The popularity of mobile devices has made people's lives more convenient, but threatened people's privacy at the same time. As end users are becoming more and more concerned on the protection of their private information, it is even harder for hackers to track a specific user by using conventional technologies. For example, cookies might be cleared by users regularly. Besides, OS designers have developed a series of measures to cope with tracker. Apple has stopped apps accessing UDIDs, and Android phones use some special permissions to protect IMEI code. However, some recent studies showed that attackers are able to find new ways to get around those limitations, even though these new methods should be improved in order to be practically deployed in large scale. For example, attackers can trace smart phones by using the hardware features resulting from the imperfect manufacturing process of accelerometers. In this paper, we will present another new and more practical method for the adversaries to generate stable and unique device ID stealthily for the smartphone by exploiting the frequency response of the speaker. With carefully selected audio frequencies and special sound wave patterns, we can reduce the impact of non-linear effects and noises, and keep our feature extraction process un-noticeable to phone owners. The extracted feature is not only very stable for a given smart phone, but also unique to that phone. The feature contains rich information, which is even enough to differentiate millions of smart phones of the same model. We have built a prototype to evaluate our method, and the results show that the generated device ID can be used to track users practically.

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound

Open wireless sensor networks (WSNs) in Internet of things (IoT) has led to many zero-day security attacks. Since intrusion detection is a key security solution, this paper presents a lightweight machine learning-based intrusion detection technique with high performance for resource limited IoT wireless networks namely, IoT intrusion detection system (IoTIDS). IoTIDS is based on hybridization of genetic algorithm (GA) and grey wolf optimizer (GWO), termed as GA–GWO. The main aim of the hybrid algorithm for the IoTIDS is to reduce the dimensionality of the huge wireless network traffic through intelligent selecting the most informative traffic features. By hybridizing, we try to eliminate their weaknesses through GA and GWO strengths. The effectiveness of the GA–GWO on IoTIDS is evaluated using AWID (aegean wi-fi intrusion dataset) as a new real-world wireless intrusion dataset, after preprocessing it under different scenarios. The experimental results proved that the proposed GA–GWO individually not only improved the performance of the IoTIDS in terms of computational costs, but it also enabled the IoTIDS to detect ? with high accuracy and low false alarm rate. Furthermore, GA–GWO in comparison to the original GA and GWO and other recent existing methods like FS, weight, and parameter optimization of SVM based on the GA (FWP-SVM-GA) and binary GWO (BGWO) has proven to be more effective.

Hybridizing genetic algorithm and grey wolf optimizer to advance an intelligent and lightweight intrusion detection system for IoT wireless networks

The popularity of mobile device has made people's lives more convenient, but threatened people's privacy at the same time. As end users are becoming more and more concerned on the protection of their private information, it is even harder to track a specific user using conventional technologies. For example, cookies might be cleared by users regularly. Apple has stopped apps accessing UDIDs, and Android phones use some special permission to protect IMEI code. To address this challenge, some recent studies have worked on tracing smart phones using the hardware features resulted from the imperfect manufacturing process. These works have demonstrated that different devices can be differentiated to each other. However, it still has a long way to go in order to replace cookie and be deployed in real world scenarios, especially in terms of properties like uniqueness, robustness, etc. In this paper, we presented a novel method to generate stable and unique device ID stealthy for smartphones by exploiting the frequency response of the speaker. With carefully selected audio frequencies and special sound wave patterns, we can reduce the impacts of non-linear effects and noises, and keep our feature extraction process un-noticeable to users. The extracted feature is not only very stable for a given smart phone speaker, but also unique to that phone. The feature contains rich information that is equivalent to around 40 bits of entropy, which is enough to identify billions of different smart phones of the same model. We have built a prototype to evaluate our method, and the results show that the generated device ID can be used as a replacement of cookie.

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound

Many everyday activities involve the exchange of confidential information through the use of a smartphone in mobility, ie, sending on e-mail, checking bank account, buying on-line, accessing cloud platforms, and health monitoring This demonstrates how security issues related to these operations are a major challenge in our society and in particular in the cyber-security domain This paper focuses on the use of the smartphone intrinsic and physical characteristics as a mean to build a smartphone fingerprint to enable devices identification The basic idea proposed in this paper is to investigate how to generate a specific fingerprint that allows to distinctively and reliably characterize each smartphone In particular, the accelerometer, the gyroscope, the magnetometer, and the audio system (microphone-speaker) are taken into account to build up a composite fingerprint based on a set of their distinctive features Many experiments have been carried out by analyzing different classification methods, diverse features combination configurations, and operative scenarios Satisfactory results have been obtained showing that the combination of such sensors improves smartphone distinctiveness

Smartphone Fingerprinting Combining Features of On-Board Sensors

The increased complexity and interconnectivity of SCADA infrastructure in the power system have exposed it to the multitude of vulnerabilities. There is a growing emphasis towards developing an efficient intrusion detection system (IDS) to strengthen the security of the SCADA control system. This is a research-in-progress paper which presents the application of two anomaly-based intrusion detection systems (AbIDS) in detecting the stealthy cyber-attack on the SCADA control system. We have applied the IDS tools Snort and Bro, in designing the IDS and later, compared their performances in terms of detection rate and latency in the alert packets with a motive of selecting better IDS for the SCADA security. Specifically, the timing-based rule is applied to identify the malicious packets based on the high temporal frequency in the network traffic. For the case study, we have implemented the SCADA based protection scheme which performs an autonomous protection to mitigate the system disturbances. We first implemented the stealthy cyber-attack which compromised the SCADA controller followed by data integrity attack on the system generator. Next, we perform the impact analysis during the attack followed by performance evaluation of IDS tools. Our experimental results show that the IDS tools are efficient in detecting cyber-attacks within an acceptable time frame for different sizes of network packets.

Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment

The lack of publicly available up-to-date datasets contributes to the difficulty in evaluating intrusion detection systems. This paper introduces HIKARI-2021, a dataset that contains encrypted synthetic attacks and benign traffic. This dataset conforms to two requirements: the content requirements, which focus on the produced dataset, and the process requirements, which focus on how the dataset is built. We compile these requirements to enable future dataset developments and we make the HIKARI-2021 dataset, along with the procedures to build it, available for the public.

Generating Network Intrusion Detection Dataset Based on Real and Encrypted Synthetic Attack Traffic

Identification and Tracking of online digital identity has been significant issue around efforts on cyber security. The purpose of this research is to demonstrate how to utilized information being emitted from digital devices carried by suspicious user. In this paper, techniques to identify owner of digital devices connected to the Internet or local network are proposed. Techniques include tracing physical id of network interface, profiling of network traffic pattern of devices, Bluetooth device signals, web browser finger printings, and header information of e-mail messages. Each devices connected to computer network has its own finger print such as physical MAC address, network traffic generated by operating systems and its installed applications thus such information can be applied to identify and track unique digital device. If the device is personal item such as smartphone or personal computer owned by a specific person this information is being able to use to detect and trace location of the person. Each web browser installed on such devices also has its unique characteristics such as version, installed fonts, and difference in its settings, such information can be used to identify a person. E-mail message has significant information in its header, by analyzing messages headers certain amount of information of its sender are extracted. This is also used to detect impersonation of a message sender. By integrating these information obtained through such monitoring activity and related network sensors we are able to identify existence and physical location of a targeted personnel, to monitor their behavior and also we are able to use such data as evidence for law suites. Preservation of privacy is the issued to be considered for such application and this would discuss how to balance between user privacy and traceability of users in certain types of network.

User Identification and Tracking with online device fingerprints fusion

In this paper, we present Genetic Algorithm based optimized feature selections for intrusion detection systems. We used one-point crossover for the Genetic Algorithm parameters instead of two-point crossover used by the previous research as it one-point crossover is faster. For evaluations, we used the NSL-KDD Cup 99 data set and we modified the data set by looking into to the recent attacks, hence making the data set more relevant to the current situations. Several classifiers were used on these data sets and we found that Random Forest gave the best results in terms of the classification rate and the training time. The results also showed that our parameters performed better in these two metrics and the classifications using our optimized features on the modified data sets gave mixed results compared to ones with the original features.

Feature selection using genetic algorithm to improve classification in network intrusion detection system

Masayoshi Mizutani Keio University, Graduate School of Media and Governance 5322 Endo Fujisawa-shi Kanagawa, Japan mizutani@sfc.wide.ad.jp Keiji Takeda Keio University, Faculty of Environment and Information Studies 5322 Endo Fujisawa-shi Kanagawa, Japan keiji@sfc.keio.ac.jp Jun Murai Keio University, Faculty of Environment and Information Studies 5322 Endo Fujisawa-shi Kanagawa, Japan jun@wide.ad.jp

/pdf/behavior-rule-based-intrusion-detection-4v7qrnfko3.pdf

Behavior rule based intrusion detection

Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

/pdf/encrypted-malicious-traffic-detection-based-on-word2vec-1z1h1wto.pdf

Keiji Takeda

Papers

Generating Network Intrusion Detection Dataset Based on Real and Encrypted Synthetic Attack Traffic

User Identification and Tracking with online device fingerprints fusion

Feature selection using genetic algorithm to improve classification in network intrusion detection system

Behavior rule based intrusion detection

Encrypted Malicious Traffic Detection Based on Word2Vec