An Energy-Fraud Detection-System Capable of Distinguishing Frauds from Other Energy Flow Anomalies in an Urban Environment

Netzah Calamaro; Yuval Beck; Ran Ben Melech; Doron Shmilovitz

doi:10.3390/su131910696

An Energy-Fraud Detection-System Capable of Distinguishing Frauds from Other Energy Flow Anomalies in an Urban Environment

Sustainability ◽

10.3390/su131910696 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10696

Author(s):

Netzah Calamaro ◽

Yuval Beck ◽

Ran Ben Melech ◽

Doron Shmilovitz

Keyword(s):

Energy Flow ◽

Carbon Dioxide Emissions ◽

Detection System ◽

False Positive Rate ◽

Real Life ◽

Fraud Detection ◽

Real Data ◽

Training Dataset ◽

Specialized Knowledge ◽

Positive Rate

Energy fraud detection bears significantly on urban ecology. Reduced losses and power consumption would affect carbon dioxide emissions and reduce thermal pollution. Fraud detection also provides another layer of urban socio-economic correlation heatmapping and improves city energy distribution. This paper describes a novel algorithm of energy fraud detection, utilizing energy and energy consumption specialized knowledge poured into AI front-end. The proposed algorithm improves fraud detection’s accuracy and reduces the false positive rate, as well as reducing the preliminary required training dataset. The paper also introduces a holistic algorithm, specifying the major phenomena that disguises as energy fraud or affects it. Consequently, a mathematical foundation for energy fraud detection for the proposed algorithm is presented. The results show that a unique pattern is obtained during fraud, which is independent of a reference non-fraud pattern of the same customer. The theory is implemented on real data taken from smart metering systems and validated in real life scenarios.

Download Full-text

IoT Botnet Anomaly Detection Using Unsupervised Deep Learning

Electronics ◽

10.3390/electronics10161876 ◽

2021 ◽

Vol 10 (16) ◽

pp. 1876

Author(s):

Ioana Apostol ◽

Marius Preda ◽

Constantin Nila ◽

Ion Bica

Keyword(s):

Deep Learning ◽

Detection System ◽

False Positive Rate ◽

Empirical Evaluation ◽

Learning Approaches ◽

Promising Alternative ◽

Positive Rate ◽

Unsupervised Deep Learning ◽

Attack Surface ◽

Iot Devices

The Internet of Things has become a cutting-edge technology that is continuously evolving in size, connectivity, and applicability. This ecosystem makes its presence felt in every aspect of our lives, along with all other emerging technologies. Unfortunately, despite the significant benefits brought by the IoT, the increased attack surface built upon it has become more critical than ever. Devices have limited resources and are not typically created with security features. Lately, a trend of botnet threats transitioning to the IoT environment has been observed, and an army of infected IoT devices can expand quickly and be used for effective attacks. Therefore, identifying proper solutions for securing IoT systems is currently an important and challenging research topic. Machine learning-based approaches are a promising alternative, allowing the identification of abnormal behaviors and the detection of attacks. This paper proposes an anomaly-based detection solution that uses unsupervised deep learning techniques to identify IoT botnet activities. An empirical evaluation of the proposed method is conducted on both balanced and unbalanced datasets to assess its threat detection capability. False-positive rate reduction and its impact on the detection system are also analyzed. Furthermore, a comparison with other unsupervised learning approaches is included. The experimental results reveal the performance of the proposed detection method.

Download Full-text

Hybrid Internal Anomaly Detection System for IoT: Reactive Nodes with Cross-Layer Operation

Security and Communication Networks ◽

10.1155/2018/3672698 ◽

2018 ◽

Vol 2018 ◽

pp. 1-15 ◽

Cited By ~ 4

Author(s):

Nanda Kumar Thanigaivelan ◽

Ethiopia Nigussie ◽

Seppo Virtanen ◽

Jouni Isoaho

Keyword(s):

Anomaly Detection ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Security Analysis ◽

Abnormal Behavior ◽

Test Bed ◽

Positive Rate ◽

Parent Node ◽

Anomaly Detection System

We present a hybrid internal anomaly detection system that shares detection tasks between router and nodes. It allows nodes to react instinctively against the anomaly node by enforcing temporary communication ban on it. Each node monitors its own neighbors and if abnormal behavior is detected, the node blocks the packets of the anomaly node at link layer and reports the incident to its parent node. A novel RPL control message, Distress Propagation Object (DPO), is formulated and used for reporting the anomaly and network activities to the parent node and subsequently to the router. The system has configurable profile settings and is able to learn and differentiate between the nodes normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases that are distributed in both the nodes and router, which act on data link and network layers. The system uses network fingerprinting to be aware of changes in network topology and approximate threat locations without any assistance from a positioning subsystem. The developed system was evaluated using test-bed consisting of Zolertia nodes and in-house developed PandaBoard based gateway as well as emulation environment of Cooja. The evaluation revealed that the system has low energy consumption overhead and fast response. The system occupies 3.3 KB of ROM and 0.86 KB of RAM for its operations. Security analysis confirms nodes reaction against abnormal nodes and successful detection of packet flooding, selective forwarding, and clone attacks. The system’s false positive rate evaluation demonstrates that the proposed system exhibited 5% to 10% lower false positive rate compared to simple detection system.

Download Full-text

The Study of the Ontology and Context Verification Based Intrusion Detection Model

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.3338 ◽

2014 ◽

Vol 644-650 ◽

pp. 3338-3341 ◽

Cited By ~ 1

Author(s):

Guang Feng Guo

Keyword(s):

Intrusion Detection ◽

Knowledge Base ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

False Positives ◽

The Real ◽

Detection Model ◽

Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Download Full-text

Association Rule-Mining-Based Intrusion Detection System With Entropy-Based Feature Selection

Handbook of Research on Intelligent Data Processing and Information Security Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-1290-6.ch001 ◽

2020 ◽

pp. 1-24

Author(s):

Devaraju Sellappan ◽

Ramakrishnan Srinivasan

Keyword(s):

Intrusion Detection ◽

Association Rule ◽

Intrusion Detection System ◽

Association Rule Mining ◽

Detection System ◽

False Positive Rate ◽

Rule Mining ◽

Detection Rates ◽

Mining Algorithm ◽

Positive Rate

Intrusion detection system (IDSs) are important to industries and organizations to solve the problems of networks, and various classifiers are used to classify the activity as malicious or normal. Today, the security has become a decisive part of any industrial and organizational information system. This chapter demonstrates an association rule-mining algorithm for detecting various network intrusions. The KDD dataset is used for experimentation. There are three input features classified as basic features, content features, and traffic features. There are several attacks are present in the dataset which are classified into Denial of Service (DoS), Probe, Remote to Local (R2L), and User to Root (U2R). The proposed method gives significant improvement in the detection rates compared with other methods. Association rule mining algorithm is proposed to evaluate the KDD dataset and dynamic data to improve the efficiency, reduce the false positive rate (FPR) and provides less time for processing.

Download Full-text

Gene Selection using a High-Dimensional Regression Model with Microarrays in Cancer Prognostic Studies

Cancer Informatics ◽

10.4137/cin.s9048 ◽

2012 ◽

Vol 11 ◽

pp. CIN.S9048 ◽

Cited By ~ 4

Author(s):

Shuhei Kaneko ◽

Akihiro Hirakawa ◽

Chikuma Hamada

Keyword(s):

False Positive ◽

Cross Validation ◽

Gene Selection ◽

Cox Model ◽

False Positive Rate ◽

Real Data ◽

Tuning Parameter ◽

High Dimensional ◽

Positive Rate ◽

Selection Operator

Mining of gene expression data to identify genes associated with patient survival is an ongoing problem in cancer prognostic studies using microarrays in order to use such genes to achieve more accurate prognoses. The least absolute shrinkage and selection operator (lasso) is often used for gene selection and parameter estimation in high-dimensional microarray data. The lasso shrinks some of the coefficients to zero, and the amount of shrinkage is determined by the tuning parameter, often determined by cross validation. The model determined by this cross validation contains many false positives whose coefficients are actually zero. We propose a method for estimating the false positive rate (FPR) for lasso estimates in a high-dimensional Cox model. We performed a simulation study to examine the precision of the FPR estimate by the proposed method. We applied the proposed method to real data and illustrated the identification of false positive genes.

Download Full-text

A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks

Electronics ◽

10.3390/electronics8111210 ◽

2019 ◽

Vol 8 (11) ◽

pp. 1210 ◽

Cited By ~ 11

Author(s):

Khraisat ◽

Gondal ◽

Vamplew ◽

Kamruzzaman ◽

Alazab

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Support Vector ◽

Detection Accuracy ◽

Lower False Positive Rate ◽

Positive Rate ◽

Iot Devices

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

Download Full-text

Research on Distributed Intrusion Detection Model Based on Information Fusion

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.121-122.528 ◽

2010 ◽

Vol 121-122 ◽

pp. 528-533

Author(s):

Ping Du ◽

Wei Xu

Keyword(s):

Intrusion Detection ◽

Information Fusion ◽

Detection System ◽

False Positive Rate ◽

Prototype System ◽

Security Risk ◽

Source Information ◽

Detection Model ◽

Distributed Intrusion Detection ◽

Positive Rate

The research actuality of Intrusion Detection System(IDS) were analyzed, Due to the defects of IDS such as high positive rate of IDS and incapable of effective detection of dispersed coordinated attacks on the time and space, the ideas of the multi-source information fusion were introduced in the paper, a multi-level IDS reasoning framework and prototype system were presented. The prototype adds analysis engine to the existing IDS Sensor, We used Bayesian Network as a tool for multi-source information fusion, and we used goal-tree to analyze the attempts of coordinated attacks and quantify the security risk of system. Compared to the existing IDS, the prototype is more integrated and more capable in finding coordinated attacks with lower false positive rate.

Download Full-text

Efficient Half Face Detection System Based on Linear Binary Pattern

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8893 ◽

2020 ◽

Vol 17 (5) ◽

pp. 2342-2348

Author(s):

Ashutosh Upadhyay ◽

S. Vijayalakshmi

Keyword(s):

Face Detection ◽

Detection System ◽

False Positive Rate ◽

Computational Cost ◽

Detection Algorithm ◽

Data Set ◽

Computation Cost ◽

Face Features ◽

Positive Rate ◽

The Face

In the field of computer vision, face detection algorithms achieved accuracy to a great extent, but for the real time applications it remains a challenge to maintain the balance between the accuracy and efficiency i.e., to gain accuracy computational cost also increases to deal with the large data sets. This paper, propose half face detection algorithm to address the efficiency of the face detection algorithm. The full face detection algorithm consider complete face data set for training which incur more computation cost. To reduce the computation cost, proposed model captures the features of the half of the face by assuming that the human face is symmetric about the vertical axis passing through the nose and train the system using reduced half face features. The proposed algorithm extracts Linear Binary Pattern (LBP) features and train model using adaboost classifier. Algorithm performance is presented in terms of the accuracy i.e., True Positive Rate (TPR), False Positive Rate (FTR) and face recognition time complexity.

Download Full-text

A fast mrMLM algorithm for multi-locus genome-wide association studies

10.1101/341784 ◽

2018 ◽

Cited By ~ 23

Author(s):

Cox Lwaka Tamba ◽

Yuan-Ming Zhang

Keyword(s):

False Positive ◽

Statistical Power ◽

Association Studies ◽

False Positive Rate ◽

Real Data ◽

High Accuracy ◽

Genome Wide Association ◽

Genome Wide Association Studies ◽

Genome Wide ◽

Positive Rate

AbstractBackgroundRecent developments in technology result in the generation of big data. In genome-wide association studies (GWAS), we can get tens of million SNPs that need to be tested for association with a trait of interest. Indeed, this poses a great computational challenge. There is a need for developing fast algorithms in GWAS methodologies. These algorithms must ensure high power in QTN detection, high accuracy in QTN estimation and low false positive rate.ResultsHere, we accelerated mrMLM algorithm by using GEMMA idea, matrix transformations and identities. The target functions and derivatives in vector/matrix forms for each marker scanning are transformed into some simple forms that are easy and efficient to evaluate during each optimization step. All potentially associated QTNs with P-values ≤ 0.01 are evaluated in a multi-locus model by LARS algorithm and/or EM-Empirical Bayes. We call the algorithm FASTmrMLM. Numerical simulation studies and real data analysis validated the FASTmrMLM. FASTmrMLM reduces the running time in mrMLM by more than 50%. FASTmrMLM also shows high statistical power in QTN detection, high accuracy in QTN estimation and low false positive rate as compared to GEMMA, FarmCPU and mrMLM. Real data analysis shows that FASTmrMLM was able to detect more previously reported genes than all the other methods: GEMMA/EMMA, FarmCPU and mrMLM.ConclusionsFASTmrMLM is a fast and reliable algorithm in multi-locus GWAS and ensures high statistical power, high accuracy of estimates and low false positive rate.Author SummaryThe current developments in technology result in the generation of a vast amount of data. In genome-wide association studies, we can get tens of million markers that need to be tested for association with a trait of interest. Due to the computational challenge faced, we developed a fast algorithm for genome-wide association studies. Our approach is a two stage method. In the first step, we used matrix transformations and identities to quicken the testing of each random marker effect. The target functions and derivatives which are in vector/matrix forms for each marker scanning are transformed into some simple forms that are easy and efficient to evaluate during each optimization step. In the second step, we selected all potentially associated SNPs and evaluated them in a multi-locus model. From simulation studies, our algorithm significantly reduces the computing time. The new method also shows high statistical power in detecting significant markers, high accuracy in marker effect estimation and low false positive rate. We also used the new method to identify relevant genes in real data analysis. We recommend our approach as a fast and reliable method for carrying out a multi-locus genome-wide association study.

Download Full-text

IDSFS: A Signature Based Intrusion Detection System with High Pertinent Feature Selection Method

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2019.8.2.2145 ◽

2019 ◽

Vol 8 (2) ◽

pp. 25-31

Author(s):

S. Latha ◽

Sinthu Janita Prakash

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Feature Selection Method ◽

Selection Method ◽

Positive Rate ◽

Frame Work ◽

Pertinent Feature

Securing a network from the attackers is a challenging task at present as many users involve in variety of computer networks. To protect any individual host in a network or the entire network, some security system must be implemented. In this case, the Intrusion Detection System (IDS) is essential to protect the network from the intruders. The IDS have to deal with a lot of network packets with different characteristics. A signature-based IDS is a potential tool to understand former attacks and to define suitable method to conquest it in variety of applications. This research article elucidates the objective of IDS with a mechanism which combines the network and host-based IDS. The benchmark dataset for DARPA is considered to generate the IDS mechanism. In this paper, a frame work IDSFS – a signature-based IDS with high pertinent feature selection method is framed. This frame work consists of earlier proposed Feature Selection method (HPFSM), Artificial Neural Network for classification of nodes or packets in the network, then the signatures or attack rules are configured by implementing Association Rule mining algorithm and finally the rules are restructured using a pattern matching algorithm-Aho-Corasick to ease the rule checking. The metrics like number of features, classification accuracy, False Positive Rate (FPR), Precision, Number of rules, Running Time and Memory consumption are checked and proved the proposed frame work’s efficiency.

Download Full-text