DeepReturn: A deep neural network can learn how to detect previously-unseen ROP payloads without using any heuristics

2020 ◽  
Vol 28 (5) ◽  
pp. 499-523
Author(s):  
Xusheng Li ◽  
Zhisheng Hu ◽  
Haizhou Wang ◽  
Yiwei Fu ◽  
Ping Chen ◽  
...  
Keyword(s):  
Neural Network ◽  
Deep Neural Network ◽  
False Positive Rate ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Address Space ◽  
High Detection Rate ◽  
Positive Rate ◽  
In The Wild ◽  
Space Layout

Return-oriented programming (ROP) is a code reuse attack that chains short snippets of existing code to perform arbitrary operations on target machines. Existing detection methods against ROP exhibit unsatisfactory detection accuracy and/or have high runtime overhead. In this paper, we present DeepReturn, which innovatively combines address space layout guided disassembly and deep neural networks to detect ROP payloads. The disassembler treats application input data as code pointers and aims to find any potential gadget chains, which are then classified by a deep neural network as benign or malicious. Our experiments show that DeepReturn has high detection rate (99.3%) and a very low false positive rate (0.01%). DeepReturn successfully detects all of the 100 real-world ROP exploits that are collected in-the-wild, created manually or created by ROP exploit generation tools. DeepReturn is non-intrusive and does not incur any runtime overhead to the protected program.

A Hybrid NIDS Model Using Artificial Neural Network and D-S Evidence

2020 ◽  
pp. 477-488
Author(s):  
Chunlin Lu ◽  
Yue Li ◽  
Mingjie Ma ◽  
Na Li
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Bp Neural Network ◽  
False Positive Rate ◽  
Detection Methods ◽  
Training Time ◽  
Dempster Shafer Theory ◽  
Positive Rate ◽  
Artificial Neural ◽  
Shafer Theory

Artificial Neural Networks (ANNs), especially back-propagation (BP) neural network, can improve the performance of intrusion detection systems. However, for the current network intrusion detection methods, the detection precision, especially for low-frequent attacks, detection stability and training time are still needed to be enhanced. In this paper, a new model which based on optimized BP neural network and Dempster-Shafer theory to solve the above problems and help NIDS to achieve higher detection rate, less false positive rate and stronger stability. The general process of the authors' model is as follows: firstly dividing the main extracted feature into several different feature subsets. Then, based on different feature subsets, different ANN models are trained to build the detection engine. Finally, the D-S evidence theory is employed to integration these results, and obtain the final result. The effectiveness of this method is verified by experimental simulation utilizing KDD Cup1999 dataset.

scholarly journals PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1894
Author(s):  
Chun Guo ◽  
Zihua Song ◽  
Yuan Ping ◽  
Guowei Shen ◽  
Yuhei Cui ◽  
...  
Keyword(s):  
False Positive ◽  
Detection Method ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Remote Access ◽  
Detection Methods ◽  
Security Threats ◽  
True Positive ◽  
Trojan Detection ◽  
Positive Rate

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

scholarly journals Anomaly Detection Using Deep Neural Network for IoT Architecture

2021 ◽  
Vol 11 (15) ◽  
pp. 7050
Author(s):  
Zeeshan Ahmad ◽  
Adnan Shahid Khan ◽  
Kashif Nisar ◽  
Iram Haider ◽  
Rosilah Hassan ◽  
...  
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Anomaly Detection ◽  
Deep Neural Network ◽  
Detection System ◽  
Traffic Monitoring ◽  
Detection Accuracy ◽  
Learning Models ◽  
Prime Concern ◽  
Entry Points

The revolutionary idea of the internet of things (IoT) architecture has gained enormous popularity over the last decade, resulting in an exponential growth in the IoT networks, connected devices, and the data processed therein. Since IoT devices generate and exchange sensitive data over the traditional internet, security has become a prime concern due to the generation of zero-day cyberattacks. A network-based intrusion detection system (NIDS) can provide the much-needed efficient security solution to the IoT network by protecting the network entry points through constant network traffic monitoring. Recent NIDS have a high false alarm rate (FAR) in detecting the anomalies, including the novel and zero-day anomalies. This paper proposes an efficient anomaly detection mechanism using mutual information (MI), considering a deep neural network (DNN) for an IoT network. A comparative analysis of different deep-learning models such as DNN, Convolutional Neural Network, Recurrent Neural Network, and its different variants, such as Gated Recurrent Unit and Long Short-term Memory is performed considering the IoT-Botnet 2020 dataset. Experimental results show the improvement of 0.57–2.6% in terms of the model’s accuracy, while at the same time reducing the FAR by 0.23–7.98% to show the effectiveness of the DNN-based NIDS model compared to the well-known deep learning models. It was also observed that using only the 16–35 best numerical features selected using MI instead of 80 features of the dataset result in almost negligible degradation in the model’s performance but helped in decreasing the overall model’s complexity. In addition, the overall accuracy of the DL-based models is further improved by almost 0.99–3.45% in terms of the detection accuracy considering only the top five categorical and numerical features.

scholarly journals ScoreNet: A neural network-based post-processing model for identifying epileptic seizure onset and offset in EEGs

2020 ◽  
Author(s):  
Poomipat Boonyakitanont ◽  
Apiwat Lek-uthai ◽  
Jitkomut Songsiri
Keyword(s):  
Neural Network ◽  
Epileptic Seizure ◽  
False Positive Rate ◽  
Imbalanced Data ◽  
Detection Algorithm ◽  
Processing Technique ◽  
Post Processing ◽  
Scalp Eeg ◽  
Positive Rate ◽  
Eeg Recordings

AbstractThis article aims to design an automatic detection algorithm of epileptic seizure onsets and offsets in scalp EEGs. A proposed scheme consists of two sequential steps: the detection of seizure episodes, and the determination of seizure onsets and offsets in long EEG recordings. We introduce a neural network-based model called ScoreNet as a post-processing technique to determine the seizure onsets and offsets in EEGs. A cost function called a log-dice loss that has an analogous meaning to F1 is proposed to handle an imbalanced data problem. In combination with several classifiers including random forest, CNN, and logistic regression, the ScoreNet is then verified on the CHB-MIT Scalp EEG database. As a result, in seizure detection, the ScoreNet can significantly improve F1 to 70.15% and can considerably reduce false positive rate per hour to 0.05 on average. In addition, we propose detection delay metric, an effective latency index as a summation of the exponential of delays, that includes undetected events into account. The index can provide a better insight into onset and offset detection than conventional time-based metrics.

scholarly journals RICNN: A ResNet&Inception convolutional neural network for intrusion detection of abnormal traffic

2021 ◽  
pp. 55-55
Author(s):  
Benhui Xia ◽  
Dezhi Han ◽  
Ximing Yin ◽  
Gao Na
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Detection Rate ◽  
Recognition Rate ◽  
Identification Accuracy ◽  
Detection Accuracy ◽  
Traffic Classification ◽  
High Detection Rate ◽  
Network Intrusion

To secure cloud computing and outsourced data while meeting the requirements of automation, many intrusion detection schemes based on deep learn ing are proposed. Though the detection rate of many network intrusion detection solutions can be quite high nowadays, their identification accuracy on imbalanced abnormal network traffic still remains low. Therefore, this paper proposes a ResNet &Inception-based convolutional neural network (RICNN) model to abnormal traffic classification. RICNN can learn more traffic features through the Inception unit, and the degradation problem of the network is eliminated through the direct map ping unit of ResNet, thus the improvement of the model?s generalization ability can be achievable. In addition, to simplify the network, an improved version of RICNN, which makes it possible to reduce the number of parameters that need to be learnt without degrading identification accuracy, is also proposed in this paper. The experimental results on the dataset CICIDS2017 show that RICNN not only achieves an overall accuracy of 99.386% but also has a high detection rate across different categories, especially for small samples. The comparison experiments show that the recognition rate of RICNN outperforms a variety of CNN models and RNN models, and the best detection accuracy can be achieved.

scholarly journals IoT Dataset Validation Using Machine Learning Techniques for Traffic Anomaly Detection

Electronics ◽  
2021 ◽  
Vol 10 (22) ◽  
pp. 2857
Author(s):  
Laura Vigoya ◽  
Diego Fernandez ◽  
Victor Carneiro ◽  
Francisco Nóvoa
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
False Positive Rate ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
High Detection Rate ◽  
Security Vulnerabilities ◽  
Smart Systems ◽  
Learning Techniques ◽  
Positive Rate

With advancements in engineering and science, the application of smart systems is increasing, generating a faster growth of the IoT network traffic. The limitations due to IoT restricted power and computing devices also raise concerns about security vulnerabilities. Machine learning-based techniques have recently gained credibility in a successful application for the detection of network anomalies, including IoT networks. However, machine learning techniques cannot work without representative data. Given the scarcity of IoT datasets, the DAD emerged as an instrument for knowing the behavior of dedicated IoT-MQTT networks. This paper aims to validate the DAD dataset by applying Logistic Regression, Naive Bayes, Random Forest, AdaBoost, and Support Vector Machine to detect traffic anomalies in IoT. To obtain the best results, techniques for handling unbalanced data, feature selection, and grid search for hyperparameter optimization have been used. The experimental results show that the proposed dataset can achieve a high detection rate in all the experiments, providing the best mean accuracy of 0.99 for the tree-based models, with a low false-positive rate, ensuring effective anomaly detection.

scholarly journals Efficient Detection of Large-Scale Multimedia Network Information Data Anomalies Based on the Rule-Extracting Matrix Algorithm

2021 ◽  
Vol 2021 ◽  
pp. 1-7
Author(s):  
Jie Zhao
Keyword(s):  
Large Scale ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Network Information ◽  
Matrix Algorithm ◽  
Efficient Detection ◽  
Sample Data ◽  
Multimedia Social Networks ◽  
Positive Rate ◽  
Rule Extracting

With the continuous development of multimedia social networks, online public opinion information is becoming more and more popular. The rule extraction matrix algorithm can effectively improve the probability of information data to be tested. The network information data abnormality detection is realized through the probability calculation, and the prior probability is calculated, to realize the detection of abnormally high network data. Practical results show that the rule-extracting matrix algorithm can effectively control the false positive rate of sample data, the detection accuracy is improved, and it has efficient detection performance.

scholarly journals An Enhanced Multimedia Video Surveillance Security Using Wavelet Encryption Framework

2020 ◽  
Author(s):  
Velliangiri S
Keyword(s):  
Wavelet Transform ◽  
False Positive Rate ◽  
Digital Data ◽  
Detection Accuracy ◽  
Detection Time ◽  
Arbitrary Permutation ◽  
Secret Keys ◽  
Positive Rate ◽  
Cae System ◽  
Distortion Rate

Multimedia digital data include medical record and financial documents, which are not guaranteed with security. The concerns for security of multimedia digital data is been a widespread issue in the field of cybernetics. With increasing malwares in video payloads, the proposed study aims to reduce the embedding of malwares using Pseudo Arbitrary Permutation based Cellular Automata Encryption (PAP-CAE) System in video payloads. This method reduces the malware attacks and distortion rate by permuting the secret keys with Pseudo arbitrary permutation. Before the application of PAP-CAE, 2D wavelet transform is applied on the multimedia files that compresses the complex files into different scales and position to be transmitted via a network with reduced size. Simultaneously, it performs the process of decryption and decompression to retrieve the original files. The proposed method is evaluated against existing methods to test its efficacy in terms of detection accuracy, detection time of malwares and false positive rate. The result shows that the proposed method is effective against the detection of malwares in multimedia video files.

A Secure Routing Scheme Against Malicious Nodes in Ad Hoc Networks

2018 ◽  
pp. 284-307
Author(s):  
Abdelaziz Amara Korba ◽  
Mohamed Amine Ferrag
Keyword(s):  
Ad Hoc Networks ◽  
Ad Hoc ◽  
False Positive Rate ◽  
Secure Routing ◽  
Malicious Nodes ◽  
High Detection Rate ◽  
Routing Scheme ◽  
Wide Range ◽  
Positive Rate ◽  
Hoc Networks

This chapter proposes a new cluster-based secure routing scheme to detect and prevent intrusions in ad hoc networks. The proposed scheme combines both specification and anomaly detection techniques to provide an accurate detection of wide range of routing attacks. The proposed secure scheme provides an adaptive response mechanism to isolate malicious nodes from the network. A key advantage of the proposed secure scheme is its capacity to prevent wormhole and rushing attacks and its real-time detection of both known and unknown attacks which violate specification. The simulation results show that the proposed scheme shows high detection rate and low false positive rate compared to other security mechanisms.

scholarly journals GroupFound: An effective approach to detect suspicious accounts in online social networks

2017 ◽  
Vol 13 (7) ◽  
pp. 155014771772249 ◽  
Author(s):  
Bo Feng ◽  
Qiang Li ◽  
Xiaowen Pan ◽  
Jiahao Zhang ◽  
Dong Guo
Keyword(s):  
Social Networks ◽  
Online Social Networks ◽  
Social Relationship ◽  
False Positive Rate ◽  
High Detection Rate ◽  
Sina Weibo ◽  
Social Communities ◽  
Positive Rate ◽  
Local Graph ◽  
Relationship Of

Online social networks are an important part of people’s life and also become the platform where spammers use suspicious accounts to spread malicious URLs. In order to detect suspicious accounts in online social networks, researchers make a lot of efforts. Most existing works mainly utilize machine learning based on features. However, once the spammers disguise the key features, the detection method will soon fail. Besides, such methods are unable to cope with the variable and unknown features. The works based on graph mainly use the location and social relationship of spammers, and they need to build a huge social graph, which leads to much computing cost. Thus, it is necessary to propose a lightweight algorithm which is hard to be evaded. In this article, we propose a lightweight algorithm GroupFound, which focuses on the structure of the local graph. As the bi-followers come from different social communities, we divide all accounts into different groups and compute the average number of accounts for these groups. We evaluate GroupFound on Sina Weibo dataset and find an appropriate threshold to identify suspicious accounts. Experimental results have demonstrated that our algorithm can accomplish a high detection rate of [Formula: see text] at a low false positive rate of [Formula: see text].

Sign in / Sign up

Export Citation Format

Share Document