جستجوی مقالات مرتبط با کلیدواژه « intrusion detection » در نشریات گروه « فنی و مهندسی »

Intrusion detection systems seek to realize several objectives, such as increasing the true detection rate, reducing the detection time, reducing the computational load, and preserving the resulting logs in such a way that they cannot be manipulated or deleted by unauthorized people. Therefore, this study seeks to solve the challenges by benefiting from the advantages of blockchain technology, its durability, and relying on IDS architecture based on multi-node cooperation. The proposed model is an intrusion detection engine based on the decision tree algorithm implemented in the nodes of the architecture. The architecture consists of several connected nodes on the blockchain platform. The resulting model and logs are stored on the blockchain platform and cannot be manipulated. In addition to the benefits of using blockchain, reduced occupied memory, the speed, and time of transactions are also improved by blockchain. In this research, several evaluation models have been designed for single-node and multi-node architectures on the blockchain platform. Finally, proof of architecture, possible threats to architecture, and defensive ways are explained. The most important advantages of the proposed scheme are the elimination of the single point of failure, maintaining trust between nodes, and ensuring the integrity of the model, and discovered logs.

In recent years, with the advancement of automotive electronics and the development of modern vehicles with the help of embedded systems and portable equipment, in-vehicle networks such as the controller area network (CAN) have faced new security risks. Since the CAN bus lacks security systems such as authentication and encryption to deal with cyber-attacks, the need for an intrusion detection system to detect attacks on the CAN bus seem to be very necessary. In this paper, a deep adversarial neural network (DACNN) is proposed to detect various types of security intrusions in CAN buses. For this purpose, the DACNN method, which is an extension of the CNN method using adversarial learning, detects intrusion in three stages; In the first stage, CNN acts as a feature descriptor and the main features are extracted, and in the second stage, the discriminating classifier classifies these features and finally, the intrusion is detected using the adversarial learning. In order to show the efficiency of the proposed method, a real open source dataset was used in which the CAN network traffic on a real vehicle during message injection attacks is recorded on a real vehicle. The obtained results show that the proposed method performs better than other machine learning methods in terms of false negative rate and error rate, which is less than 0.1% for DoS and drive gear forgery attack and RPM forgery attack while this rate is less than 0.5% for fuzzy attack.

Intrusion detection is followed with special importance in computer systems research and is used to help system security managers to detect intrusion and attack. The importance of anomaly detection is due to the fact that anomalies in data are important information that can be used in a wide range of application areas. Intrusion detection methods are used in many application domains and each domain requires a different method. In this research, a method for improving intrusion detection in computer networks is presented using stream data based on neural network. OeSNN-UAD network is used to present the proposed method and it has input and output layers that produce a candidate output neuron for each new data. The input layer of this network contains GRF and input neurons, which GRFs are used to filter the input data. In the proposed method, the ELM algorithm is used to improve the learning process of the OeSNN-UAD network, and this algorithm has improved the communication between the two layers by being placed between the input and output layers in the OeSNN-UAD network.The simulation of the proposed method was done in MATLAB software. In the first experiment, the effect of ELM in the proposed method was investigated based on the criteria of accuracy, readability, F score, BA, MCC on data classification, and in the second experiment, the effect of the Wsize parameter on the final performance of the proposed method was investigated, and the optimal results It gave a good result.

With the increase of the network services, the number and complexity of attacks in cyberspace has increased. This problem has made network security as one of the most important challenges in the world of information technology. Intrusion detection systems are used as a very important defense method to detect network attacks, to warn network security admins.This research has proposed a model for multi-class intrusion detection system. In this model, the dragonfly algorithm is used for feature selection and the random forest algorithm is used for classification. for data analysis KDD-99 dataset has been used and the balancing operation was used. The model has been tested with different machine learning and deep learning algorithms then the best algorithm has been selected. The accuracy value in the proposed method is 99.83. The results have been compared with the results of several other studies published in authoritative articles. This comparison shows that the proposed method has a higher accuracy than most other methods.

Fog is a cloud that closes to the ground. The components of fog and cloud complement each other. These components provide mutually beneficial interdependent services for communication, processing, control, and storage across the network. Attacking the fog nodes are as important as attacking the cloud. Since the fog node has more limited resources, it is more targeted by intruders. In addition, fog nodes are more attractive to attackers because they have less computing power and are located closer to the attacker than the cloud. But the key point is that access to limited resources makes it easier to save the fog node because the fog does not have the complexities of the cloud, and it is easy to run an intrusion detection system on it. In this article, focusing on the resource limitation in the fog node, we will invent a method to save the fog node. In the proposed method, the support vector machines (SVMs) technique is used. Among the advantages of using the support vector machine, we can mention not being trapped in local optima, solving the over fitting problem, and ease of working with high-dimensional data. Based on the research, support vector machine is the most widely used machine learning method for Internet of Things security articles in the literature. In this article, in order to conduct tests, according to published global statistics, the most important category of web attacks, i.e. SQL injection attacks, is considered. The average detection accuracy is obtained and the results of the evaluations indicate the acceptable efficiency of the proposed method.

The Internet of Things is an emerging technology that integrates the Internet and physical intelligent objects, objects that cover a wide range of areas such as smart homes and cities, industrial and military processes, human health, business and agriculture. belongs to. IoT technology deepens the presence of Internet-connected devices in our day-to-day operations, bringing many benefits to the quality of life, as well as security-related challenges. Accordingly, IoT security solutions should be developed; Like other networks, IoT intrusion detection systems are the most important security too In the present study, a method is proposed to detect IoT intrusion using game theory. In the proposed method, the attacker security attack game and the behavior of the intrusion detection system in a two-player, non-participatory game are analyzed dynamically and with complete information, and the equilibrium solutions are obtained for specific sub-games. Analysis of best response parameters using game theory and Nash equilibrium definitions indicates the need to use cloud-fog-based IoT intrusion detection systems by providing optimal strategies and reporting maximum attacks by the smart node network. The proposed model.

Resource challenge is one of the existing challenges in intrusion detection systems in internet of things. It includes limited access to resources and also high resource consumption problem. To overcome this challenge, some researches focused on optimized enabling of IDSs. In this way, defender-attacker relation is modeled as a game, using game theory, and then, defender node decides about amount or time of its IDS enabling. However, in previous works, the game consists of one defender and one attacker as players and defender-defender relation is ignored. In this research, we provide a method for modeling intrusion detection in IoT using Partnership game, in which our concern is defender-defender relation. In this method, defender node tries to make best choice about amount of its IDS enabling, considering revenue from securing network, cost from consuming resources, and also other defender nodes behavior in the game. Finally, we demonstrate that using this model, defender nodes can decrease their resource cost, cooperatively and rationally.

Today, the need for anomaly-based intrusion detection systems is felt more than ever due to the emergence of new attacks and the increase in Internet speed. The main criterion for determining the validity of an efficient intrusion detection system is the detection of attacks with high accuracy. In addition to inability of existing systems to manage growing attacks, also they have high rates of positive and negative misdiagnosis. This paper uses the ID3 decision tree features for anomaly-based intrusion detection systems. Two feature selection methods are also used to reduce the amount of used data for the detection and categorization. The KDD Cup99 dataset was used to evaluate the proposed algorithm. The test results show a detection accuracy of 99.89% for the DoS attack and an average accuracy of 94.65% for all attacks using the decision tree, indicating better values ​​than previous tasks.

Challenges in the field of information and communication security are of great interest to researchers. The expansion of network boundaries, the intensification and complexity increase of network security attacks, has amplified the need for intelligent, automated and real-time systems to detect network anomalies and threats. To detect anomalies, network traffic needs to be monitored immediately. The anomaly involves significant and unusual changes in network traffic behavior compared to its normal behavior patterns. In this paper, in order to detect anomalies, a system based on self-organizing multi agent systems is presented. Multi agent systems are made up of agents that interact with each other to achieve a specific goal. These systems are used to solve problems that are difficult for a single agent to solve or integrate. The proposed system architecture is scalable and can adapt to changes in today's networks. The evaluation and analysis of the proposed system in the NSL-KDD dataset shows that the rate of anomalies detection has improved compared to the recently proposed methods. Also, by proposing an algorithm to optimize the agents’ choices and another one for intelligent agents’ decision weighting, the rate of anomaly detection is increased and the time of event analysis is reduced.