Growing Hierarchical Self-organizing Maps and Statistical Distribution Models for Online Detection of Web Attacks

In modern networks, HTTP clients communicate with web servers using request messages. By manipulating these messages attackers can collect confidential information from servers or even corrupt them. In this study, the approach based on anomaly detection is considered to find such attacks. For HTTP queries, feature matrices are obtained by applying an n-gram model, and, by learning on the basis of these matrices, growing hierarchical self-organizing maps are constructed. For HTTP headers, we employ statistical distribution models based on the lengths of header values and relative frequency of symbols. New requests received by the web-server are classified by using the maps and models obtaine…

Analysis of Approaches to Internet Traffic Generation for Cyber Security Research and Exercise

Because of the severe global security threat of malwares, vulnerabilities and attacks against networked systems cyber-security research, training and exercises are required for achieving cyber resilience of organizations. Especially requirement for organizing cyber security exercises has become more and more relevant for companies or government agencies. Cyber security research, training and exercise require closed Internet like environment and generated Internet traffic. JAMK University of Applied Sciences has built a closed Internet-like network called Realistic Global Cyber Environment (RGCE). The traffic generation software for the RGCE is introduced in this paper. This paper describes …

Energy efficient resource allocation in heterogeneous software defined network: A reverse combinatorial auction approach

In this paper, resource allocation for energy effi- ciency in heterogeneous Software Defined Network (SDN) with multiple network service providers (NSPs) is studied. The considered problem is modeled as a reverse combinatorial auction game, which takes different quality of service (QoS) requirements into account. The heterogeneous network selection associated with power allocation problem is optimized by maximizing the energy efficiency of data transmission. By exploiting the properties of fractional programming, the resulting non-convex Winner Determination Problem (WDP) is transformed into an equivalent subtractive convex optimization problem. The proposed reverse combinatorial auction ga…

Detection of Anomalous HTTP Requests Based on Advanced N-gram Model and Clustering Techniques

Nowadays HTTP servers and applications are some of the most popular targets for network attacks. In this research, we consider an algorithm for HTTP intrusions detection based on simple clustering algorithms and advanced processing of HTTP requests which allows the analysis of all queries at once and does not separate them by resource. The method proposed allows detection of HTTP intrusions in case of continuously updated web-applications and does not require a set of HTTP requests free of attacks to build the normal user behaviour model. The algorithm is tested using logs acquired from a large real-life web service and, as a result, all attacks from these logs are detected, while the numbe…

Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol

Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained w…

On Assessing Vulnerabilities of the 5G Networks to Adversarial Examples

The use of artificial intelligence and machine learning is recognized as the key enabler for 5G mobile networks which would allow service providers to tackle the network complexity and ensure security, reliability and allocation of the necessary resources to their customers in a dynamic, robust and trustworthy way. Dependability of the future generation networks on accurate and timely performance of its artificial intelligence components means that disturbance in the functionality of these components may have negative impact on the entire network. As a result, there is an increasing concern about the vulnerability of intelligent machine learning driven frameworks to adversarial effects. In …

Enhanced LMMSE equalizer for high-speed single frequency network in HSDPA

Currently, considerable interest has been shown in the research and standardization communities in multicell transmission schemes for HSPA, with a number of possible schemes under discussion that include Multiflow, Fast Cell Switching (FCS) and High-Speed Single Frequency Network (HS-SFN). In particular, HS-SFN is a promising technique that not only combines received energy from participating cells, but also reduces intercell interference with low UE complexity. In principle, HS-SFN can be implemented with a small modification to an LMMSE receiver at the UE. This paper introduces a more advanced LMMSE equalizer for High-Speed Single Frequency Network in HSDPA that achieves further performan…

Support vector machine integrated with game-theoretic approach and genetic algorithm for the detection and classification of malware

Abstract. —In the modern world, a rapid growth of mali- cious software production has become one of the most signifi- cant threats to the network security. Unfortunately, wides pread signature-based anti-malware strategies can not help to de tect malware unseen previously nor deal with code obfuscation te ch- niques employed by malware designers. In our study, the prob lem of malware detection and classification is solved by applyin g a data-mining-based approach that relies on supervised mach ine- learning. Executable files are presented in the form of byte a nd opcode sequences and n-gram models are employed to extract essential features from these sequences. Feature vectors o btained are…

On Detection of Network-Based Co-residence Verification Attacks in SDN-Driven Clouds

Modern cloud environments allow users to consume computational and storage resources in the form of virtual machines. Even though machines running on the same cloud server are logically isolated from each other, a malicious customer can create various side channels to obtain sensitive information from co-located machines. In this study, we concentrate on timely detection of intentional co-residence attempts in cloud environments that utilize software-defined networking. SDN enables global visibility of the network state which allows the cloud provider to monitor and extract necessary information from each flow in every virtual network in online mode. We analyze the extracted statistics on d…

Data Stream Clustering for Application-Layer DDoS Detection in Encrypted Traffic

Application-layer distributed denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed using legitimate requests from legitimately connected network machines that make these attacks undetectable by signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer, making it even harder to detect an attacker’s activity without decrypting users’ network traffic, and therefore violating their privacy. In this paper, we present a method that allows us to detect various application-l…

On data mining applications in mobile networking and network security

Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic

Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network tr…

On optimal deployment of low power nodes for high frequency next generation wireless systems

Recent development of wireless communication systems and standards is characterized by constant increase of allocated spectrum resources. Since lower frequency ranges cannot provide sufficient amount of bandwidth, new bands are allocated at higher frequencies, for which operators resort to deploy more base stations to ensure the same coverage and to utilize more efficiently higher frequencies spectrum. Striving for deployment flexibility, mobile operators can consider deploying low power nodes that could be either small cells connected via the wired backhaul or relays that utilize the same spectrum and the wireless access technology. However, even though low power nodes provide a greater fl…

On Attacking Future 5G Networks with Adversarial Examples : Survey

The introduction of 5G technology along with the exponential growth in connected devices is expected to cause a challenge for the efficient and reliable network resource allocation. Network providers are now required to dynamically create and deploy multiple services which function under various requirements in different vertical sectors while operating on top of the same physical infrastructure. The recent progress in artificial intelligence and machine learning is theorized to be a potential answer to the arising resource allocation challenges. It is therefore expected that future generation mobile networks will heavily depend on its artificial intelligence components which may result in …

Optimal Relays Deployment for 802.16j Networks

In this paper, we consider optimal relay station deployment for the IEEE 802.16j networks. IEEE 802.16j is an emerging wireless broadband networking standard that integrates infrastructure base stations with multihop relay technology. The proposed relay deployment mechanism allows us to maximize network capacity for every user or to maximize total network capacity, and, therefore, to reach greater network capacity values while employing smaller number of relay stations. With the proposed approach, the necessary number of relays for a region can be found.

Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks

With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology, which allows network engineers and administrators to respond quickly to the changing business requirements. In this paper, we propose an approach for detecting application-layer DDoS attacks in cloud environment with SDN. The algorithm is applied to statistics extracted from…