جستجوی مقالات مرتبط با کلیدواژه « intrusion detection » در نشریات گروه « فناوری اطلاعات »

Intrusion detection systems seek to realize several objectives, such as increasing the true detection rate, reducing the detection time, reducing the computational load, and preserving the resulting logs in such a way that they cannot be manipulated or deleted by unauthorized people. Therefore, this study seeks to solve the challenges by benefiting from the advantages of blockchain technology, its durability, and relying on IDS architecture based on multi-node cooperation. The proposed model is an intrusion detection engine based on the decision tree algorithm implemented in the nodes of the architecture. The architecture consists of several connected nodes on the blockchain platform. The resulting model and logs are stored on the blockchain platform and cannot be manipulated. In addition to the benefits of using blockchain, reduced occupied memory, the speed, and time of transactions are also improved by blockchain. In this research, several evaluation models have been designed for single-node and multi-node architectures on the blockchain platform. Finally, proof of architecture, possible threats to architecture, and defensive ways are explained. The most important advantages of the proposed scheme are the elimination of the single point of failure, maintaining trust between nodes, and ensuring the integrity of the model, and discovered logs.

In recent years, with the advancement of automotive electronics and the development of modern vehicles with the help of embedded systems and portable equipment, in-vehicle networks such as the controller area network (CAN) have faced new security risks. Since the CAN bus lacks security systems such as authentication and encryption to deal with cyber-attacks, the need for an intrusion detection system to detect attacks on the CAN bus seem to be very necessary. In this paper, a deep adversarial neural network (DACNN) is proposed to detect various types of security intrusions in CAN buses. For this purpose, the DACNN method, which is an extension of the CNN method using adversarial learning, detects intrusion in three stages; In the first stage, CNN acts as a feature descriptor and the main features are extracted, and in the second stage, the discriminating classifier classifies these features and finally, the intrusion is detected using the adversarial learning. In order to show the efficiency of the proposed method, a real open source dataset was used in which the CAN network traffic on a real vehicle during message injection attacks is recorded on a real vehicle. The obtained results show that the proposed method performs better than other machine learning methods in terms of false negative rate and error rate, which is less than 0.1% for DoS and drive gear forgery attack and RPM forgery attack while this rate is less than 0.5% for fuzzy attack.

Intrusion detection is followed with special importance in computer systems research and is used to help system security managers to detect intrusion and attack. The importance of anomaly detection is due to the fact that anomalies in data are important information that can be used in a wide range of application areas. Intrusion detection methods are used in many application domains and each domain requires a different method. In this research, a method for improving intrusion detection in computer networks is presented using stream data based on neural network. OeSNN-UAD network is used to present the proposed method and it has input and output layers that produce a candidate output neuron for each new data. The input layer of this network contains GRF and input neurons, which GRFs are used to filter the input data. In the proposed method, the ELM algorithm is used to improve the learning process of the OeSNN-UAD network, and this algorithm has improved the communication between the two layers by being placed between the input and output layers in the OeSNN-UAD network.The simulation of the proposed method was done in MATLAB software. In the first experiment, the effect of ELM in the proposed method was investigated based on the criteria of accuracy, readability, F score, BA, MCC on data classification, and in the second experiment, the effect of the Wsize parameter on the final performance of the proposed method was investigated, and the optimal results It gave a good result.

Fog is a cloud that closes to the ground. The components of fog and cloud complement each other. These components provide mutually beneficial interdependent services for communication, processing, control, and storage across the network. Attacking the fog nodes are as important as attacking the cloud. Since the fog node has more limited resources, it is more targeted by intruders. In addition, fog nodes are more attractive to attackers because they have less computing power and are located closer to the attacker than the cloud. But the key point is that access to limited resources makes it easier to save the fog node because the fog does not have the complexities of the cloud, and it is easy to run an intrusion detection system on it. In this article, focusing on the resource limitation in the fog node, we will invent a method to save the fog node. In the proposed method, the support vector machines (SVMs) technique is used. Among the advantages of using the support vector machine, we can mention not being trapped in local optima, solving the over fitting problem, and ease of working with high-dimensional data. Based on the research, support vector machine is the most widely used machine learning method for Internet of Things security articles in the literature. In this article, in order to conduct tests, according to published global statistics, the most important category of web attacks, i.e. SQL injection attacks, is considered. The average detection accuracy is obtained and the results of the evaluations indicate the acceptable efficiency of the proposed method.

Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review of various studies shows that in order to eliminate vulnerabilities, we need to combine appropriate defense solutions with the distributed Software Defined Network structure. Therefore, in this study, a general classification of the types of defense solutions against the above attack is presented. Then, while classifying the intrusion detection solutions into two threshold and non-threshold categories, we examined some practical examples of the above solutions. We conclude that the threshold of intrusion detection method exacerbates the vulnerability, and we are required to use non-threshold defense solutions with flat distributed software defined network architecture.

Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training,  the result is in production of high volumes of false warnings. On the other hand, the high level of intrusion detection training time will cause a significant delay in the training system. Therefore, in the analysis section of the intrusion detection system, we need to use an algorithm that shows significant performance with the least educational data, hidden Markov model is one of these successful algorithms in this field. This Research also is trying to provide a misuse based intrusion detection solution with the focus of the evolutionary Hidden Markov model, the EHMM, which is designed to overcome the challenges posed. The most important part of hidden Markov model is to adjust the values of the parameters, the more adjusted values, optimal values would be more effective. The hidden Markov model is more likely to predict the probability of future values.  Therefore, it has been trying to end the mail based on the causative analysis of NSL data sets-KDD using evolutionary programming algorithm for hidden Markov model for the optimal parameters and sort of teach it. Then, using it, the types of attacks in the dataset were identified. To evaluate the success rate in improving the accuracy percentage EHMM proposal intrusion detection, MATLAB System simulation environment has been implemented. The results of the investigation show fitted, EHMM plan, the percentage of the average is 87% of intrusion detection (if hidden Markov model is used normal) to over 92% (in the case of the hidden Markov model using evolutionary) increases. Also after training the training data in both methods based on conventional and evolutionary Markov model, the time of the target system for a training data set is approximately two hundred thousand record from  low average of 489 minutes to more than 400 minutes has been dropped in the proposed method. This outcome achievement and making it operational on intrusion detection for the native system, can cause a defensive improvement which can be fitted in front of the other country for hostile cyber.

Despite the tremendous advances in the design of human computation systems, most of them suffer from low or low-quality contributions, and a high percentage of them fail. The success of these systems mostly depends on the behavior of people who participated in the system. Because human computation systems involve small work units, and each work brings little benefit to the participants, humans exhibit desirable behavior if they are well motivated. In this paper, we investigated this issue in the human computation intrusion detection (HCID) system. Our goal is to design a mechanism to get tasks done by experts with the utmost effort and accuracy for the lowest possible cost with a high percentage of participation. After choosing the appropriate motivation, we design the reward incentive mechanism for this system. The idea behind this mechanism was to use worker's skills in determining their rewards, and we used the Kappa coefficient to evaluate worker's agreement. After designing this mechanism, we use game theory to analyze the mechanism and determine the minimum possible reward for each task category. We prevent system failure by encouraging the workers to be high and quality participation. Also, we manage the system's financial resources by allocating the least necessary financial resources to the workers. This mechanism's design leads to an increase in the participants' accuracy and, consequently, to an increase in the human computation intrusion detection system's accuracy in identifying new attacks and reducing their false alert rate.