Search results for "intrusion detection"

Cyber security of vehicle CAN bus

2019

There are currently many research projects underway concerning the intelligent transport system (ITS), with the intent to develop a variety of communication solutions between vehicles, roadside stations and services. In the near future, the roll-out of 5G networks will improve short-range vehicle-to-vehicle traffic and vehicle-to-infrastructure communications. More extensive services can be introduced due to almost non-delayed response time. Cyber security is central for the usability of the services and, most importantly, for car safety. The Controller Area Network (CAN) is an automation bus that was originally designed for real-time data transfer of distributed control systems to cars. La…

UInDeSI4.0 : An efficient Unsupervised Intrusion Detection System for network traffic flow in Industry 4.0 ecosystem

2023

In an Industry 4.0 ecosystem, all the essential components are digitally interconnected, and automation is integrated for higher productivity. However, it invites the risk of increasing cyber-attacks amid the current cyber explosion. The identification and monitoring of these malicious cyber-attacks and intrusions need efficient threat intelligence techniques or intrusion detection systems (IDSs). Reducing the false positive rate in detecting cyber threats is an important step for a safer and reliable environment in any industrial ecosystem. Available approaches for intrusion detection often suffer from high computational costs due to large number of feature instances. Therefore, this paper…

Intrusion detection applications using knowledge discovery and data mining

2014

An Intrusion Detection System for Fog Computing and IoT based Logistic Systems using a Smart Data Approach

2016

The Internet of Things (IoT) is widely used in advanced logistic systems. Safety and security of such systems are utmost important to guarantee the quality of their services. However, such systems are vulnerable to cyber-attacks. Development of lightweight anomaly based intrusion detection systems (IDS) is one of the key measures to tackle this problem. In this paper, we present a new distributed and lightweight IDS based on an Artificial Immune System (AIS). The IDS is distributed in a three-layered IoT structure including the cloud, fog and edge layers. In the cloud layer, the IDS clusters primary network traffic and trains its detectors. In the fog layer, we take advantage of a smart dat…

Adaptive framework for network traffic classification using dimensionality reduction and clustering

2012

Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting malicious queries or code. However, these attack attempts are often recorded in server logs. Analyzing these logs could be a way to detect intrusions either periodically or in real time. We propose a framework that preprocesses and analyzes these log files. HTTP queries are transformed to numerical matrices using n-gram analysis. The dimensionality of these matrices is reduced using principal component analysis and diffusion map methodology. Abnormal log lines can then …

A Network-Based Framework for Mobile Threat Detection

2018

Mobile malware attacks increased three folds in the past few years and continued to expand with the growing number of mobile users. Adversary uses a variety of evasion techniques to avoid detection by traditional systems, which increase the diversity of malicious applications. Thus, there is a need for an intelligent system that copes with this issue. This paper proposes a machine learning (ML) based framework to counter rapid evolution of mobile threats. This model is based on flow-based features, that will work on the network side. This model is designed with adversarial input in mind. The model uses 40 timebased network flow features, extracted from the real-time traffic of malicious and…

Online anomaly detection using dimensionality reduction techniques for HTTP log analysis

2015

Modern web services face an increasing number of new threats. Logs are collected from almost all web servers, and for this reason analyzing them is beneficial when trying to prevent intrusions. Intrusive behavior often differs from the normal web traffic. This paper proposes a framework to find abnormal behavior from these logs. We compare random projection, principal component analysis and diffusion map for anomaly detection. In addition, the framework has online capabilities. The first two methods have intuitive extensions while diffusion map uses the Nyström extension. This fast out-of-sample extension enables real-time analysis of web server traffic. The framework is demonstrated using …

An Efficient Network Log Anomaly Detection System Using Random Projection Dimensionality Reduction

2014

Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find previously unknown attacks, which is why anomaly detection is needed. However, many new systems are slow and complicated. We propose a log anomaly detection framework which aims to facilitate quick anomaly detection and also provide visualizations of the network traffic structure. The system preprocesses network logs into a numerical data matrix, reduces the dimensionality of this matrix using random projection and uses Mahalanobis distance to find outliers and calculate an a…

Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets

2015

Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast to detrimental the networks and hosts. Due to these reasons real-time monitoring, processing and intrusion detection are now among the key features of NIDS. Traditional types of intrusion detection systems such as signature base IDS are not able detect intrusions with new and complex strategies. Now days, automatic traffic analysis and anomaly intrusion detection became more efficient in field of network security however they suffer from high number of false alarms. Among all …