-
Non-invasive Diver Respiration Rate Monitoring in Hyperbaric Lifeboat Environments using Short-Range Radar
Authors:
Mikolaj Czerkawski,
Fraser Stewart,
Christos Ilioudis,
Craig Michie,
Ivan Andonovic,
Robert Atkinson,
Maurice Coull,
Donald Sandilands,
Gareth Kerr,
Carmine Clemente,
Christos Tachtatzis
Abstract:
The monitoring of diver health during emergency events is crucial to ensuring the safety of personnel. A non-invasive system continuously providing a measure of the respiration rate of individual divers is exceedingly beneficial in this context. The paper reports on the application of short-range radar to record the respiration rate of divers within hyperbaric lifeboat environments. Results demons…
▽ More
The monitoring of diver health during emergency events is crucial to ensuring the safety of personnel. A non-invasive system continuously providing a measure of the respiration rate of individual divers is exceedingly beneficial in this context. The paper reports on the application of short-range radar to record the respiration rate of divers within hyperbaric lifeboat environments. Results demonstrate that the respiratory motion can be extracted from the radar return signal applying routine signal processing. Further, evidence is provided that the radar-based approach yields a more accurate measure of respiration rate than an audio signal from a headset microphone. The system promotes an improvement in evacuation protocols under critical operational scenarios.
△ Less
Submitted 15 April, 2024;
originally announced April 2024.
-
Detecting Cloud Presence in Satellite Images Using the RGB-based CLIP Vision-Language Model
Authors:
Mikolaj Czerkawski,
Robert Atkinson,
Christos Tachtatzis
Abstract:
This work explores capabilities of the pre-trained CLIP vision-language model to identify satellite images affected by clouds. Several approaches to using the model to perform cloud presence detection are proposed and evaluated, including a purely zero-shot operation with text prompts and several fine-tuning approaches. Furthermore, the transferability of the methods across different datasets and…
▽ More
This work explores capabilities of the pre-trained CLIP vision-language model to identify satellite images affected by clouds. Several approaches to using the model to perform cloud presence detection are proposed and evaluated, including a purely zero-shot operation with text prompts and several fine-tuning approaches. Furthermore, the transferability of the methods across different datasets and sensor types (Sentinel-2 and Landsat-8) is tested. The results that CLIP can achieve non-trivial performance on the cloud presence detection task with apparent capability to generalise across sensing modalities and sensing bands. It is also found that a low-cost fine-tuning stage leads to a strong increase in true negative rate. The results demonstrate that the representations learned by the CLIP model can be useful for satellite image processing tasks involving clouds.
△ Less
Submitted 1 August, 2023;
originally announced August 2023.
-
SANA: Cross-Species Prediction of Gene Ontology GO Annotations via Topological Network Alignment
Authors:
Siyue Wang,
Giles R. S. Atkinson,
Wayne B. Hayes
Abstract:
Topological network alignment aims to align two networks node-wise in order to maximize the observed common connection (edge) topology between them. The topological alignment of two Protein-Protein Interaction (PPI) networks should thus expose protein pairs with similar interaction partners allowing, for example, the prediction of common Gene Ontology (GO) terms. Unfortunately, no network alignmen…
▽ More
Topological network alignment aims to align two networks node-wise in order to maximize the observed common connection (edge) topology between them. The topological alignment of two Protein-Protein Interaction (PPI) networks should thus expose protein pairs with similar interaction partners allowing, for example, the prediction of common Gene Ontology (GO) terms. Unfortunately, no network alignment algorithm based on topology alone has been able to achieve this aim, though those that include sequence similarity have seen some success. We argue that this failure of topology alone is due to the sparsity and incompleteness of the PPI network data of almost all species, which provides the network topology with a small signal-to-noise ratio that is effectively swamped when sequence information is added to the mix. Here we show that the weak signal can be detected using multiple stochastic samples of "good" topological network alignments, which allows us to observe regions of the two networks that are robustly aligned across multiple samples. The resulting Network Alignment Frequency (NAF) strongly correlates with GO-based Resnik semantic similarity and enables the first successful cross-species predictions of GO terms based on topology-only network alignments. Our best predictions have an AUPR of about 0.4, which is competitive with state-of-the-art algorithms, even when there is no observable sequence similarity and no known homology relationship. While our results provide only a "proof of concept" on existing network data, we hypothesize that predicting GO terms from topology-only network alignments will become increasingly practical as the volume and quality of PPI network data increase.
△ Less
Submitted 26 April, 2022;
originally announced April 2022.
-
Neural Weight Step Video Compression
Authors:
Mikolaj Czerkawski,
Javier Cardona,
Robert Atkinson,
Craig Michie,
Ivan Andonovic,
Carmine Clemente,
Christos Tachtatzis
Abstract:
A variety of compression methods based on encoding images as weights of a neural network have been recently proposed. Yet, the potential of similar approaches for video compression remains unexplored. In this work, we suggest a set of experiments for testing the feasibility of compressing video using two architectural paradigms, coordinate-based MLP (CbMLP) and convolutional network. Furthermore,…
▽ More
A variety of compression methods based on encoding images as weights of a neural network have been recently proposed. Yet, the potential of similar approaches for video compression remains unexplored. In this work, we suggest a set of experiments for testing the feasibility of compressing video using two architectural paradigms, coordinate-based MLP (CbMLP) and convolutional network. Furthermore, we propose a novel technique of neural weight step**, where subsequent frames of a video are encoded as low-entropy parameter updates. To assess the feasibility of the considered approaches, we will test the video compression performance on several high-resolution video datasets and compare against existing conventional and neural compression techniques.
△ Less
Submitted 2 December, 2021;
originally announced December 2021.
-
Neural Knitworks: Patched Neural Implicit Representation Networks
Authors:
Mikolaj Czerkawski,
Javier Cardona,
Robert Atkinson,
Craig Michie,
Ivan Andonovic,
Carmine Clemente,
Christos Tachtatzis
Abstract:
Coordinate-based Multilayer Perceptron (MLP) networks, despite being capable of learning neural implicit representations, are not performant for internal image synthesis applications. Convolutional Neural Networks (CNNs) are typically used instead for a variety of internal generative tasks, at the cost of a larger model. We propose Neural Knitwork, an architecture for neural implicit representatio…
▽ More
Coordinate-based Multilayer Perceptron (MLP) networks, despite being capable of learning neural implicit representations, are not performant for internal image synthesis applications. Convolutional Neural Networks (CNNs) are typically used instead for a variety of internal generative tasks, at the cost of a larger model. We propose Neural Knitwork, an architecture for neural implicit representation learning of natural images that achieves image synthesis by optimizing the distribution of image patches in an adversarial manner and by enforcing consistency between the patch predictions. To the best of our knowledge, this is the first implementation of a coordinate-based MLP tailored for synthesis tasks such as image inpainting, super-resolution, and denoising. We demonstrate the utility of the proposed technique by training on these three tasks. The results show that modeling natural images using patches, rather than pixels, produces results of higher fidelity. The resulting model requires 80% fewer parameters than alternative CNN-based solutions while achieving comparable performance and training time.
△ Less
Submitted 15 April, 2024; v1 submitted 29 September, 2021;
originally announced September 2021.
-
Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends
Authors:
Elochukwu Ukwandu,
Mohamed Amine Ben Farah,
Hanan Hindy,
Miroslav Bures,
Robert Atkinson,
Christos Tachtatzis,
Xavier Bellekens
Abstract:
The integration of Information and Communication Technology (ICT) tools into mechanical devices found in aviation industry has raised security concerns. The more integrated the system, the more vulnerable due to the inherent vulnerabilities found in ICT tools and software that drives the system. The security concerns have become more heightened as the concept of electronic-enabled aircraft and sma…
▽ More
The integration of Information and Communication Technology (ICT) tools into mechanical devices found in aviation industry has raised security concerns. The more integrated the system, the more vulnerable due to the inherent vulnerabilities found in ICT tools and software that drives the system. The security concerns have become more heightened as the concept of electronic-enabled aircraft and smart airports get refined and implemented underway. In line with the above, this paper undertakes a review of cyber-security incidence in the aviation sector over the last 20 years. The essence is to understand the common threat actors, their motivations, the type of attacks, aviation infrastructure that is commonly attacked and then match these so as to provide insight on the current state of the cyber-security in the aviation sector. The review showed that the industry's threats come mainly from Advance Persistent Threat (APT) groups that work in collaboration with some state actors to steal intellectual property and intelligence, in order to advance their domestic aerospace capabilities as well as possibly monitor, infiltrate and subvert other nations' capabilities. The segment of the aviation industry commonly attacked is the Information Technology infrastructure, and the prominent type of attacks is malicious hacking activities that aim at gaining unauthorised access using known malicious password cracking techniques such as Brute force attacks, Dictionary attacks and so on. The review further analysed the different attack surfaces that exist in aviation industry, threat dynamics, and use these dynamics to predict future trends of cyberattacks in the industry. The aim is to provide information for the cybersecurity professionals and aviation stakeholders for proactive actions in protecting these critical infrastructures against cyberincidence for an optimal customer service oriented industry.
△ Less
Submitted 10 July, 2021;
originally announced July 2021.
-
Utilising Flow Aggregation to Classify Benign Imitating Attacks
Authors:
Hanan Hindy,
Robert Atkinson,
Christos Tachtatzis,
Ethan Bayne,
Miroslav Bures,
Xavier Bellekens
Abstract:
Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the cho…
▽ More
Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grou** flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones.
△ Less
Submitted 6 March, 2021;
originally announced March 2021.
-
A Review of Cyber-Ranges and Test-Beds: Current and Future Trends
Authors:
Elochukwu Ukwandu,
Mohamed Amine Ben Farah,
Hanan Hindy,
David Brosset,
Dimitris Kavallieros,
Robert Atkinson,
Christos Tachtatzis,
Miroslav Bures,
Ivan Andonovic,
Xavier Bellekens
Abstract:
Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management.…
▽ More
Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs different dimensions, as well as, highlighting a diminishing differentiation between application areas.
△ Less
Submitted 14 October, 2020;
originally announced October 2020.
-
Interoperability and Integration Testing Methods for IoT Systems: a Systematic Map** Study
Authors:
Miroslav Bures,
Matej Klima,
Vaclav Rechtberger,
Xavier Bellekens,
Christos Tachtatzis,
Robert Atkinson,
Bestoun S. Ahmed
Abstract:
The recent active development of Internet of Things (IoT) solutions in various domains has led to an increased demand for security, safety, and reliability of these systems. Security and data privacy are currently the most frequently discussed topics; however, other reliability aspects also need to be focused on to maintain the smooth and safe operation of IoT systems. Until now, there has been no…
▽ More
The recent active development of Internet of Things (IoT) solutions in various domains has led to an increased demand for security, safety, and reliability of these systems. Security and data privacy are currently the most frequently discussed topics; however, other reliability aspects also need to be focused on to maintain the smooth and safe operation of IoT systems. Until now, there has been no systematic map** study dedicated to the topic of interoperability and integration testing of IoT systems specifically; therefore, we present such an overview in this study. We analyze 803 papers from four major primary databases and perform detailed assessment and quality check to find 115 relevant papers. In addition, recently published testing techniques and approaches are analyzed and classified; the challenges and limitations in the field is also identified and discussed. Research trends related to publication time, active researchers, and publication media are presented in this study. The results suggest that studies mainly focus only on general testing methods, which can be applied to integration and interoperability testing of IoT systems; thus, there are research opportunities to develop additional testing methods focused specifically on IoT systems, so that they are more effective in the IoT context.
△ Less
Submitted 22 July, 2020;
originally announced July 2020.
-
Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection
Authors:
Hanan Hindy,
Robert Atkinson,
Christos Tachtatzis,
Jean-Noël Colin,
Ethan Bayne,
Xavier Bellekens
Abstract:
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outl…
▽ More
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while kee** the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation-CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of [89-99%] for the NSL-KDD dataset and [75-98%] for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.
△ Less
Submitted 16 November, 2020; v1 submitted 27 June, 2020;
originally announced June 2020.
-
Leveraging Siamese Networks for One-Shot Intrusion Detection Model
Authors:
Hanan Hindy,
Christos Tachtatzis,
Robert Atkinson,
David Brosset,
Miroslav Bures,
Ivan Andonovic,
Craig Michie,
Xavier Bellekens
Abstract:
The use of supervised Machine Learning (ML) to enhance Intrusion Detection Systems has been the subject of significant research. Supervised ML is based upon learning by example, demanding significant volumes of representative instances for effective training and the need to re-train the model for every unseen cyber-attack class. However, retraining the models in-situ renders the network susceptibl…
▽ More
The use of supervised Machine Learning (ML) to enhance Intrusion Detection Systems has been the subject of significant research. Supervised ML is based upon learning by example, demanding significant volumes of representative instances for effective training and the need to re-train the model for every unseen cyber-attack class. However, retraining the models in-situ renders the network susceptible to attacks owing to the time-window required to acquire a sufficient volume of data. Although anomaly detection systems provide a coarse-grained defence against unseen attacks, these approaches are significantly less accurate and suffer from high false-positive rates. Here, a complementary approach referred to as 'One-Shot Learning', whereby a limited number of examples of a new attack-class is used to identify a new attack-class (out of many) is detailed. The model grants a new cyber-attack classification without retraining. A Siamese Network is trained to differentiate between classes based on pairs similarities, rather than features, allowing to identify new and previously unseen attacks. The performance of a pre-trained model to classify attack-classes based only on one example is evaluated using three datasets. Results confirm the adaptability of the model in classifying unseen attacks and the trade-off between performance and the need for distinctive class representation.
△ Less
Submitted 5 November, 2022; v1 submitted 27 June, 2020;
originally announced June 2020.
-
Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset)
Authors:
Hanan Hindy,
Ethan Bayne,
Miroslav Bures,
Robert Atkinson,
Christos Tachtatzis,
Xavier Bellekens
Abstract:
The Internet of Things (IoT) is one of the main research fields in the Cybersecurity domain. This is due to (a) the increased dependency on automated device, and (b) the inadequacy of general purpose Intrusion Detection Systems (IDS) to be deployed for special purpose networks usage. Numerous lightweight protocols are being proposed for IoT devices communication usage. One of the distinguishable I…
▽ More
The Internet of Things (IoT) is one of the main research fields in the Cybersecurity domain. This is due to (a) the increased dependency on automated device, and (b) the inadequacy of general purpose Intrusion Detection Systems (IDS) to be deployed for special purpose networks usage. Numerous lightweight protocols are being proposed for IoT devices communication usage. One of the distinguishable IoT machine-to-machine communication protocols is Message Queuing Telemetry Transport (MQTT) protocol. However, as per the authors best knowledge, there are no available IDS datasets that include MQTT benign or attack instances and thus, no IDS experimental results available. In this paper, the effectiveness of six Machine Learning (ML) techniques to detect MQTT-based attacks is evaluated. Three abstraction levels of features are assessed, namely, packet-based, unidirectional flow, and bidirectional flow features. An MQTT simulated dataset is generated and used for the training and evaluation processes. The dataset is released with an open access licence to help the research community further analyse the accompanied challenges. The experimental results demonstrated the adequacy of the proposed ML models to suit MQTT-based networks IDS requirements. Moreover, the results emphasise on the importance of using flow-based features to discriminate MQTT-based attacks from benign traffic, while packet-based features are sufficient for traditional networking attacks.
△ Less
Submitted 16 November, 2020; v1 submitted 27 June, 2020;
originally announced June 2020.
-
A Security Perspective on Unikernels
Authors:
Joshua Talbot,
Przemek Pikula,
Craig Sweetmore,
Samuel Rowe,
Hanan Hindy,
Christos Tachtatzis,
Robert Atkinson,
Xavier Bellekens
Abstract:
Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performan…
▽ More
Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.
△ Less
Submitted 14 November, 2019;
originally announced November 2019.
-
Cyber-Security Internals of a Skoda Octavia vRS: A Hands on Approach
Authors:
Colin Urquhart,
Xavier Bellekens,
Christos Tachtatzis,
Robert Atkinson,
Hanan Hindy,
Amar Seeam
Abstract:
The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can…
▽ More
The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc. . . ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified.
△ Less
Submitted 21 October, 2019;
originally announced October 2019.
-
From Cyber-Security Deception To Manipulation and Gratification Through Gamification
Authors:
Xavier Bellekens,
Gayan Jayasekara,
Hanan Hindy,
Miroslav Bures,
David Brosset,
Christos Tachtatzis,
Robert Atkinson
Abstract:
With the ever growing networking capabilities and services offered to users, attack surfaces have been increasing exponentially, additionally, the intricacy of network architectures has increased the complexity of cyber-defenses, to this end, the use of deception has recently been trending both in academia and industry. Deception enables to create proactive defense systems, luring attackers in ord…
▽ More
With the ever growing networking capabilities and services offered to users, attack surfaces have been increasing exponentially, additionally, the intricacy of network architectures has increased the complexity of cyber-defenses, to this end, the use of deception has recently been trending both in academia and industry. Deception enables to create proactive defense systems, luring attackers in order to better defend the systems at hand. Current applications of deception, only rely on static, or low interactive environments. In this paper we present a platform that combines human-computer-interaction, analytics, gamification and deception to lure malicious users into selected traps while piquing their interests. Furthermore we analyse the interactive deceptive aspects of the platform through the addition of a narrative, further engaging malicious users into following a predefined path and deflecting attacks from key network systems.
△ Less
Submitted 21 March, 2019;
originally announced March 2019.
-
A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems
Authors:
Hanan Hindy,
David Brosset,
Ethan Bayne,
Amar Seeam,
Christos Tachtatzis,
Robert Atkinson,
Xavier Bellekens
Abstract:
As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats,…
▽ More
As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade's Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of real-network threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.
△ Less
Submitted 5 June, 2020; v1 submitted 9 June, 2018;
originally announced June 2018.
-
A Taxonomy of Malicious Traffic for Intrusion Detection Systems
Authors:
Hanan Hindy,
Elike Hodo,
Ethan Bayne,
Amar Seeam,
Robert Atkinson,
Xavier Bellekens
Abstract:
With the increasing number of network threats it is essential to have a knowledge of existing and new network threats in order to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets.
With the increasing number of network threats it is essential to have a knowledge of existing and new network threats in order to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets.
△ Less
Submitted 9 June, 2018;
originally announced June 2018.
-
Machine Learning Approach for Detection of nonTor Traffic
Authors:
Elike Hodo,
Xavier Bellekens,
Ephraim Iorkyase,
Andrew Hamilton,
Christos Tachtatzis,
Robert Atkinson
Abstract:
Intrusion detection has attracted a considerable interest from researchers and industries. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anon…
▽ More
Intrusion detection has attracted a considerable interest from researchers and industries. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymising the identity of internet users connecting through a series of tunnels and nodes. This work focuses on the classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users. A study to compare the reliability and efficiency of Artificial Neural Network and Support vector machine in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset is presented in this paper. The results are analysed based on the overall accuracy, detection rate and false positive rate of the two algorithms. Experimental results show that both algorithms could detect nonTor traffic in the dataset. A hybrid Artificial neural network proved a better classifier than SVM in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset.
△ Less
Submitted 29 August, 2017;
originally announced August 2017.
-
Threat analysis of IoT networks Using Artificial Neural Network Intrusion Detection System
Authors:
Elike Hodo,
Xavier Bellekens,
Andrew Hamilton,
Pierre-louis Dubouilh,
Ephraim Iorkyase,
Christos Tachtatzis,
Robert Atkinson
Abstract:
The Internet of things (IoT) is still in its infancy and has attracted much interest in many industrial sectors including medical fields, logistics tracking, smart cities and automobiles. However as a paradigm, it is susceptible to a range of significant intrusion threats. This paper presents a threat analysis of the IoT and uses an Artificial Neural Network (ANN) to combat these threats. A multi-…
▽ More
The Internet of things (IoT) is still in its infancy and has attracted much interest in many industrial sectors including medical fields, logistics tracking, smart cities and automobiles. However as a paradigm, it is susceptible to a range of significant intrusion threats. This paper presents a threat analysis of the IoT and uses an Artificial Neural Network (ANN) to combat these threats. A multi-level perceptron, a type of supervised ANN, is trained using internet packet traces, then is assessed on its ability to thwart Distributed Denial of Service (DDoS/DoS) attacks. This paper focuses on the classification of normal and threat patterns on an IoT Network. The ANN procedure is validated against a simulated IoT network. The experimental results demonstrate 99.4% accuracy and can successfully detect various DDoS/DoS attacks.
△ Less
Submitted 7 April, 2017;
originally announced April 2017.
-
GLoP: Enabling Massively Parallel Incident Response Through GPU Log Processing
Authors:
Xavier Bellekens,
Christos Tachtatzis,
Robert Atkinson,
Craig Renfrew,
Tony Kirkham
Abstract:
Large industrial systems that combine services and applications, have become targets for cyber criminals and are challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering anomalies, detecting intrusion, and enabling incident response. The constant increase of link speeds, threats and users, produce large volumes of log data and become i…
▽ More
Large industrial systems that combine services and applications, have become targets for cyber criminals and are challenging from the security, monitoring and auditing perspectives. Security log analysis is a key step for uncovering anomalies, detecting intrusion, and enabling incident response. The constant increase of link speeds, threats and users, produce large volumes of log data and become increasingly difficult to analyse on a Central Processing Unit (CPU). This paper presents a massively parallel Graphics Processing Unit (GPU) LOg Processing (GLoP) library and can also be used for Deep Packet Inspection (DPI), using a prefix matching technique, harvesting the full power of off-the-shelf technologies. GLoP implements two different algorithm using different GPU memory and is compared against CPU counterpart implementations. The library can be used for processing nodes with single or multiple GPUs as well as GPU cloud farms. The results show throughput of 20Gbps and demonstrate that modern GPUs can be utilised to increase the operational speed of large scale log processing scenarios, saving precious time before and after an intrusion has occurred.
△ Less
Submitted 7 April, 2017;
originally announced April 2017.
-
A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems
Authors:
Xavier Bellekens,
Christos Tachtatzis,
Robert Atkinson,
Craig Renfrew,
Tony Kirkham
Abstract:
Pattern Matching is a computationally intensive task used in many research fields and real world applications. Due to the ever-growing volume of data to be processed, and increasing link speeds, the number of patterns to be matched has risen significantly. In this paper we explore the parallel capabilities of modern General Purpose Graphics Processing Units (GPGPU) applications for high speed patt…
▽ More
Pattern Matching is a computationally intensive task used in many research fields and real world applications. Due to the ever-growing volume of data to be processed, and increasing link speeds, the number of patterns to be matched has risen significantly. In this paper we explore the parallel capabilities of modern General Purpose Graphics Processing Units (GPGPU) applications for high speed pattern matching. A highly compressed failure-less Aho-Corasick algorithm is presented for Intrusion Detection Systems on off-the-shelf hardware. This approach maximises the bandwidth for data transfers between the host and the Graphics Processing Unit (GPU). Experiments are performed on multiple alphabet sizes, demonstrating the capabilities of the library to be used in different research fields, while sustaining an adequate throughput for intrusion detection systems or DNA sequencing. The work also explores the performance impact of adequate prefix matching for alphabet sizes and varying pattern numbers achieving speeds up to 8Gbps and low memory consumption for intrusion detection systems.
△ Less
Submitted 7 April, 2017;
originally announced April 2017.
-
Trie Compression for GPU Accelerated Multi-Pattern Matching
Authors:
Xavier Bellekens,
Amar Seeam,
Christos Tachtatzis,
Robert Atkinson
Abstract:
Graphics Processing Units allow for running massively parallel applications offloading the CPU from computationally intensive resources, however GPUs have a limited amount of memory. In this paper a trie compression algorithm for massively parallel pattern matching is presented demonstrating 85% less space requirements than the original highly efficient parallel failure-less aho-corasick, whilst d…
▽ More
Graphics Processing Units allow for running massively parallel applications offloading the CPU from computationally intensive resources, however GPUs have a limited amount of memory. In this paper a trie compression algorithm for massively parallel pattern matching is presented demonstrating 85% less space requirements than the original highly efficient parallel failure-less aho-corasick, whilst demonstrating over 22 Gbps throughput. The algorithm presented takes advantage of compressed row storage matrices as well as shared and texture memory on the GPU.
△ Less
Submitted 13 February, 2017;
originally announced February 2017.
-
Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey
Authors:
Elike Hodo,
Xavier Bellekens,
Andrew Hamilton,
Christos Tachtatzis,
Robert Atkinson
Abstract:
Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a ta…
▽ More
Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on previous and current works. This taxonomy and survey reviews machine learning techniques and their performance in detecting anomalies. Feature selection which influences the effectiveness of machine learning (ML) IDS is discussed to explain the role of feature selection in the classification and training phase of ML IDS. Finally, a discussion of the false and true positive alarm rates is presented to help researchers model reliable and efficient machine learning based intrusion detection systems.
△ Less
Submitted 9 January, 2017;
originally announced January 2017.
-
Van der Waals interactions in the ground state of Mg(BH4)2 from density functional theory
Authors:
A. Bil,
B. Kolb,
R. Atkinson,
D. G. Pettifor,
T. Thonhauser,
A. N. Kolmogorov
Abstract:
In order to resolve an outstanding discrepancy between experiment and theory regarding the ground-state structure of Mg(BH4)2, we examine the importance of long-range dispersive interactions on the compound's thermodynamic stability. Careful treatment of the correlation effects within a recently developed nonlocal van der Waals density functional (vdW-DF) leads to a good agreement with experiment,…
▽ More
In order to resolve an outstanding discrepancy between experiment and theory regarding the ground-state structure of Mg(BH4)2, we examine the importance of long-range dispersive interactions on the compound's thermodynamic stability. Careful treatment of the correlation effects within a recently developed nonlocal van der Waals density functional (vdW-DF) leads to a good agreement with experiment, favoring the α-Mg(BH4)2 phase (P6122) and a closely related Mn(BH4)2-prototype phase (P3112) over a large set of polymorphs at low temperatures. Our study demonstrates the need to go beyond (semi)local density functional approximations for a reliable description of crystalline high-valent metal borohydrides.
△ Less
Submitted 10 April, 2011;
originally announced April 2011.
-
A Virtual Library of Technical Publications
Authors:
Elizabeth Anderson,
Robert Atkinson,
Elizabeth Buckley-Geer,
Cynthia Crego,
Lisa Giacchetti,
Stephen Hanson,
David Ritchie,
Jean Slisz,
Sara Tompson,
Stephen Wolbers
Abstract:
Through a collaborative effort, the Fermilab Information Resources Department and Computing Division have created a "virtual library" of technical publications that provides public access to electronic full-text documents. This paper will discuss the vision, planning and milestones of the project, as well as the hardware, software and interdepartmental cooperation components.
Through a collaborative effort, the Fermilab Information Resources Department and Computing Division have created a "virtual library" of technical publications that provides public access to electronic full-text documents. This paper will discuss the vision, planning and milestones of the project, as well as the hardware, software and interdepartmental cooperation components.
△ Less
Submitted 23 August, 2002;
originally announced August 2002.
-
Digitizing Legacy Documents: A Knowledge-Base Preservation Project
Authors:
Elizabeth Anderson,
Robert Atkinson,
Cynthia Crego,
Jean Slisz,
Sara Tompson
Abstract:
This paper addresses the issue of making legacy information (that material held in paper format only) electronically searchable and retrievable. We used proprietary software and commercial hardware to create a process for scanning, cataloging, archiving and electronically disseminating full-text documents. This process is relatively easy to implement and reasonably affordable.
This paper addresses the issue of making legacy information (that material held in paper format only) electronically searchable and retrievable. We used proprietary software and commercial hardware to create a process for scanning, cataloging, archiving and electronically disseminating full-text documents. This process is relatively easy to implement and reasonably affordable.
△ Less
Submitted 11 November, 1998;
originally announced November 1998.