversarial defense methods are directly related to adversarial perturbations. In this paper, we propose an adversarial defense method independent of adversarial perturbations, which utilizes a stylized pairing technique to encourage logits for a pair of images and the corresponding stylized image to be similar. With stylized pairing training, DNNs can better learn shape-biased representation. We have empirically evaluated the performance of our method through extensive experiments on CIFAR10, CIFAR100, and ImageNet datasets. Results show that the models with stylized pairing training can significantly improve their performance against adversarial examples. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

17 pages, 4228 KiB  
Article
Evolutionary-Based Deep Stacked Autoencoder for Intrusion Detection in a Cloud-Based Cyber-Physical System
by Mesfer Al Duhayyim, Khalid A. Alissa, Fatma S. Alrayes, Saud S. Alotaibi, ElSayed M. Tag El Din, Amgad Atta Abdelmageed, Ishfaq Yaseen and Abdelwahed Motwakel
Appl. Sci. 2022, 12(14), 6875; https://doi.org/10.3390/app12146875 - 07 Jul 2022
Cited by 6 | Viewed by 1432
Abstract
As cyberattacks develop in volume and complexity, machine learning (ML) was extremely implemented for managing several cybersecurity attacks and malicious performance. The cyber-physical systems (CPSs) combined the calculation with physical procedures. An embedded computer and network monitor and control the physical procedure, commonly [...] Read more.
As cyberattacks develop in volume and complexity, machine learning (ML) was extremely implemented for managing several cybersecurity attacks and malicious performance. The cyber-physical systems (CPSs) combined the calculation with physical procedures. An embedded computer and network monitor and control the physical procedure, commonly with feedback loops whereas physical procedures affect calculations and conversely, at the same time, ML approaches were vulnerable to data pollution attacks. Improving network security and attaining robustness of ML determined network schemes were the critical problems of the growth of CPS. This study develops a new Stochastic Fractal Search Algorithm with Deep Learning Driven Intrusion Detection system (SFSA-DLIDS) for a cloud-based CPS environment. The presented SFSA-DLIDS technique majorly focuses on the recognition and classification of intrusions for accomplishing security from the CPS environment. The presented SFSA-DLIDS approach primarily performs a min-max data normalization approach to convert the input data to a compatible format. In order to reduce a curse of dimensionality, the SFSA technique is applied to select a subset of features. Furthermore, chicken swarm optimization (CSO) with deep stacked auto encoder (DSAE) technique was utilized for the identification and classification of intrusions. The design of a CSO algorithm majorly focuses on the parameter optimization of the DSAE model and thereby enhances the classifier results. The experimental validation of the SFSA-DLIDS model is tested using a series of experiments. The experimental results depict the promising performance of the SFSA-DLIDS model over the recent models. Full article
(This article belongs to the Special Issue Machine Learning for Network Security)
Show Figures

Figure 1

Back to TopTop