Pervasive growth and usage of the Internet and mobile applications have expanded cyberspace. The cyberspace has become more vulnerable to automated and prolonged cyberattacks. Cyber security techniques provide enhancements in security measures to detect and react against cyberattacks. The previously used security systems are no longer sufficient because cybercriminals are smart enough to evade conventional security systems. Conventional security systems lack efficiency in detecting previously unseen and polymorphic security attacks. Machine learning (ML) techniques are playing a vital role in numerous applications of cyber security. However, despite the ongoing success, there are significant challenges in ensuring the trustworthiness of ML systems. There are incentivized malicious adversaries present in the cyberspace that are willing to game and exploit such ML vulnerabilities. This paper aims to provide a comprehensive overview of the challenges that ML techniques face in protecting cyberspace against attacks, by presenting a literature on ML techniques for cyber security including intrusion detection, spam detection, and malware detection on computer networks and mobile networks in the last decade. It also provides brief descriptions of each ML method, frequently used security datasets, essential ML tools, and evaluation metrics to evaluate a classification model. It finally discusses the challenges of using ML techniques in cyber security. This paper provides the latest extensive bibliography and the current trends of ML in cyber security.

/pdf/a-survey-on-machine-learning-techniques-for-cyber-security-i849l0zme0.pdf

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

Multi-dimensional feature fusion and stacking ensemble mechanism for network intrusion detection

A novel IoT network intrusion detection approach based on Adaptive Particle Swarm Optimization Convolutional Neural Network

Automated DDOS attack detection in software defined networking

In recent years, the widespread deployment of the Internet of Things (IoT) applications has contributed to the development of smart cities. A smart city utilizes IoT-enabled technologies, communications and applications to maximize operational efficiency and enhance both the service providers’ quality of services and people’s wellbeing and quality of life. With the growth of smart city networks, however, comes the increased risk of cybersecurity threats and attacks. IoT devices within a smart city network are connected to sensors linked to large cloud servers and are exposed to malicious attacks and threats. Thus, it is important to devise approaches to prevent such attacks and protect IoT devices from failure. In this paper, we explore an attack and anomaly detection technique based on machine learning algorithms (LR, SVM, DT, RF, ANN and KNN) to defend against and mitigate IoT cybersecurity threats in a smart city. Contrary to existing works that have focused on single classifiers, we also explore ensemble methods such as bagging, boosting and stacking to enhance the performance of the detection system. Additionally, we consider an integration of feature selection, cross-validation and multi-class classification for the discussed domain, which has not been well considered in the existing literature. Experimental results with the recent attack dataset demonstrate that the proposed technique can effectively identify cyberattacks and the stacking ensemble model outperforms comparable models in terms of accuracy, precision, recall and F1-Score, implying the promise of stacking in this domain.

/pdf/cyberattacks-detection-in-iot-based-smart-city-applications-12geoyapp7.pdf

Cyberattacks Detection in IoT-Based Smart City Applications Using Machine Learning Techniques.

Building an Efficient Intrusion Detection System Based on Feature Selection and Ensemble Classifier

Cost-effective moving target defense against DDoS attacks using trilateral game and multi-objective Markov decision processes

Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new cost-effective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks.

A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Encryption of network traffic has become an inevitable trend. As an important link to Internet encrypted traffic analysis, encrypted traffic service classification can provide support for the coarse-grained network service traffic management and security supervision. But traditional DPI method cannot be effectively applied in an encrypted traffic environment, and the existing methods based on machine learning have two problems in feature selection. One is the complex feature classification over costing problem, the other is the TLS-1.2 suited method is no longer applicable to TLS-1.3 handshake encryption. To solve these problems, in this paper, we consider the differences among encryption network protocol stacks and propose a method of encrypted traffic service classification combining with capsule neural network in a multi-protocol environment by using multi-PDU lengths as the features, making full use of Markov property between PDU length sequences and being suitable to TLS1.3 environment. The feature makes our method much faster than others in feature extraction. Our control experiments on ISCX VPN-nonVPN dataset show that our method achieves a satisfactory performance (0.9860 Pr, 0.9856 Rc, 0.9855 F1), which is superior to the state-of-the-art methods.

Length Matters: Fast Internet Encrypted Traffic Service Classification based on Multi-PDU Lengths

Software-Defined Networking (SDN) enhances the flexibility and programmability of networks by separating control plane and data plane. The logically centralized control mechanism makes the control plane vulnerable in both single and multiple controller scenarios. Malicious third parties can exploit vulnerabilities of reactive forwarding mode to launch distributed denial-of-service (DDoS) attacks against SDN controllers. Unfortunately, existing DoS/DDoS solutions under single controller can not afford effective performance under multiple controllers due to the absence of cooperative detection and mitigation. To solve the above problem, we propose a blockchain-based SDN-targeted DDoS defense framework (BSD-Guard) that can provide cooperative detection and mitigation mechanism to protect SDN controllers. BSD-Guard introduces a blockchain-based secure middle plane between control plane and data plane. The secure middle plane calculates the suspect rate of new flows based on the collected packets’ information and reports suspect lists to blockchain for immutably storing and sharing. Besides, the smart contract deployed on blockchain in advance constitutes collaborative defense strategies based on the suspect lists reported from multiple SDN domains. When receiving defense strategies, the secure middle plane converts them to specific flow table actions and installs actions into relevant switches. The experimental results indicate that BSD-Guard can efficiently detect DoS/DDoS attacks in multiple controllers scenario and issue precise defensive strategies near the source of attack by identifying the attack path.

/pdf/bsd-guard-a-collaborative-blockchain-based-approach-for-tq5tjd9w.pdf

Yuyang Zhou

Papers

Building an Efficient Intrusion Detection System Based on Feature Selection and Ensemble Classifier

Cost-effective moving target defense against DDoS attacks using trilateral game and multi-objective Markov decision processes

A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Length Matters: Fast Internet Encrypted Traffic Service Classification based on Multi-PDU Lengths

BSD-Guard: A Collaborative Blockchain-Based Approach for Detection and Mitigation of SDN-Targeted DDoS Attacks