Search Results

The Activity and Event Network (AEN) is a new dynamic knowledge graph that models different network entities and the relationships between them. The graph is generated by processing various network security logs, such as network packets, system logs, and intrusion detection alerts, which allows the graph to capture security-relevant activity and events in the network.…

Hackers on the Internet often send attacking commands through compromised hosts, called stepping-stones, for the purpose to be hidden behind a long interactive communication session. In a stepping-stone attack, an intruder uses a chain of stepping-stones as relay machines and remotely login these machines using a remote login program such as SSH (secure shell). A…

Stepping-stone intrusion has been widely used by professional hackers to launch their attacks. Unfortunately, this important and typical offensive skill has not been taught in most colleges and universities. In this paper, after surveying the most popular detection techniques in stepping-stone intrusion, we develop 10 hands-on labs to enhance student-learning experience in cybersecurity education. The…

Feature selection method applied on an intrusion dataset is used to classify the intrusion data as normal or intrusive. We have made an attempt to detect and classify the intrusion data using rank-based feature selection classifiers. A set of redundant features having null rank value are eliminated then the performance evaluation using various feature selection…

Recently, the number of connected machines around the worldwide has become very large, generating a huge amount of data either to be stored or to be communicated. Data protection is a concern for all institutions, it is difficult to manage the masses of data that are susceptible to multiple threats. In this work, we present…

Every institution nowadays relies on their online system and framework to do businesses. Such procedures need more attention due to the massive amount of attacks that occurs. These procedures have to go first through the management team of the institution, in order to prevent exploits of the attackers. Thus, the risk management can easily control…

Many advances in computer systems and IT infrastructures increases the risks associated with the use of these technologies. Specifically, intrusion into computer systems by unauthorized users is a growing problem and it is very challenging to detect. Intrusion detection technologies are therefore becoming extremely important to improve the overall security of computer systems. In the…

Among the most popular tools in security field is the anomaly based Intrusion Detection System (IDS), it detects intrusions by learning to classify the normal activities of the network. Thus if any abnormal activity or behaviour is recognized it raises an alarm to inform the users of a given network. Nevertheless, IDS is generally susceptible…

In recent years, cyber security has been received interest from several research communities with respect to Intrusion Detection System (IDS). Cyber security is “a fast-growing field demanding a great deal of attention because of remarkable progresses in social networks, cloud and web technologies, online banking, mobile environment, smart grid, etc.” An IDS is a software…

This paper proposes a computationally intelligent algorithm for extracting relevant features from a training set. An optimal subset of features is extracted from training examples of network intrusion datasets. The Support Vector Machine (SVM) algorithm is used as the cost function within the thermal equilibrium loop of the Simulated Annealing (SA) algorithm. The proposed fusion…

In this modern age, information technology (IT) plays a role in a number of different fields. And therefore, the role of security is very important to control and assist the flow of activities over the network. Intrusion detection (ID) is a kind of security management system for computers and networks. There are many approaches and…

This paper is an extension of work originally presented in WITS-2017 CONF. We extend our previous works by improving the Risk calculation formula, and risk assessment of an alert cluster instead of every single alert. Also, we presented the initial results of the implementation of our model based on risk assessment and alerts prioritization. The…

Network security implements various strategies for the identification and prevention of security breaches. Network intrusion detection is a critical component of network management for security, quality of service and other purposes. These systems allow early detection of network intrusion and malicious activities; so that the Network Security infrastructure can react to mitigate these threats. Various…

This paper is an extension of work originally presented in SYSCO CONF.We extend our previous work by presenting the initial results of the implementation of intrusion detection based on risk assessment on cloud computing. The idea focuses on a novel approach for detecting cyber-attacks on the cloud environment by analyzing attacks pattern using risk assessment…

Service-oriented architecture has attracted attention in automotive development. The Automotive Open System Architecture (AUTOSAR) specifies Scalable Service-Oriented Middleware over IP (SOME/IP) as a key middleware for service-oriented communication in-vehicles. However, SOME/IP-based networks are vulnerable to server spoofing during the service discovery phase, enabling attackers to cause man-in-the-middle attacks by impersonating legitimate services. This paper proposes…

The Internet of Things (IoT) is at a face paced growth in the advanced Industrial Revolution (IR) 4.0 in the modern digital world. Considering the current network security challenges and sophistication of attacks in the heavily computerized and interconnected systems, such as an IoT ecosystem, the need for an innovative, robust, intelligent and adaptive malware…

Intrusion detection systems are well known for their ability to detect internal and external intrusions, it usually recognizes intrusions through learning the normal behaviour of users or the normal traffic of activities in the network. So, if any suspicious activity or behaviour is detected, it informs the users of the network. Nonetheless, intrusion detection system…

Wireless Body Area Network (WBAN) aims to monitor patient’s health remotely, by using mini medical sensors that are attached on the human body to collect important data via the wireless network. However, this type of communication is very vulnerable to various types of attacks, poses serious problems to the individual’s life who wears the nodes.…

Anomaly detection aims at identification of suspicious items, observations or events by differing from most of the data. Intrusion Detection, Fault Detection, and Fraud Detection are some of the various applications of Anomaly Detection. The Machine learning classifier algorithms used in these applications would greatly affect the overall efficiency. This work is an extension of…

To implement a new secure network with high mobility and low energy consumption, we use smart sensors. These sensors are powered by micro batteries generally non rechargeable. So, to extend their lifetime, it is necessary to implement new energy conservation techniques. Existing works separate the two features (security, energy conservation) and are interested specifically in…