This survey paper describes a literature review of deep learning (DL) methods for cyber security applications. A short tutorial-style description of each DL method is provided, including deep autoencoders, restricted Boltzmann machines, recurrent neural networks, generative adversarial networks, and several others. Then we discuss how each of the DL methods is used for security applications. We cover a broad array of attack types including malware, spam, insider threats, network intrusions, false data injection, and malicious domain names used by botnets.

https://www.mdpi.com/2078-2489/10/4/122/pdf

A Survey of Deep Learning Methods for Cyber Security

The proliferation in Internet of Things (IoT) devices, which routinely collect sensitive information, is demonstrated by their prominence in our daily lives. Although such devices simplify and automate every day tasks, they also introduce tremendous security flaws. Current insufficient security measures employed to defend smart devices make IoT the “weakest” link to breaking into a secure infrastructure, and therefore an attractive target to attackers. This paper proposes a three layer intrusion detection system (IDS) that uses a supervised approach to detect a range of popular network based cyber-attacks on IoT networks. The system consists of three main functions: 1) classify the type and profile the normal behavior of each IoT device connected to the network; 2) identifies malicious packets on the network when an attack is occurring; and 3) classifies the type of the attack that has been deployed. The system is evaluated within a smart home testbed consisting of eight popular commercially available devices. The effectiveness of the proposed IDS architecture is evaluated by deploying 12 attacks from 4 main network based attack categories, such as denial of service (DoS), man-in-the-middle (MITM)/spoofing, reconnaissance, and replay. Additionally, the system is also evaluated against four scenarios of multistage attacks with complex chains of events. The performance of the system’s three core functions result in an ${F}$ -measure of: 1) 96.2%; 2) 90.0%; and 3) 98.0%. This demonstrates that the proposed architecture can automatically distinguish between IoT devices on the network, whether network activity is malicious or benign, and detect which attack was deployed on which device connected to the network successfully.

/pdf/a-supervised-intrusion-detection-system-for-smart-home-iot-majw4av91v.pdf

A Supervised Intrusion Detection System for Smart Home IoT Devices

The recent growth of the Internet of Things (IoT) has resulted in a rise in IoT based DDoS attacks. This paper presents a solution to the detection of botnet activity within consumer IoT devices and networks. A novel application of Deep Learning is used to develop a detection model based on a Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN). Word Embedding is used for text recognition and conversion of attack packets into tokenised integer format. The developed BLSTM-RNN detection model is compared to a LSTM-RNN for detecting four attack vectors used by the mirai botnet, and evaluated for accuracy and loss. The paper demonstrates that although the bidirectional approach adds overhead to each epoch and increases processing time, it proves to be a better progressive model over time. A labelled dataset was generated as part of this research, and is available upon request.

/pdf/botnet-detection-in-the-internet-of-things-using-deep-46g708gu2o.pdf

Botnet Detection in the Internet of Things using Deep Learning Approaches

The era of artificial neural network (ANN) began with a simplified application in many fields and remarkable success in pattern recognition (PR) even in manufacturing industries. Although significant progress achieved and surveyed in addressing ANN application to PR challenges, nevertheless, some problems are yet to be resolved like whimsical orientation (the unknown path that cannot be accurately calculated due to its directional position). Other problem includes; object classification, location, scaling, neurons behavior analysis in hidden layers, rule, and template matching. Also, the lack of extant literature on the issues associated with ANN application to PR seems to slow down research focus and progress in the field. Hence, there is a need for state-of-the-art in neural networks application to PR to urgently address the above-highlights problems for more successes. The study furnishes readers with a clearer understanding of the current, and new trend in ANN models that effectively addresses PR challenges to enable research focus and topics. Similarly, the comprehensive review reveals the diverse areas of the success of ANN models and their application to PR. In evaluating the performance of ANN models, some statistical indicators for measuring the performance of the ANN model in many studies were adopted. Such as the use of mean absolute percentage error (MAPE), mean absolute error (MAE), root mean squared error (RMSE), and variance of absolute percentage error (VAPE). The result shows that the current ANN models such as GAN, SAE, DBN, RBM, RNN, RBFN, PNN, CNN, SLP, MLP, MLNN, Reservoir computing, and Transformer models are performing excellently in their application to PR tasks. Therefore, the study recommends the research focus on current models and the development of new models concurrently for more successes in the field.

/pdf/comprehensive-review-of-artificial-neural-network-4sb2zr5avn.pdf

Comprehensive Review of Artificial Neural Network Applications to Pattern Recognition

Semi-supervised learning based distributed attack detection framework for IoT

Wireless Sensor Networks (WSNs) have become a key technology for the IoT and despite the obvious benefits, challenges still exist regarding security. As more devices are connected to the internet, new cyber attacks are emerging which join well-known attacks to pose significant threats to the confidentiality, integrity and availability of data in WSNs. In this paper, we investigate two computational intelligence techniques for WSN intrusion detection. A back propagation neural network is compared with a support vector machine classifier. Using the NSL-KDD dataset, detection rates achieved by the two techniques for six cyber attacks are recorded. The results show that both techniques offer a high true positive rate and a low false positive rate, making both good options for intrusion detection. In addition, we further show the support vector machine classifiers suitability for anomaly detection, by demonstrating its ability to handle low sample sizes, whilst maintaining an acceptable FPR rate under the required threshold.

/pdf/investigation-of-computational-intelligence-techniques-for-53bedhl40s.pdf

Investigation of computational intelligence techniques for intrusion detection in wireless sensor networks.

The growth of the Internet of Things (IoT), and demand for low-cost, easy-to-deploy devices, has led to the production of swathes of insecure Internet-connected devices. Many can be exploited and leveraged to perform large-scale attacks on the Internet, such as those seen by the Mirai botnet. This paper presents a cross-sectional study of how users value and perceive security and privacy in smart devices found within the IoT. It analyzes user requirements from IoT devices, and the importance placed upon security and privacy. An experimental setup was used to assess user ability to detect threats, in the context of technical knowledge and experience. It clearly demonstrated that without any clear signs when an IoT device was infected, it was very difficult for consumers to detect and be situationally aware of threats exploiting home networks. It also demonstrated that without adequate presentation of data to users, there is no clear correlation between level of technical knowledge and ability to detect infected devices.

/pdf/evaluating-awareness-and-perception-of-botnet-activity-bec0dpd6j2.pdf

Evaluating awareness and perception of botnet activity within consumer Internet-of-Things (IoT) networks.

An IoT botnet detection model is designed to detect anomalous attack traffic utilised by the mirai botnet malware. The model uses a novel application of Deep Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN), in conjunction with Word Embedding, to convert string data found in captured packets, into a format usable by the BLSTM-RNN. In doing so, this paper presents a solution to the problem of detecting and making consumers situationally aware when their IoT devices are infected, and forms part of a botnet. The proposed model addresses the issue of detection, and returns high accuracy and low loss metrics for four attack vectors used by the mirai botnet malware, with only one attack vector shown to be difficult to detect and predict. A labelled dataset was generated and used for all experiments, to test and validate the accuracy and data loss in the detection model. This dataset is available upon request.

/pdf/towards-situational-awareness-of-botnet-activity-in-the-4pxm2m3e5o.pdf

Towards Situational Awareness of Botnet Activity in the Internet of Things

Advanced Persistent Threats (APT) are highly targeted and sophisticated multi-stage attacks, utilizing zero day or near zero-day malware. Directed at internetworked computer users in the workplace, their growth and prevalence can be attributed to both socio (human) and technical (system weaknesses and inadequate cyber defenses) vulnerabilities. While many APT attacks incorporate a blend of socio-technical vulnerabilities, academic research and reported incidents largely depict the user as the prominent contributing factor that can weaken the layers of technical security in an organization. In this paper, our objective is to explore multiple dimensions of socio factors (non-technical vulnerabilities) that contribute to the success of APT attacks in organizations. Expert interviews were conducted with senior managers, working in government and private organizations in the United Arab Emirates (UAE) over a period of four years (2014 to 2017). Contrary to common belief that socio factors derive predominately from user behavior, our study revealed two new dimensions of socio vulnerabilities, namely the role of organizational management, and environmental factors which also contribute to the success of APT attacks. We show that the three dimensions postulated in this study can assist Managers and IT personnel in organizations to implement an appropriate mix of socio-technical countermeasures for APT threats.

/pdf/dimensions-of-socio-vulnerabilities-of-advanced-persistent-cg5ywhjr40.pdf

Christopher D. McDermott

Papers

Botnet Detection in the Internet of Things using Deep Learning Approaches

Investigation of computational intelligence techniques for intrusion detection in wireless sensor networks.

Evaluating awareness and perception of botnet activity within consumer Internet-of-Things (IoT) networks.

Towards Situational Awareness of Botnet Activity in the Internet of Things

Dimensions of ‘Socio’ Vulnerabilities of Advanced Persistent Threats