Top PDF Dynamic Model Generation and Classification of Network Attacks

Dynamic Model Generation and Classification of Network Attacks

Dynamic Model Generation and Classification of Network Attacks

When attempting to read malicious network traffic, security analysts are challenged to determine what attacks are happening in the network at any given time. This need to analyze data and attempt to classify the data requires a large amount of manual time and knowledge to be successful. It can also be difficult for the analysts to determine new attacks if the data is unlike anything they have seen before. Because of the ever- changing nature of cyber-attacks, a need exists for an automated system that can read network traffic and determine the types of attacks present in a network. Many existing works for classification of network attacks exist and contain a very similar fundamental problem. This problem is the need either for labeled data, or batches of data. Real network traffic does not contain labels for attack types and is streaming packet by packet. This work proposes a system that reads in streaming malicious network data and classifies the data into attack models while dynamically generating and reevaluating attack models when needed.
Show more

64 Read more

Dynamic Model Generation and Classification of Network Attacks

Dynamic Model Generation and Classification of Network Attacks

When attempting to read malicious network traffic, security analysts are challenged to determine what attacks are happening in the network at any given time. This need to analyze data and attempt to classify the data requires a large amount of manual time and knowledge to be successful. It can also be difficult for the analysts to determine new attacks if the data is unlike anything they have seen before. Because of the ever- changing nature of cyber-attacks, a need exists for an automated system that can read network traffic and determine the types of attacks present in a network. Many existing works for classification of network attacks exist and contain a very similar fundamental problem. This problem is the need either for labeled data, or batches of data. Real network traffic does not contain labels for attack types and is streaming packet by packet. This work proposes a system that reads in streaming malicious network data and classifies the data into attack models while dynamically generating and reevaluating attack models when needed.
Show more

64 Read more

A Threat Model Approach for Classification of Network Layer Attacks in WSN

A Threat Model Approach for Classification of Network Layer Attacks in WSN

Laptop-class attackers may possess powerful hardware such as faster CPU, larger battery, and high-power radio transmitter. Using such specialized hardware allows more broad range of attacks which are difficult to control. Such attacks may be used to run some malicious code and seek to extract secret keys and information from the sensor network and hence disrupt its normal functions. On the other hand, mote-class attackers are constrained to the CPU, power, bandwidth, and range limitations of the used mote platform. In such cases, they have access to a few sensor nodes with similar capabilities, but not much more than this. They may try to jam a radio link, but only in the sensor node's immediate vicinity. However, these attacks are more limited since the attackers try to exploit the network's vulnerabilities using only the sensor's node capabilities. Table 5 briefs out the functions and effects of mote-class or laptop class attacker.
Show more

6 Read more

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

Addressing their captured results, the latency overhead that imposed on each query by using SQLrand is negligible thus it does not sacrifice the performance. Authors in paper [11] proposed a Web Application Vulnerability and Error Scanner (WAVES) as a security assessment tool in order to identify poor coding practices that render web applications vulnerable to attacks such as SQLi and cross-site scripting attacks. A number of software testing techniques such as: dynamic analysis, black-box testing, fault injection, and behaviour monitoring was described and took into account in their implementations. At the end, WAVES was compared with other vulnerability scanner tools where it has been proven as a feasible platform for assessing web application security.
Show more

12 Read more

A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks

A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks

The 500 benign URLs are the real URLs which are the top 500 popular website addresses in the UK while the malicious URLs are generated by adding the SQLi signatures from Table I. into the benign URLs using PHP. The 13,000 URLS, including 500 benign URLs and 12,500 malicious URLs, are then classified into either benign URLs or malicious URLs by using the URL classifier part of the proposed model. The classifier also detects the type of the SQLi for each malicious URL based on the seven popular SQLi attack types form Tbale.2. At the end we train, evaluate, and then test the neural network model using MATLAB [15]. In our implementations, the neural network model has 10 hidden layers, 32 input features, 8 output layer, and 8 output features, Fig. 2. The captured results are as follows.
Show more

11 Read more

Dynamic Agent-Based Network Generation

Dynamic Agent-Based Network Generation

Keywords: Synthetic Network Generation, Agent-based Modeling, Network Dynamic. Abstract: Networks are a very convenient and tractable way to model and represent interactions among entities. For example, they are often used in agent-based models to describe agents’ acquaintances. Yet, data on real-world networks are missing or difficult to gather. Being able to generate synthetic but realistic social networks is thus an important challenge in social simulation. In this article, we provide a very comprehensive and modular agent-based process of network creation. We believe that the complexity of ABM (Agent-Based Models) comes from the overall interactions of entities, but they could be kept very simple for better control over the outcome. The idea is to use an agent-based simulation to generate networks: agent behaviors are rules for the network construction. Because we want the process to be dynamic and resilient to nodes perturbation, we provide a way for behaviors to spread among agents, following the meme basic principle - spreading by imitation. Resulting generated networks are compared to a target network; the system automatically looks at the best behavior distribution to generate this specific target network.
Show more

9 Read more

Web Text Classification Using Genetic Algorithm and a Dynamic Neural Network Model

Web Text Classification Using Genetic Algorithm and a Dynamic Neural Network Model

The general philosophy of the dynamic neural network model is based upon the principle of learning and accumulating knowledge at each layer, propagating and adjusting this knowledge forward to the next layer, and repeating these steps until the desired network performance criteria are reached. As in classical neural networks, the dynamic neural network architecture is composed of an input layer, hidden layers and an output layer. The input layer accepts external data to the model. In dynamic neural network, unlike classical neural networks, the number of hidden layers is not fixed a priori. They are sequentially and dynamically generated until a level of performance accuracy is reached. Additionally, the proposed approach uses a fixed number of hidden nodes (four) in each hidden layer. This structure is not arbitrary, but justified by the estimation approach. At each hidden layer, the network is trained using all observations in the training set simultaneously, so as to minimize a stated training accuracy measure such as mean
Show more

7 Read more

Segmentation and Model Generation for Large-Scale Cyber Attacks

Segmentation and Model Generation for Large-Scale Cyber Attacks

3.4.1 Generic Model Instead of asserting a scalar value, another hypothesis is defined to compete against the empirically-construct attack models during the classification phase. This new hypothesis is denoted the “Generic Model” which intends to fit all behaviors with some modest prob- ability. The feature distributions for the generic model are defined based on prior analysis of the type of traffic considered [9], or based on intuition about the features defined. Figure 3.5 shows the generic model feature distributions used; the protocol, source and destination port, and ICMP-type distributions are drawn from prior analysis performed by Lee, Car- penter, and Brownlee [9]. The protocol distribution reflects a majority of TCP traffic, with more modest amounts of UDP and ICMP traffic. The ICMP-type distribution exhibits a bias for the types used for reconnaissance as described by Tan [16]: echo, echo reply, desti- nation unreachable and time exceeded. The most probable values for the port distributions are composed of commonly exploited services: MySQL server, Windows share, NetBIOS, SSH, etc.
Show more

81 Read more

An Efficient Decision Tree Model for Classification of Attacks with Feature Selection

An Efficient Decision Tree Model for Classification of Attacks with Feature Selection

Application of Internet is increasing rapidly in almost all the domains including online transaction and data communication, due to which cases of attacks are increasing rapidly. Also security of information in victim computer is an important need, which requires a security wall for identification and prevention of attacks in form of intrusion detection system (IDS). Basically Intrusion detection system (IDS) is a classifier that can classify the network data as normal or attack. Our main motive in this piece of research work is to develop a robust binary classifier as an IDS using various decision tree based techniques applied on NSL-KDD data set.
Show more

7 Read more

Neural network approach to problems of static/dynamic classification

Neural network approach to problems of static/dynamic classification

The problem with implementing FIR-MLPs as buffered MLPs is that first layers sub networks must be replicated (with shared weights) and so the complexity is much higher than considering the buffer internal. Therefore, buffered MLP and FIR-MLP are different architectures with regard to a real implementation. The main disadvantage of the buffer approach is the limited past history horizon thereby preventing modelling of arbitrary long time dependencies between inputs and desired outputs. It is also difficult to set the length of the buffer, given a certain application; moreover to have sufficient temporal depth, a long buffer, i.e., a large number of input weights, could be required, usually with a decrease in generalization performance and an increase in the overall computational complexity. In other words, the buffer approach with no feedback has the maximum temporal resolution, at the cost of a low temporal depth. To adaptively balance temporal depth with temporal resolution, another buffer type, called gamma memory, can be adopted, for which the delay operator, used in conventional TDLs, is replaced by a single pole discrete time filter. Gamma memory is a dispersive delay line with dispersion regulated by an adaptable parameter. In addition to these advantages of temporal depth and temporal resolution characteristics, it is known that neural networks with feedback have useful dynamic modelling behaviour. Feedback has been implemented for the first time with the introduction of the so called fully recurrent neural networks (RNN); they are formed by a single layer of neurons fully interconnected with each other, or several such layers. Such RNNs, however, exhibit some well known disadvantages: a large structural complexity (that is too many weights) and a slow and difficult training. As a matter of fact, they are very general architectures which can model a large class of dynamical systems. Nevertheless, on specific problems, simpler dynamic neural networks, which make use of available prior knowledge, can be better. Many efforts have been made with the aim of introducing temporal dynamics into the multilayer perceptron neural model. These efforts have paid in terms of less complex architectures and easier training, with respect to the RNNs. The major difference among the methods developed for the purpose lies in how feedback is included in the network.
Show more

254 Read more

Attentive Temporal Pyramid Network for Dynamic Scene Classification

Attentive Temporal Pyramid Network for Dynamic Scene Classification

To achieve more accurate recognition of dynamic scene, it would be beneficial to fully explore the temporal dynamic information. There are basically two pathways to model temporal clues within CNNs. One way is to explicitly model the video as an ordered sequence of frames based on long short-term memory (LSTM) (Donahue et al. 2015) or gated recurrent unit (GRU) (Chung et al. 2014). These models usu- ally adopt memory cells to store, modify and access internal state so as to discover the long-range sequential informa- tion. Alternatively, another way of capturing the temporal information in CNNs resorts to the two-stream architecture (Simonyan and Zisserman 2014a) which uses both RGB and dense optical flows as the inputs for CNNs. By incorporating these two sources of information, the model encodes both spatial and temporal clues in the two-stream network. De- spite the success of these methods, the computational cost tends to be high, and in addition, indiscriminately using en- tire video frames for modeling will introduce negative ef- fects of irrelevant and noisy frames, thereby compromising the classification performance.
Show more

8 Read more

Switching Model of a Dynamic Social Network

Switching Model of a Dynamic Social Network

Abstract— ECG is one of the most popular fields in biosignals research. One of the popular area in ECG research is automatic Arrhythmia classification. In this paper, we presented an effort to make an Arrhythmia classifier for Android. We use RRI based features and SVM as the classification method. Then we conduct an experiment with three different SVM configuration to see how much improvement can be made by using these configurations. By looking at kappa score as the metrics, the configuration 2 is greatly improve the classifier (169% increase). And by using hyper-parameter tuning we further optimize the classifier as can be seen on result of configuration 3 (10.5% increase).
Show more

6 Read more

Dynamic Bayesian network for semantic place classification in mobile robotics

Dynamic Bayesian network for semantic place classification in mobile robotics

Abstract In this paper, the problem of semantic place cate- gorization in mobile robotics is addressed by considering a time-based probabilistic approach called Dynamic Bayesian Mixture Model (DBMM), which is an improved variation of the Dynamic Bayesian Network (DBN). More specifi- cally, multi-class semantic classification is performed by a DBMM composed of a mixture of heterogeneous base clas- sifiers, using geometrical features computed from 2D laser- scanner data, where the sensor is mounted on-board a mov- ing robot operating indoors. Besides its capability to com- bine different probabilistic classifiers, the DBMM approach also incorporates time-based (dynamic) inferences in the form of previous class-conditional probabilities and priors. Ex- tensive experiments were carried out on publicly available benchmark datasets, highlighting the influence of the num- ber of time-slices and the effect of additive smoothing on the classification performance of the proposed approach. Re- ported results, under different scenarios and conditions, show the effectiveness and competitive performance of the DBMM. Keywords Semantic place recognition · Dynamic Bayesian Network · Artificial intelligence
Show more

11 Read more

EFFECTIVE IMPLEMENTATION OF DYNAMIC CLASSIFICATION FOR NETWORK FORENSIC AND TRAFFIC ANALYSIS

EFFECTIVE IMPLEMENTATION OF DYNAMIC CLASSIFICATION FOR NETWORK FORENSIC AND TRAFFIC ANALYSIS

Snort is an open source tool written in C used as network intrusion prevention as well as the network intrusion detection system developed by Sourcefire. It is having excellent combination of the benefits of signature, protocol, and anomaly-based inspection. The statistics of Snort is huge with millions of downloads and nearly 400,000 registered users. Snort is not only the IDS but it is also used as an IPS (Intrusion Prevention System) for avoidance of any unwanted activity or unauthorized access of the resources. Snort can easily implement the protocol analysis and content investigation with number of other features. The excellent features of the tools includes detection of a variety of attacks and probes such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts and many other.
Show more

16 Read more

Modeling Network Attacks

Modeling Network Attacks

The network construction module includes a visualization of results and an eye to the long-term goal of web-based delivery and competition. The interface takes advantage of modern drag-and-drop and visualization techniques to enable rapid construction and evaluation. Once the hardware of the network has been set up and the links established the user must configure the services provided over the network in support of demands specified in a given scenario. A discrete-event simulation mechanism will model traffic generation and flow through devices and across links. Once the network is built and services established the user will submit their design through a web-based delivery mechanism where it will be subjected to a series of attacks based on the scenario. The system will evaluate the performance of the design by measuring its ability to maintain confidentiality, integrity, and availability of its information against the attacks as described by [10].
Show more

8 Read more

Packet generation and network based attacks with Scapy

Packet generation and network based attacks with Scapy

Packet generation and network based attacks with Scapy.. Philippe BIONDI.[r]

169 Read more

Survey on Classification of Attacks and Security Mechanism in Wireless Network

Survey on Classification of Attacks and Security Mechanism in Wireless Network

Besides, there is considerable cost saving when compared to traditional wired networks. However, organizations should be well prepared to face the problems that come with wireless networks.There may be huge number of mobile user that needs to be revoked in the network anytime due to various reasons, e.g. when any prohibited or exceptional event occurs. Computer and network security aim to provide confidentiality, data integrity, and service availability. Confidentiality prevents untrusted third parties from accessing secure data, and data integrity guarantees that data isn ’ t modified in transit and that replayed packets aren’t accepted as the original. Availability ensures that authorized parties can access data, services, or other computer and network resources when requested. DoS attacks target availability by preventing communication between network devices or by preventing a single device from sending traffic.
Show more

6 Read more

Classification   and  Generation  of  Disturbance  Vectors  for  Collision  Attacks  against  SHA-1

Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1

Abstract. In this paper, we present a deterministic algorithm to produce dis- turbance vectors for collision attacks against SHA-1. We show that all published disturbance vectors can be classified into two types of vectors, type-I and type-II. We define a cost function, close to those described in [9], to evaluate the complexity of a collision attack for a given disturbance vector. Using the classification and the cost function we made an exhaustive search which allowed us to retrieve all known vectors. We also found new vectors which have lower cost. This may lead to the best collision attack against SHA-1, with a theoretical attack complexity of 2 51 hash function calls.
Show more

10 Read more

A Neural Network Based System for Intrusion Detection and Classification of Attacks

A Neural Network Based System for Intrusion Detection and Classification of Attacks

VI. C ONCLUSION AND F UTURE W ORK An approach for a neural network based intrusion detection system, intended to classify the normal and attack patterns and the type of the attack, has been presented in this paper. We applied the early stopping validation method which increased the generalization capability of the neural network and at the same time decreased the training time. It should be mentioned that the long training time of the neural network was mostly due to the huge number of training vectors of computation facilities. However, when the neural network parameters were determined by training, classification of a single record was done in a negligible time. Therefore, the neural network based IDS can operate as an online classifier for the attack types that it has been trained for. The only factor that makes the neural network off-line is the time used for gathering information necessary to compute the features.
Show more

6 Read more

Network Transmission Model: a dynamic traffic model at network level

Network Transmission Model: a dynamic traffic model at network level

The model was applied in a test case in which we analysed to which extent the model could be used to predict the impact of traffic control. In cases without adaptive routing, the model tended to lead to gridlock results. This seems not realistic, and might be due to an unrealistic assumption of static, non-equilibrium routes. The model was capable of reducing the delay based on adaptive routing. Also, the concept of gating was implemented and showed to have an impact on the travel times. Its impact was found to be smaller than optimizing the routing. For further research, in a calibrated system the marginal effects of each of the control concepts needs to be studied. Moreover, future research will develop more ingenious control schemes than the simple rule-based control schemes shown here. A model predictive control scheme seems to fit very well with the Network Transmission Model.
Show more

16 Read more

Show all 10000 documents...