There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality.

Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

I and i

http://user.it.uu.se/~jarst116/slides/week4.pdf

Graph-Based Algorithms for Boolean Function Manipulation

Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyberattacks at the network-level and the host-level in a timely and automatic manner. However, many challenges arise since malicious attacks are continually changing and are occurring in very large volumes requiring a scalable solution. There are different malware datasets available publicly for further research by cyber security community. However, no existing study has shown the detailed analysis of the performance of various machine learning algorithms on various publicly available datasets. Due to the dynamic nature of malware with continuously changing attacking methods, the malware datasets available publicly are to be updated systematically and benchmarked. In this paper, a deep neural network (DNN), a type of deep learning model, is explored to develop a flexible and effective IDS to detect and classify unforeseen and unpredictable cyberattacks. The continuous change in network behavior and rapid evolution of attacks makes it necessary to evaluate various datasets which are generated over the years through static and dynamic approaches. This type of study facilitates to identify the best algorithm which can effectively work in detecting future cyberattacks. A comprehensive evaluation of experiments of DNNs and other classical machine learning classifiers are shown on various publicly available benchmark malware datasets. The optimal network parameters and network topologies for DNNs are chosen through the following hyperparameter selection methods with KDDCup 99 dataset. All the experiments of DNNs are run till 1,000 epochs with the learning rate varying in the range [0.01-0.5]. The DNN model which performed well on KDDCup 99 is applied on other datasets, such as NSL-KDD, UNSW-NB15, Kyoto, WSN-DS, and CICIDS 2017, to conduct the benchmark. Our DNN model learns the abstract and high-dimensional feature representation of the IDS data by passing them into many hidden layers. Through a rigorous experimental testing, it is confirmed that DNNs perform well in comparison with the classical machine learning classifiers. Finally, we propose a highly scalable and hybrid DNNs framework called scale-hybrid-IDS-AlertNet which can be used in real-time to effectively monitor the network traffic and host-level events to proactively alert possible cyberattacks.

/pdf/deep-learning-approach-for-intelligent-intrusion-detection-19gksnoeyl.pdf

Deep Learning Approach for Intelligent Intrusion Detection System

Pattern recognition

This paper presents algorithms for the automatic synthesis of real-time controllers by finding a winning strategy for certain games defined by the timed-automata of Alur and Dill. In such games, the outcome depends on the players' actions as well as on their timing. We believe that these results will pave the way for the application of program synthesis techniques to the construction of real-time embedded systems from their specifications.

On the synthesis of discrete controllers for timed systems

Anomaly based Intrusion Detection Systems (IDSs) are known to achieve high accuracy and detection rate. However, a significant computational overhead is incurred in training and deploying them. In this paper, we aim to address this issue by proposing a simple Artificial Neural Network (ANN) based IDS model. The proposed IDS model uses the feed forward and the back propagation algorithms along with various other optimization techniques to minimize the overall computational overhead, while at the same time maintain a high performance level. Experimental results on the benchmark NSL-KDD dataset shows that the performance (accuracy and detection rate) of the proposed ANN based IDS model is at par and in some cases even better than other IDS models. Owing to its high performance and low computational overhead, the proposed ANN based IDS model is a suitable candidate for real time deployment and intrusion detection analysis.

A Neural Network based system for Intrusion Detection and attack classification

A game theory based multi layered intrusion detection framework for VANET

/pdf/intrusion-detection-in-mobile-ad-hoc-networks-bayesian-game-3h1j6namv0.pdf

Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation

Address Resolution Protocol (ARP) is used for determining the link layer or Medium Access Control (MAC) address of a network host, given its Internet Layer (IP) or Network Layer address. ARP is a stateless protocol and any IP-MAC pairing sent by a host is accepted without verification. This weakness in the ARP may be exploited by malicious hosts in a Local Area Network (LAN) by spoofing IP-MAC pairs. Several schemes have been proposed in the literature to circumvent these attacks; however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose a Discrete Event System (DES) approach for Intrusion Detection System (IDS) for LAN specific attacks which do not require any extra constraint like static IP-MAC, changing the ARP etc. A DES model is built for the LAN under both a normal and compromised (i.e., spoofed request/response) situation based on the sequences of ARP related packets. Sequences of ARP events in normal and spoofed scenarios are similar thereby rendering the same DES models for both the cases. To create different ARP events under normal and spoofed conditions the proposed technique uses active ARP probing. However, this probing adds extra ARP traffic in the LAN. Following that a DES detector is built to determine from observed ARP related events, whether the LAN is operating under a normal or compromised situation. The scheme also minimizes extra ARP traffic by probing the source IP-MAC pair of only those ARP packets which are yet to be determined as genuine/spoofed by the detector. Also, spoofed IP-MAC pairs determined by the detector are stored in tables to detect other LAN attacks triggered by spoofing namely, man-in-the-middle (MiTM), denial of service etc. The scheme is successfully validated in a test bed.

https://www.iiti.ac.in/people/~neminath/Papers/ISA.pdf

LAN attack detection using Discrete Event Systems

Anomaly based Intrusion Detection Systems (IDSs) are capable of detecting wide range of network attacks. However, they are characterized by high computational overhead due to large number of redundant or highly correlated features in the input data being analyzed by them. In this paper, we propose a model to minimize the computational overhead of anomaly based IDSs through dimensionality reduction technique called Principal Component Analysis (PCA). PCA reduces the high dimensional data using the dependencies between the input features to represent it in a more tractable, lower dimensional form, without losing any significant information contained in the original data. Experimental results on the benchmark NSL-KDD dataset shows that applying PCA can significantly reduce the dimensionality of the data being processed by anomaly based IDSs and thereby minimize their computational overhead without adversely affecting their performances.

Santosh Biswas

Papers

A Neural Network based system for Intrusion Detection and attack classification

A game theory based multi layered intrusion detection framework for VANET

Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation

LAN attack detection using Discrete Event Systems

Enhancing performance of anomaly based intrusion detection systems through dimensionality reduction using principal component analysis