scholarly journals Bayesian Models Applied to Cyber Security Anomaly Detection Problems

2021 ◽  
Author(s):  
José A. Perusquía ◽  
Jim E. Griffin ◽  
Cristiano Villa
Keyword(s):  
Anomaly Detection ◽  
Cyber Security ◽  
Bayesian Models

scholarly journals Improved Testing of AI-Based Anomaly Detection Systems Using Synthetic Surveillance Data

Proceedings ◽  
2020 ◽  
Vol 59 (1) ◽  
pp. 9
Author(s):  
Antoine Chevrot ◽  
Alexandre Vernotte ◽  
Pierre Bernabe ◽  
Aymeric Cretin ◽  
Fabien Peureux ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Cyber Security ◽  
Surveillance Data ◽  
Automatic Identification ◽  
Identification System ◽  
Surveillance Systems ◽  
Sea Transport ◽  
Detection Model ◽  
Detection Systems ◽  
Anomalous Data

Major transportation surveillance protocols have not been specified with cyber security in mind and therefore provide no encryption nor identification. These issues expose air and sea transport to false data injection attacks (FDIAs), in which an attacker modifies, blocks or emits fake surveillance messages to dupe controllers and surveillance systems. There has been growing interest in conducting research on machine learning-based anomaly detection systems that address these new threats. However, significant amounts of data are needed to achieve meaningful results with this type of model. Raw, genuine data can be obtained from existing databases but need to be preprocessed before being fed to a model. Acquiring anomalous data is another challenge: such data is much too scarce for both the Automatic Dependent Surveillance–Broadcast (ADS-B) and the Automatic Identification System (AIS). Crafting anomalous data by hand, which has been the sole method applied to date, is hardly suitable for broad detection model testing. This paper proposes an approach built upon existing libraries and ideas that offers ML researchers the necessary tools to facilitate the access and processing of genuine data as well as to automatically generate synthetic anomalous surveillance data to constitute broad, elaborated test datasets. We demonstrate the usability of the approach by discussing work in progress that includes the reproduction of related work, creation of relevant datasets and design of advanced anomaly detection models for both domains of application.

scholarly journals Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF-FSM

2017 ◽  
Vol 2017 ◽  
pp. 1-17 ◽  
Author(s):  
Jianxin Xu ◽  
Dongqin Feng
Keyword(s):  
Anomaly Detection ◽  
Cyber Security ◽  
Prototype System ◽  
Sequence Matching ◽  
Industrial Control ◽  
State Sequence ◽  
Detection Approach ◽  
Finite State ◽  
Pair Sequence ◽  
Sequence Signatures

This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Integrated Anomaly Detection for Cyber Security of the Substations

2014 ◽  
Vol 5 (4) ◽  
pp. 1643-1653 ◽  
Author(s):  
Junho Hong ◽  
Chen-Ching Liu ◽  
Manimaran Govindarasu
Keyword(s):  
Anomaly Detection ◽  
Cyber Security

scholarly journals From Static to Dynamic Anomaly Detection With Application to Power System Cyber Security

2020 ◽  
Vol 35 (2) ◽  
pp. 1584-1596 ◽  
Author(s):  
Kaikai Pan ◽  
Peter Palensky ◽  
Peyman Mohajerin Esfahani
Keyword(s):  
Anomaly Detection ◽  
Power System ◽  
Cyber Security

Multilevel Anomaly Detection Through Variational Autoencoders and Bayesian Models for Self-Aware Embodied Agents

2021 ◽  
pp. 1-1
Author(s):  
Giulia Slavic ◽  
Mohamad Baydoun ◽  
Damian Campo ◽  
Lucio Marcenaro ◽  
Carlo Regazzoni
Keyword(s):  
Anomaly Detection ◽  
Bayesian Models ◽  
Embodied Agents

scholarly journals Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-16
Author(s):  
Taimur Bakhshi ◽  
Bogdan Ghita
Keyword(s):  
Deep Learning ◽  
Anomaly Detection ◽  
Cyber Security ◽  
Short Term Memory ◽  
Hybrid Approach ◽  
Training Dataset ◽  
Optimal Time ◽  
Traffic Classification ◽  
Ongoing Research ◽  
Encrypted Traffic

An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.

Sign in / Sign up

Export Citation Format

Share Document