Search results for "Intrusion Detection"
showing 10 items of 69 documents
New Optimization and Security Approaches to Enhance the Smart Grid Performance and Reliability
2016
International audience; Nowadays, the Smart Grid (SG) is becoming smarter thanks to the integration of different information and communication technologies to enhance the reliability and efficiency of the power grid. However, several issues should be met to ensure high SG performance. Among these issues, we cite the problem of electric vehicles (EVs) integration into the SG to avoid electricity intermittence due to the important load that EVs can create. Another issue is the SG communication network security that can be attempted by malicious intruders in order to create damages and make the power grid instable. In this context, we propose at a first level a Bayesian game-theory model that …
Federated Learning for Zero-Day Attack Detection in 5G and Beyond V2X Networks
2023
Deploying Connected and Automated Vehicles (CAVs) on top of 5G and Beyond networks (5GB) makes them vulnerable to increasing vectors of security and privacy attacks. In this context, a wide range of advanced machine/deep learning-based solutions have been designed to accurately detect security attacks. Specifically, supervised learning techniques have been widely applied to train attack detection models. However, the main limitation of such solutions is their inability to detect attacks different from those seen during the training phase, or new attacks, also called zero-day attacks. Moreover, training the detection model requires significant data collection and labeling, which increases th…
Decision-cache based XACML authorisation and anonymisation for XML documents
2012
Author's version of an article in the journal: Computer Standards and Interfaces. Also available from the publisher at: http://dx.doi.org/10.1016/j.csi.2011.10.007 This paper describes a decision cache for the eXtensible Access Control Markup Language (XACML) that supports fine-grained authorisation and anonymisation of XML based messages and documents down to XML attribute and element level. The decision cache is implemented as an XACML obligation service, where a specification of the XML elements to be authorised and anonymised is sent to the Policy Enforcement Point (PEP) during initial authorisation. Further authorisation of individual XML elements according to the authorisation specifi…
Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets
2021
International audience; With the Internet's unprecedented growth and nations' reliance on computer networks, new cyber‐attacks are created every day as means for achieving financial gain, imposing political agendas, and developing cyberwarfare arsenals. Network security is thus acquiring increasing attention among researchers, practitioners, network architects, policy makers, and others. To defend organizations' networks from existing, foreseen, and future threats, intrusion detection systems (IDSs) are becoming a must. Existing surveys on anomaly‐based IDS (AIDS) focus on specific components such as detection mechanisms and lack many others. In contrast to existing surveys, this article co…
Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context
2010
Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0069-6 The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mob…
A novel method for network intrusion detection based on nonlinear SNE and SVM
2017
In the case of network intrusion detection data, pre-processing techniques have been extensively used to enhance the accuracy of the model. An ideal intrusion detection system (IDS) is one that has appreciable detection capability overall the group of attacks. An open research problem of this area is the lower detection rate for less frequent attacks, which result from the curse of dimensionality and imbalanced class distribution of the benchmark datasets. This work attempts to minimise the effects of imbalanced class distribution by applying random under-sampling of the majority classes and SMOTE-based oversampling of minority classes. In order to alleviate the issue arising from the curse…
Dimensionality reduction framework for detecting anomalies from network logs
2012
Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the security of the services. In this research features are extracted from HTTP query parameters using 2-grams. We propose a framework that uses dimensionality reduction and clustering to identify anomalous behavior. The framework detects intrusions from log data gathered from a real network service. This approach is adaptive, works on the application layer and reduces the number of log lines that needs to be inspected. Furthermore, the traffic can be visualized. peerReviewed
Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system
2016
Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same time it offers many possible attack vectors that can be abused for cyber vandalism, cyber crime, cyber espionage or cyber terrorism. Those threats produce requirements for cyber security situational awareness and intrusion detection capability. This dissertation concentrates on research and development of anomaly-based network intrusion detection system as a sensor for a situational awareness system. In this dissertation, several models of intrusion detection systems are devel…
Large-scale nonlinear dimensionality reduction for network intrusion detection
2017
International audience; Network intrusion detection (NID) is a complex classification problem. In this paper, we combine classification with recent and scalable nonlinear dimensionality reduction (NLDR) methods. Classification and DR are not necessarily adversarial, provided adequate cluster magnification occurring in NLDR methods like $t$-SNE: DR mitigates the curse of dimensionality, while cluster magnification can maintain class separability. We demonstrate experimentally the effectiveness of the approach by analyzing and comparing results on the big KDD99 dataset, using both NLDR quality assessment and classification rate for SVMs and random forests. Since data involves features of mixe…
On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks
2016
Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks ag…