There is a rapid growth in internet and website usage. A wide variety of devices are used to access websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script attacks is used to access web applications to obtain sensitive data. A key objective of this work is to develop new features and investigate how automatic tuning of machine learning techniques can improve the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is a dynamic and automated parameter choosing and tuning based on the better outcome. This work also compares two datasets for performance of the proposed model.
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSIJCI JOURNAL
In the present scenario, protection of websites from web-based attacks is a great challenge due to the bad intention of the malicious user over the Internet. Researchers are trying to find the optimum solution to prevent these web attack activities. There are several techniques available to prevent the web attacks from happening like firewalls, but most of the firewall is not designed to prevent the attack against the websites. Moreover, firewalls mostly work on signature-based detection method. In this paper, we have analyzed different anomaly-based detection methods for the detection of web-based attacks initiated by malicious users. Working of these methods is in a different direction to the signature-based detection method which only detects the web-based attacks for which a signature has been previously created. In this paper, we have introduced two methods: Attribute Length Method (ALM) and Attribute Character Distribution Method (ACDM) which is based on attribute values. Further, we have done the mathematical analysis of three different web attacks and compare their False Accept Rate (FAR) results for both the methods. Results analysis reveals that ALM is more efficient method than ACDM in the detection of web-based attacks.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
This document discusses using a random forest classifier with feature selection to improve intrusion detection. It begins with background on intrusion detection systems and challenges. It then proposes using genetic algorithms for feature selection to identify the most important features from a dataset. A random forest classifier is used for classification, which combines decision trees to improve accuracy. The methodology involves feature selection, classification with random forest, and detection. Feature weights are calculated and cross-validation is used to analyze detection rates for individual attacks. The goal is to improve accuracy, reduce training time, and better detect minority attacks through this approach.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
The document discusses using machine learning for efficient attack detection in IoT devices without feature engineering. It proposes a feature-engineering-less machine learning (FEL-ML) process that uses raw packet byte streams as input instead of engineered features. This approach is lighter weight and faster than traditional methods. The FEL-ML model is trained directly on unprocessed packet data to perform malware detection on resource-constrained IoT devices. Prior research that used engineered features or complex deep learning models are not suitable for IoT due to limitations of memory and processing power. The proposed FEL-ML approach aims to enable effective network traffic security for IoT using minimal resources.
EFFICIENT ATTACK DETECTION IN IOT DEVICES USING FEATURE ENGINEERING-LESS MACH...ijcsit
Through the generalization of deep learning, the research community has addressed critical challenges in
the network security domain, like malware identification and anomaly detection. However, they have yet to
discuss deploying them on Internet of Things (IoT) devices for day-to-day operations. IoT devices are often
limited in memory and processing power, rendering the compute-intensive deep learning environment
unusable. This research proposes a way to overcome this barrier by bypassing feature engineering in the
deep learning pipeline and using raw packet data as input. We introduce a feature- engineering-less
machine learning (ML) process to perform malware detection on IoT devices. Our proposed model,”
Feature engineering-less ML (FEL-ML),” is a lighter-weight detection algorithm that expends no extra
computations on “engineered” features. It effectively accelerates the low-powered IoT edge. It is trained
on unprocessed byte-streams of packets. Aside from providing better results, it is quicker than traditional
feature-based methods. FEL-ML facilitates resource-sensitive network traffic security with the added
benefit of eliminating the significant investment by subject matter experts in feature engineering.
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
This document describes a proposed approach for anomaly detection in intrusion detection systems using outlier detection. It begins with background on intrusion detection systems and issues with existing approaches. It then presents the proposed two-stage approach using outlier detection: 1) Training with large normal datasets in a distributed storage environment, and 2) Testing intrusion datasets to compute an error value compared to the trained model. If the error value exceeds a threshold, the test data is flagged as anomalous. Experimental results on network packet datasets demonstrate the approach can effectively identify anomalies.
COMPARATIVE ANALYSIS OF ANOMALY BASED WEB ATTACK DETECTION METHODSIJCI JOURNAL
In the present scenario, protection of websites from web-based attacks is a great challenge due to the bad intention of the malicious user over the Internet. Researchers are trying to find the optimum solution to prevent these web attack activities. There are several techniques available to prevent the web attacks from happening like firewalls, but most of the firewall is not designed to prevent the attack against the websites. Moreover, firewalls mostly work on signature-based detection method. In this paper, we have analyzed different anomaly-based detection methods for the detection of web-based attacks initiated by malicious users. Working of these methods is in a different direction to the signature-based detection method which only detects the web-based attacks for which a signature has been previously created. In this paper, we have introduced two methods: Attribute Length Method (ALM) and Attribute Character Distribution Method (ACDM) which is based on attribute values. Further, we have done the mathematical analysis of three different web attacks and compare their False Accept Rate (FAR) results for both the methods. Results analysis reveals that ALM is more efficient method than ACDM in the detection of web-based attacks.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
This document discusses using a random forest classifier with feature selection to improve intrusion detection. It begins with background on intrusion detection systems and challenges. It then proposes using genetic algorithms for feature selection to identify the most important features from a dataset. A random forest classifier is used for classification, which combines decision trees to improve accuracy. The methodology involves feature selection, classification with random forest, and detection. Feature weights are calculated and cross-validation is used to analyze detection rates for individual attacks. The goal is to improve accuracy, reduce training time, and better detect minority attacks through this approach.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
The document discusses using machine learning for efficient attack detection in IoT devices without feature engineering. It proposes a feature-engineering-less machine learning (FEL-ML) process that uses raw packet byte streams as input instead of engineered features. This approach is lighter weight and faster than traditional methods. The FEL-ML model is trained directly on unprocessed packet data to perform malware detection on resource-constrained IoT devices. Prior research that used engineered features or complex deep learning models are not suitable for IoT due to limitations of memory and processing power. The proposed FEL-ML approach aims to enable effective network traffic security for IoT using minimal resources.
EFFICIENT ATTACK DETECTION IN IOT DEVICES USING FEATURE ENGINEERING-LESS MACH...ijcsit
Through the generalization of deep learning, the research community has addressed critical challenges in
the network security domain, like malware identification and anomaly detection. However, they have yet to
discuss deploying them on Internet of Things (IoT) devices for day-to-day operations. IoT devices are often
limited in memory and processing power, rendering the compute-intensive deep learning environment
unusable. This research proposes a way to overcome this barrier by bypassing feature engineering in the
deep learning pipeline and using raw packet data as input. We introduce a feature- engineering-less
machine learning (ML) process to perform malware detection on IoT devices. Our proposed model,”
Feature engineering-less ML (FEL-ML),” is a lighter-weight detection algorithm that expends no extra
computations on “engineered” features. It effectively accelerates the low-powered IoT edge. It is trained
on unprocessed byte-streams of packets. Aside from providing better results, it is quicker than traditional
feature-based methods. FEL-ML facilitates resource-sensitive network traffic security with the added
benefit of eliminating the significant investment by subject matter experts in feature engineering.
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
This document describes a proposed approach for anomaly detection in intrusion detection systems using outlier detection. It begins with background on intrusion detection systems and issues with existing approaches. It then presents the proposed two-stage approach using outlier detection: 1) Training with large normal datasets in a distributed storage environment, and 2) Testing intrusion datasets to compute an error value compared to the trained model. If the error value exceeds a threshold, the test data is flagged as anomalous. Experimental results on network packet datasets demonstrate the approach can effectively identify anomalies.
Web server load prediction and anomaly detection from hypertext transfer prot...IJECEIAES
As network traffic increases and new intrusions occur, anomaly detection solutions based on machine learning are necessary to detect previously unknown intrusion patterns. Most of the developed models require a labelled dataset, which can be challenging owing to a shortage of publicly available datasets. These datasets are often too small to effectively train machine learning models, which further motivates the use of real unlabeled traffic. By using real traffic, it is possible to more accurately simulate the types of anomalies that might occur in a real-world network and improve the performance of the detection model. We present a method able to predict and categorize anomalies without the aid of a labelled dataset, demonstrating the model’s usability while also gathering a dataset from real noisy network traffic. The proposed long short-term memory (LTSM) based intrusion detection system was tested in a real-world setting of an antivirus company and was successful in detecting various intrusions using 5-minute windowing over both the predicted and real update curves thereby demonstrating its usefulness. Our contribution was the development of a robust model generally applicable to any hypertext transfer protocol (HTTP) traffic with almost real-time anomaly detection, while also outperforming earlier studies in terms of prediction accuracy.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never
proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper,
a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We
applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization
in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the
quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Intrusion Detection System Using Machine Learning: An OverviewIRJET Journal
This document provides an overview of machine learning approaches for intrusion detection systems (IDS). It discusses how IDS use data mining techniques like classification, clustering, and association rule mining to detect network intrusions based on patterns in data. The document reviews several papers applying methods like ant colony optimization, support vector machines, genetic algorithms, and convolutional neural networks to classify network activities as normal or intrusive. It compares the strengths and limitations of different machine learning algorithms for IDS and identifies areas for potential improvement in future research.
Intrusion Detection System (IDS) Development Using Tree-Based Machine Learnin...IJCNCJournal
The paper proposes a two-phase classification method for detecting anomalies in network traffic, aiming to tackle the challenges of imbalance and feature selection. The study uses Information Gain to select relevant features and evaluates its performance on the CICIDS-2018 dataset with various classifiers. Results indicate that the ensemble classifier achieved the highest accuracy, precision, and recall. The proposed method addresses challenges in intrusion detection and highlights the effectiveness of ensemble classifiers in improving anomaly detection accuracy. Also, the quantity of pertinent characteristics chosen by Information Gain has a considerable impact on the F1-score and detection accuracy. Specifically, the Ensemble Learning achieved the highest accuracy of 98.36% and F1-score of 97.98% using the relevant selected features.
Intrusion Detection System(IDS) Development Using Tree-Based Machine Learning...IJCNCJournal
The paper proposes a two-phase classification method for detecting anomalies in network traffic, aiming to tackle the challenges of imbalance and feature selection. The study uses Information Gain to select relevant features and evaluates its performance on the CICIDS-2018 dataset with various classifiers. Results indicate that the ensemble classifier achieved the highest accuracy, precision, and recall. The proposed method addresses challenges in intrusion detection and highlights the effectiveness of ensemble classifiers in improving anomaly detection accuracy. Also, the quantity of pertinent characteristics chosen by Information Gain has a considerable impact on the F1-score and detection accuracy. Specifically, the Ensemble Learning achieved the highest accuracy of 98.36% and F1-score of 97.98% using the relevant selected features.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
Fisher exact Boschloo and polynomial vector learning for malware detection IJECEIAES
Computer technology shows swift progress that has infiltrated people’s lives with the candidness and pliability of computers to work ease shows security breaches. Thus, malware detection methods perform modifications in running the malware based on behavioral and content factors. The factors are taken into consideration compromises of convergence rate and speed. This research paper proposed a method called fisher exact Boschloo and polynomial vector learning (FEB-PVL) to perform both content and behavioral-based malware detection with early convergence to speed up the process. First, the input dataset is provided as input then fisher exact Boschloo’s test Bernoulli feature extraction model is applied to obtain independent observations of two binary variables. Next, the extracted network features form input to polynomial regression support vector learning to different malware classes from benign classes. The proposed method validates the results with respect to the malware and the benign files. The present research aimed to develop the behaviors to detect the accuracy process of the features that have minimum time speeds the overall performances. The proposed FEB-PVL increases the true positive rate and reduces the false positive rate and hence increasing the precision rate using FEB-PVL by 7% compared to existing approaches.
High Performance NMF Based Intrusion Detection System for Big Data IOT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
High Performance NMF based Intrusion Detection System for Big Data IoT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
A new proactive feature selection model based on the enhanced optimization a...IJECEIAES
This document presents a new proactive feature selection (PFS) model to detect distributed reflection denial of service (DRDoS) attacks using an optimized feature selection approach. The PFS model uses swarm optimization and evolutionary algorithms like particle swarm optimization, bat algorithm, and differential evolution to select optimal features. It then evaluates selected features using machine learning classifiers like k-nearest neighbors, support vector machine, and random forest. The model was tested on the CICDDoS2019 dataset and achieved a high DRDoS detection accuracy of 89.59% while reducing the number of features. Evaluation metrics like accuracy, precision, recall and F1-score were also improved compared to previous models. The PFS model provides an effective approach
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
This document summarizes research on using various data mining classification techniques to handle false alerts in intrusion detection systems. The researchers tested many data mining procedures on the KDD Cup 99 dataset, including multilayer perceptron neural networks, rule-based models, support vector machines, naive Bayes, and association rule mining. The best accuracy was 92% for multilayer perceptrons, but rule-based models had the fastest training time at 4 seconds. The researchers concluded that different techniques should be used together to handle different types of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
A predictive model for network intrusion detection using stacking approach IJECEIAES
This document presents a predictive stacking model for network intrusion detection using two machine learning datasets - UNSW NB-15 and UGR'16. The stacking approach uses logistic regression, K nearest neighbor, decision tree, and random forest classifiers at level 0, with random forest as the meta classifier. Feature selection is performed on UNSW NB-15 to identify the most important 16 features out of 47 using permutation feature importance. Hyperparameters of the classifiers are tuned to improve performance. The stacking model is implemented using the Graphlab Create machine learning platform and evaluated on the two datasets, showing reasonably good results with fewer misclassifications of attack types.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
This document discusses using machine learning techniques to detect cyber attacks on web applications. It proposes using a graph-based approach and regular expressions to model normal HTTP request behavior during a learning phase. This would establish a baseline for detecting anomalies and potential attacks. Existing approaches are also reviewed that use algorithms like NSG, LSEG and F-Sign to generate signatures for detecting malware based on network traffic patterns or software code. Supervised machine learning methods have also been applied using features extracted from network data and classifiers like k-NN, Naive Bayes and neural networks. The proposed system would adapt this machine learning paradigm to specifically detect attacks on web applications.
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Blockchain Enforced Attribute based Access Control with ZKP for Healthcare Se...IJCNCJournal
The relationship between doctors and patients is reinforced through the expanded communication channels provided by remote healthcare services, resulting in heightened patient satisfaction and loyalty. Nonetheless, the growth of these services is hampered by security and privacy challenges they confront. Additionally, patient electronic health records (EHR) information is dispersed across multiple hospitals in different formats, undermining data sovereignty. It allows any service to assert authority over their EHR, effectively controlling its usage. This paper proposes a blockchain enforced attribute-based access control in healthcare service. To enhance the privacy and data-sovereignty, the proposed system employs attribute-based access control, zero-knowledge proof (ZKP) and blockchain. The role of data within our system is pivotal in defining attributes. These attributes, in turn, form the fundamental basis for access control criteria. Blockchain is used to keep hospital information in public chain but EHR related data in private chain. Furthermore, EHR provides access control by using the attributed based cryptosystem before they are stored in the blockchain. Analysis shows that the proposed system provides data sovereignty with privacy provision based on the attributed based access control.
More Related Content
Similar to Web Attack Prediction using Stepwise Conditional Parameter Tuning in Machine Learning Algorithms with Usage Data
Web server load prediction and anomaly detection from hypertext transfer prot...IJECEIAES
As network traffic increases and new intrusions occur, anomaly detection solutions based on machine learning are necessary to detect previously unknown intrusion patterns. Most of the developed models require a labelled dataset, which can be challenging owing to a shortage of publicly available datasets. These datasets are often too small to effectively train machine learning models, which further motivates the use of real unlabeled traffic. By using real traffic, it is possible to more accurately simulate the types of anomalies that might occur in a real-world network and improve the performance of the detection model. We present a method able to predict and categorize anomalies without the aid of a labelled dataset, demonstrating the model’s usability while also gathering a dataset from real noisy network traffic. The proposed long short-term memory (LTSM) based intrusion detection system was tested in a real-world setting of an antivirus company and was successful in detecting various intrusions using 5-minute windowing over both the predicted and real update curves thereby demonstrating its usefulness. Our contribution was the development of a robust model generally applicable to any hypertext transfer protocol (HTTP) traffic with almost real-time anomaly detection, while also outperforming earlier studies in terms of prediction accuracy.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never
proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper,
a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We
applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization
in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the
quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Intrusion Detection System Using Machine Learning: An OverviewIRJET Journal
This document provides an overview of machine learning approaches for intrusion detection systems (IDS). It discusses how IDS use data mining techniques like classification, clustering, and association rule mining to detect network intrusions based on patterns in data. The document reviews several papers applying methods like ant colony optimization, support vector machines, genetic algorithms, and convolutional neural networks to classify network activities as normal or intrusive. It compares the strengths and limitations of different machine learning algorithms for IDS and identifies areas for potential improvement in future research.
Intrusion Detection System (IDS) Development Using Tree-Based Machine Learnin...IJCNCJournal
The paper proposes a two-phase classification method for detecting anomalies in network traffic, aiming to tackle the challenges of imbalance and feature selection. The study uses Information Gain to select relevant features and evaluates its performance on the CICIDS-2018 dataset with various classifiers. Results indicate that the ensemble classifier achieved the highest accuracy, precision, and recall. The proposed method addresses challenges in intrusion detection and highlights the effectiveness of ensemble classifiers in improving anomaly detection accuracy. Also, the quantity of pertinent characteristics chosen by Information Gain has a considerable impact on the F1-score and detection accuracy. Specifically, the Ensemble Learning achieved the highest accuracy of 98.36% and F1-score of 97.98% using the relevant selected features.
Intrusion Detection System(IDS) Development Using Tree-Based Machine Learning...IJCNCJournal
The paper proposes a two-phase classification method for detecting anomalies in network traffic, aiming to tackle the challenges of imbalance and feature selection. The study uses Information Gain to select relevant features and evaluates its performance on the CICIDS-2018 dataset with various classifiers. Results indicate that the ensemble classifier achieved the highest accuracy, precision, and recall. The proposed method addresses challenges in intrusion detection and highlights the effectiveness of ensemble classifiers in improving anomaly detection accuracy. Also, the quantity of pertinent characteristics chosen by Information Gain has a considerable impact on the F1-score and detection accuracy. Specifically, the Ensemble Learning achieved the highest accuracy of 98.36% and F1-score of 97.98% using the relevant selected features.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
Fisher exact Boschloo and polynomial vector learning for malware detection IJECEIAES
Computer technology shows swift progress that has infiltrated people’s lives with the candidness and pliability of computers to work ease shows security breaches. Thus, malware detection methods perform modifications in running the malware based on behavioral and content factors. The factors are taken into consideration compromises of convergence rate and speed. This research paper proposed a method called fisher exact Boschloo and polynomial vector learning (FEB-PVL) to perform both content and behavioral-based malware detection with early convergence to speed up the process. First, the input dataset is provided as input then fisher exact Boschloo’s test Bernoulli feature extraction model is applied to obtain independent observations of two binary variables. Next, the extracted network features form input to polynomial regression support vector learning to different malware classes from benign classes. The proposed method validates the results with respect to the malware and the benign files. The present research aimed to develop the behaviors to detect the accuracy process of the features that have minimum time speeds the overall performances. The proposed FEB-PVL increases the true positive rate and reduces the false positive rate and hence increasing the precision rate using FEB-PVL by 7% compared to existing approaches.
High Performance NMF Based Intrusion Detection System for Big Data IOT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
High Performance NMF based Intrusion Detection System for Big Data IoT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
A new proactive feature selection model based on the enhanced optimization a...IJECEIAES
This document presents a new proactive feature selection (PFS) model to detect distributed reflection denial of service (DRDoS) attacks using an optimized feature selection approach. The PFS model uses swarm optimization and evolutionary algorithms like particle swarm optimization, bat algorithm, and differential evolution to select optimal features. It then evaluates selected features using machine learning classifiers like k-nearest neighbors, support vector machine, and random forest. The model was tested on the CICDDoS2019 dataset and achieved a high DRDoS detection accuracy of 89.59% while reducing the number of features. Evaluation metrics like accuracy, precision, recall and F1-score were also improved compared to previous models. The PFS model provides an effective approach
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
This document summarizes research on using various data mining classification techniques to handle false alerts in intrusion detection systems. The researchers tested many data mining procedures on the KDD Cup 99 dataset, including multilayer perceptron neural networks, rule-based models, support vector machines, naive Bayes, and association rule mining. The best accuracy was 92% for multilayer perceptrons, but rule-based models had the fastest training time at 4 seconds. The researchers concluded that different techniques should be used together to handle different types of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
A predictive model for network intrusion detection using stacking approach IJECEIAES
This document presents a predictive stacking model for network intrusion detection using two machine learning datasets - UNSW NB-15 and UGR'16. The stacking approach uses logistic regression, K nearest neighbor, decision tree, and random forest classifiers at level 0, with random forest as the meta classifier. Feature selection is performed on UNSW NB-15 to identify the most important 16 features out of 47 using permutation feature importance. Hyperparameters of the classifiers are tuned to improve performance. The stacking model is implemented using the Graphlab Create machine learning platform and evaluated on the two datasets, showing reasonably good results with fewer misclassifications of attack types.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
This document discusses using machine learning techniques to detect cyber attacks on web applications. It proposes using a graph-based approach and regular expressions to model normal HTTP request behavior during a learning phase. This would establish a baseline for detecting anomalies and potential attacks. Existing approaches are also reviewed that use algorithms like NSG, LSEG and F-Sign to generate signatures for detecting malware based on network traffic patterns or software code. Supervised machine learning methods have also been applied using features extracted from network data and classifiers like k-NN, Naive Bayes and neural networks. The proposed system would adapt this machine learning paradigm to specifically detect attacks on web applications.
Similar to Web Attack Prediction using Stepwise Conditional Parameter Tuning in Machine Learning Algorithms with Usage Data (20)
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Blockchain Enforced Attribute based Access Control with ZKP for Healthcare Se...IJCNCJournal
The relationship between doctors and patients is reinforced through the expanded communication channels provided by remote healthcare services, resulting in heightened patient satisfaction and loyalty. Nonetheless, the growth of these services is hampered by security and privacy challenges they confront. Additionally, patient electronic health records (EHR) information is dispersed across multiple hospitals in different formats, undermining data sovereignty. It allows any service to assert authority over their EHR, effectively controlling its usage. This paper proposes a blockchain enforced attribute-based access control in healthcare service. To enhance the privacy and data-sovereignty, the proposed system employs attribute-based access control, zero-knowledge proof (ZKP) and blockchain. The role of data within our system is pivotal in defining attributes. These attributes, in turn, form the fundamental basis for access control criteria. Blockchain is used to keep hospital information in public chain but EHR related data in private chain. Furthermore, EHR provides access control by using the attributed based cryptosystem before they are stored in the blockchain. Analysis shows that the proposed system provides data sovereignty with privacy provision based on the attributed based access control.
EECRPSID: Energy-Efficient Cluster-Based Routing Protocol with a Secure Intru...IJCNCJournal
A revolutionary idea that has gained significance in technology for Internet of Things (IoT) networks backed by WSNs is the " Energy-Efficient Cluster-Based Routing Protocol with a Secure Intrusion Detection" (EECRPSID). A WSN-powered IoT infrastructure's hardware foundation is hardware with autonomous sensing capabilities. The significant features of the proposed technology are intelligent environment sensing, independent data collection, and information transfer to connected devices. However, hardware flaws and issues with energy consumption may be to blame for device failures in WSN-assisted IoT networks. This can potentially obstruct the transfer of data. A reliable route significantly reduces data retransmissions, which reduces traffic and conserves energy. The sensor hardware is often widely dispersed by IoT networks that enable WSNs. Data duplication could occur if numerous sensor devices are used to monitor a location. Finding a solution to this issue by using clustering. Clustering lessens network traffic while retaining path dependability compared to the multipath technique. To relieve duplicate data in EECRPSID, we applied the clustering technique. The multipath strategy might make the provided protocol more dependable. Using the EECRPSID algorithm, will reduce the overall energy consumption, minimize the End-to-end delay to 0.14s, achieve a 99.8% Packet Delivery Ratio, and the network's lifespan will be increased. The NS2 simulator is used to run the whole set of simulations. The EECRPSID method has been implemented in NS2, and simulated results indicate that comparing the other three technologies improves the performance measures.
Analysis and Evolution of SHA-1 Algorithm - Analytical TechniqueIJCNCJournal
A 160-bit (20-byte) hash value, sometimes called a message digest, is generated using the SHA-1 (Secure Hash Algorithm 1) hash function in cryptography. This value is commonly represented as 40 hexadecimal digits. It is a Federal Information Processing Standard in the United States and was developed by the National Security Agency. Although it has been cryptographically cracked, the technique is still in widespread usage. In this work, we conduct a detailed and practical analysis of the SHA-1 algorithm's theoretical elements and show how they have been implemented through the use of several different hash configurations.
Optimizing CNN-BiGRU Performance: Mish Activation and Comparative AnalysisIJCNCJournal
Deep learning is currently extensively employed across a range of research domains. The continuous advancements in deep learning techniques contribute to solving intricate challenges. Activation functions (AF) are fundamental components within neural networks, enabling them to capture complex patterns and relationships in the data. By introducing non-linearities, AF empowers neural networks to model and adapt to the diverse and nuanced nature of real-world data, enhancing their ability to make accurate predictions across various tasks. In the context of intrusion detection, the Mish, a recent AF, was implemented in the CNN-BiGRU model, using three datasets: ASNM-TUN, ASNM-CDX, and HOGZILLA. The comparison with Rectified Linear Unit (ReLU), a widely used AF, revealed that Mish outperforms ReLU, showcasing superior performance across the evaluated datasets. This study illuminates the effectiveness of AF in elevating the performance of intrusion detection systems.
An Hybrid Framework OTFS-OFDM Based on Mobile Speed EstimationIJCNCJournal
The Future wireless communication systems face the challenging task of simultaneously providing high-quality service (QoS) and broadband data transmission, while also minimizing power consumption, latency, and system complexity. Although Orthogonal Frequency Division Multiplexing (OFDM) has been widely adopted in 4G and 5G systems, it struggles to cope with a significant delay and Doppler spread in high mobility scenarios. To address these challenges, a novel waveform named Orthogonal Time Frequency Space (OTFS). Designers aim to outperform OFDM by closely aligning signals with the channel behaviour. In this paper, we propose a switching strategy that empowers operators to select the most appropriate waveform based on an estimated speed of the mobile user. This strategy enables the base station to dynamically choose the waveform that best suits the mobile user’s speed. Additionally, we suggest retaining an Integrated Sensing and Communication (ISAC) radar approach for accurate Doppler estimation. This provides precise information to facilitate the waveform selection procedure. By leveraging the switching strategy and harnessing the Doppler estimation capabilities of an ISAC radar.Our proposed approach aims to enhance the performance of wireless communication systems in high mobility cases. Considering the complexity of waveform processing, we introduce an optimized hybrid system that combines OTFS and OFDM, resulting in reduced complexity while still retaining performance benefits.This hybrid system presents a promising solution for improving the performance of wireless communication systems in higher mobility.The simulation results validate the effectiveness of our approach, demonstrating its potential advantages for future wireless communication systems. The effectiveness of the proposed approach is validated by simulation results as it will be illustrated.
Enhanced Traffic Congestion Management with Fog Computing - A Simulation-Base...IJCNCJournal
Accurate latency computation is essential for the Internet of Things (IoT) since the connected devices generate a vast amount of data that is processed on cloud infrastructure. However, the cloud is not an optimal solution. To overcome this issue, fog computing is used to enable processing at the edge while still allowing communication with the cloud. Many applications rely on fog computing, including traffic management. In this paper, an Intelligent Traffic Congestion Mitigation System (ITCMS) is proposed to address traffic congestion in heavily populated smart cities. The proposed system is implemented using fog computing and tested in a crowdedCairo city. The results obtained indicate that the execution time of the simulation is 4,538 seconds, and the delay in the application loop is 49.67 seconds. The paper addresses various issues, including CPU usage, heap memory usage, throughput, and the total average delay, which are essential for evaluating the performance of the ITCMS. Our system model is also compared with other models to assess its performance. A comparison is made using two parameters, namely throughput and the total average delay, between the ITCMS, IOV (Internet of Vehicle), and STL (Seasonal-Trend Decomposition Procedure based on LOESS). Consequently, the results confirm that the proposed system outperforms the others in terms of higher accuracy, lower latency, and improved traffic efficiency.
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
May 2024, Volume 16, Number 3 - The International Journal of Computer Network...IJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
May_2024 Top 10 Read Articles in Computer Networks & Communications.pdfIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
April 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Pride Month Slides 2024 David Douglas School District
Web Attack Prediction using Stepwise Conditional Parameter Tuning in Machine Learning Algorithms with Usage Data
1. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
DOI: 10.5121/ijcnc.2022.14606 81
WEB ATTACK PREDICTION USING STEPWISE
CONDITIONAL PARAMETER TUNING IN MACHINE
LEARNING ALGORITHMS WITH USAGE DATA
S. Meena1
and Dr. A. Pethalakshmi2
1
Research Scholar (PHDCS18P570),
Mother Teresa Women’s University, Kodaikanal, Tamilnadu, India
2
Principal, Alagappa Government Arts College, Karaikudi, Tamilnadu, India
ABSTRACT
There is a rapid growth in internet and website usage. A wide variety of devices are used to access
websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and
more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack
occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for
vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script
attacks is used to access web applications to obtain sensitive data. A key objective of this work is to
develop new features and investigate how automatic tuning of machine learning techniques can improve
the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The
Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is
a dynamic and automated parameter choosing and tuning based on the better outcome. This work also
compares two datasets for performance of the proposed model.
KEYWORDS
Web Application, Web Attack, Attack Detection, Anomaly Detection, Tuning Parameters, Machine learning
Algorithms, Web Usage, Usage Mining, Stepwise Conditional Parameter Selection, and HTTP CSIC
Dataset.
1. INTRODUCTION
Many of these attacks targeted underlying web server technology and libraries and were
classified as buffer overflows, insecure sample code, input validation weaknesses,
canonicalization attacks, encoding attacks, form tampering, and privilege escalation attacks. With
the improvement of underlying web server technology and greater awareness of secure
development practices, core web server infrastructure became more stable. Data sets for testing
WAFs (Web Application Firewalls) aren't publicly available, which hampers web attack
prediction. Detecting intrusions has been made possible using the DARPA data set. IDS
community members have, however, criticized it. DARPA's web traffic data set has some
problems, such as being out of date and not including many actual attacks. As a result, it cannot
be used to detect web attacks. In the process of generating publicly available HTTP data sets,
data privacy is also a concern since they do not target real web applications. For the prediction of
web-relevant attacks, HTTP CSIC 2010 [1] is still the only version that is supported.
To detect attacks against web applications, this work describes the design, implementation, and
evaluation of an auto-tuned parameter selection system, which automatically adjusts the
parameter to achieve the best performance. Using newly created features, the unique framework
2. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
82
can detect different attack patterns. As a result of pre-processing work, unwanted data is cleaned.
The use of well-known classifiers such as SVM, KNN, and decision trees is used for stepwise
conditional auto-tuning parameter selection to improve the best accuracy.
1.1. Motivation
In the real world, there is a huge number of websites are available for personal and commercial
use. Every website has threads such as attackers, vulnerabilities, exploited scripts, and so on. The
Government Website of Tamilnadu was hacked by West Bengal Hackers in September 2020.
Many developers have focused on web development, not on security issues which is the one main
reason for web attacks. To overcome these issues, need a separate intrusion detection system for
the Web site to mitigate Web Site Attacks.
1.2. State of the Art: Proposed Model
The proposed model focuses on web-based attack detection and it is predicting the attacks with
the existing dataset. The traditional approaches are used machine learning algorithms with the
traditional order of attack prediction such as Data Cleaning, Feature Reduction, and
Classification. This model has a new flow that was modified traditional model and add some new
phases into it. The new phases are new feature generation and a Step-Wise Automatic Dynamic
Tuning mechanism with Classifiers. New features are computed based on a statistical model and
automatic tuning and parameter selection is comparing every parameter with various values and
selecting the best one for better classification. The advantage of the Tuning mechanism is fitted
and adjusted dynamically for the various dataset(s).
1.3. Organization of the Paper
In the rest of the paper, the paper structure is organized as follows. Review of the related work in
Section 2. The working mechanism of the proposed work is explained in Section 3. In Section 4,
a Comparative analysis, Implementation environment, and K-Fold validation is presented. The
conclusion and future direction are in Section 5.
2. REVIEW OF LITERATURE
Varouni et al. [2] added deep neural networks and parallel-feature-fusion methods that include
engineering as an intrinsic thing and play the most crucial role in their performance. The
recommended techniques include stacked autoencoder and deep belief network as feature
learning methods, with the best ordinary data utilized within the training section, followed by
one-class SVM, isolation forest, and elliptic envelope classifiers. Telerik et al. [3] present a
hybrid learning-based web application firewall (WAF) architecture to prevent web-based threats
by combining signature-based detection (SBD) and anomaly-based detection (ABD). Three open-
source datasets, WAF 2015, CSIC 2010, and ECML-PKDD, are used to evaluate the suggested
approach. The exam results showed that a high mean accomplishment percentage (96.59%) was
attained. The usefulness of an ontology-based system for describing, configuring, querying, and
reasoning across WAF Firewall settings was examined by Ahmad et.al [4] and evaluated the
framework against ModSecurity, one of the most popular open-source web application firewalls.
According to our preliminary findings, the WAF ruleset configuration problems that come from
duplication and policy conflicts are greatly reduced by our framework.
A novel data structure, known as Cn-grams, was introduced by P.Duessesl et al. [5] and allows
the integration of syntactic and sequential properties of payloads in a single feature space, laying
3. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
83
the groundwork for context-aware network intrusion detection. We test binary and text-based
application-layer protocols, showing that they are more accurate at identifying different sorts of
assaults than conventional anomaly detection techniques. Web Analyzing Traffic Challenge
(Discovery Challenge of ECML/PKDD'07) details were provided by Rassi et al. in their report
[6]. The information from query logs may be used to identify attacks and classify them. So, this
challenge's goal is to filter out assaults in Web traffic. Extraction of examples from HTTP traffic
before the development of the detection model is W.Wang et al[7]. This model suggested an
approach for high-speed web assault detection. While drastically reducing the quantity of traffic,
the reduced collection of exemplars preserves important information from the original traffic,
enhancing the detection's effectiveness. Three new insights into the research of autonomic
intrusion detection systems were offered by Y. Pan et al. [8]. Beginning with the Robust Software
Modeling Tool (RSMT), which autonomously monitors and describes the runtime behavior of
online applications, it focuses on an unsupervised/semi-supervised strategy for web assault
detection.
The CSIC 2010 HTTP dataset, which includes common forms of attacks and is freely available,
was utilized in the work by M. Sahin et al. [9]. For the developing classes, Decision Tree (C4.5)
and K Nearest Neighborhood (KNN) algorithms were employed. A strong result of 96.26 percent
has been obtained as a consequence. The attention-based Encoder-Decoder Recurrent Neural
Networks Anomaly Detection model was proposed by Shang Wu et al. [10] as an unsupervised
deep learning model for HTTP payload anomaly detection (AEDRAD). By recreating the original
sequences, it uses the encoder-decoder RNN and attention mechanism to find abnormalities. To
focus on the questionable sections, it filters the HTTP protocol parameters where anomalies
cannot exist. G.B.Govinda Prabhu and R.Mahalakshmi priya [19] wrote the clear study on
Intrusion detection and Prevention model for the Knowledge management. By capturing packets
in real-time, T.S.Urmila et.al [20] proposed a distributed collaboration detection scheme that
combines the advantages of anomaly and signature-based methods. Packet filtering and further
normalization are used to filter out uninteresting traffic. Correlation-based BAT Feature Selection
(CBBFS) algorithm selects the relevant features. By analyzing episodes and classifying attacks
based on EGSSI, we propose an Efficient Behavioral Prediction (EBP) scheme. Arash Habibi
Lashkari et.al [21[ proposed a novel technique, DeepImage, uses feature selection to select the
most important features in a gray image, and then feeds that gray image to a two-dimensional
convolutional neural network to detect and characterize darknet traffic.
3. PROPOSED SCHEME
The classification method is created in the suggested model for intrusion detection to identify
payload-based attack traffic in Web Applications and to address attacks using Auto-Tuned
Machine Learning techniques. The flow of the proposed model is displayed in Figure 1. The first
stage involves collecting a dataset of HTTP Attacks, which is made up of 17 characteristics,
including class. In the second step, missing data, duplicate data, NULL values, and payload-
based characteristics are removed. With the use of Automatic Parameter Tuning applied to the
KNN, SVM, and Decision Tree Classifier in the final phase, assaults are predicted. In subsections
3.1, 3.2, 3.3, and 3.4, the suggested model is described in depth.
4. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
84
Figure 1. Flowchart of the Proposed Framework
3.1. Dataset Description
There are thousands of automatically produced web requests in the HTTP dataset CSIC 2010. It
may be used to test web assault defence mechanisms. It was made at the CSIC's "Information
Security Institute" (Spanish Research National Council). It includes the generated traffic intended
for an online store produced by our department. Users of this online application can register by
entering some personal information and making purchases using a shopping cart. The collection,
which was created automatically, includes 36,000 regular queries as well as more than 25,000
unusual ones. In earlier investigations, this dataset has been effectively applied to web detection
[11]. The attacks were produced using programs like Paros [12] and W3AF [13]. The WAFs
where this dataset was utilized follow the anomaly method, in which the web application's usual
behaviour is established and any deviations are regarded as abnormal. Therefore, with this
method, the training phase merely requires regular traffic.
3.2. Pre-Processing
Pre-Processing cleans up and clarifies the data at this step so that the machine learning model
may be trained. In this stage, the data is transformed into a unique type, unwanted columns are
removed (using a column processor), and lost data is eliminated.
a) Lost Values Eliminator
Missing or lost values cause the machine to become increasingly confused. The missing data
must be cleared during pre-processing since the computer is unable to handle the null or Infinity
value. There are several approaches to addressing missing values, including removal and
imputation. Because dumping the imputation value is bad for the packet payload, our work
focuses on value removal. The missing values for the characteristics are displayed in Table 1.
Gather Features
Dataset
Data Cleaning
(Pre-Processing)
Column
Processor
Unique Data
Conversion
Payload Feature
Generator
Error Message
Counter
SQL Injection
Counter
XSS Filter Counter
CRLF Analyser
Classification
Model
KNN
SVM
Decision Tree
Step Wise tuning
Parameters with
various Values
and Chose Best
one for Classifiers
5. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
85
Table 1. Lost values in the Dataset
Features Missing Values % Of Total Values
Content-Type 43088 70.6
Length 43088 70.6
Content 43088 70.6
Accept 397 0.7
b) Column Processor
To delete the undesirable column, the column processor carried out the procedure. Method, User-
Agent, Pragma, Cache-Content, Accept, Accept-Encoding, Accept-Charset, Language, host,
Content-Type, and Connection are the columns that have been deleted from the dataset. The
value in the aforementioned field is the same across all records, hence these columns have no
bearing on the prediction process.
c) Unique Data Conversion
Converting data into a unique format is known as unique data conversion. The numerical values
are simple for machines to comprehend; thus, this work uses one-hot encoding to transform the
non-unique data (Class, Cookie, Content, and Length) into a unique numerical format.
3.3 Payload Feature Generator:
After the pre-processing stage, so many features are removed. To improve classification
accuracy, we need to generate more useful features. From the various studies, this work generated
a novel feature from the payload. The features are described as follows:
I. Error Message Counter
This feature counts how many errors the message return in the payload content.
II. SQL Injection Counter
By allowing the attacker to tamper with the queries that an application performs to its database by
introducing malicious SQL injection payloads, SQL Injection is a web security vulnerability that
enables attackers to see data that they shouldn't be able to. The file [14] contains information
about several SQL Injection-related vulnerabilities. Data in the Payload Column is checked
against the file for each line. Counters are one of the values in the file that match the column;
otherwise, they are 0.
III. XSS Filter Counter
A Cross-Site Scripting (XSS) attack injects malicious scripts into otherwise trusted and innocent
websites. An XSS attack occurs when an attacker sends malicious code, usually in the form of a
browser-side script, to a separate end user. With the help of the previous set, this feature was able
to count the XSS attacks that were included in the payload [15].
6. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
86
IV. CRLF Analyzer
The special character components "Carriage Return" and "Line Feed" are referred to as "CRLF."
These components serve as End of Line (EOL) markers and are incorporated in HTTP headers
and other program codes. Many internet protocols employ CRLF sequences to divide text streams
into distinct parts, including MIME (e-mail), NNTP (newsgroups), and, most significantly,
HTTP. The location of the CRLF determines how HTTP and other headers are divided by web
application developers. When a hacker can insert a CRLF sequence into an HTTP stream,
exploits happen. The attacker can influence the operations of the web application by deliberately
exploiting CRLF vulnerabilities by injecting an unexpected CRLF injection. With the use of this
data collection, this feature makes count of the CRLF found in the payload [16].
V. OS Command Injection Counter
An online security flaw known as an OS command injection allows unauthorized operating
system instructions to be executed. When a web application delivers unfiltered, un-sanitized
system instructions to be performed, a vulnerability for OS command injection is created. A
hacker might insert their instructions to be executed at the shell level due to poor input validation.
Through the use of user-supplied information like cookies, form input, or HTTP headers, the
attacker adds operating system commands. The OS instructions given by the attacker are often
run with the privileges of the susceptible program, making this a serious vulnerability. With the
use of this data collection, the OS Command Injection functionality was found in the payload
[17].
VI. Server-Side Template Injection Counter
A vulnerability known as "server-side template injection" allows an attacker to execute
instructions on the server side by injecting malicious data into a template. Incorrect user input
that is integrated into the template engine causes this vulnerability, which can often result in
remote code execution (RCE). To assist fill web pages with dynamic data, template engines
combine templates and a data model to create result documents. It is possible to display data
about people, goods, etc. using template engines. With the help of this data collection, this feature
counting the injection was found in the payload [18].
3.4. Prediction Model
Based on the "Stepwise Conditional Parameter Selection" Model, this prediction model suggested
Automated Parameter Selection. The major and secondary parameters in each classifier have
potential values. The training and testing AUC scores were used to determine the values for every
parameter. The best value for the first parameter was chosen, and the first parameter value was
then utilized to pick the second parameter. The third parameter is chosen using the first and
second-best parameter values. In this study, the tuning method uses a minimum of two and a
maximum of three parameters. The KNN, SVM, and Decision Tree classifiers were all subject to
this parameter selection procedure. 70% of the testing set was used for training, and 30% was
used for training. The evaluation result obtained from python coding output and it is shows from
Figure 2 to Figure 9.
a) KNN
The idea behind the nearest neighbor approach is to select a set number of training samples that
are geographically closest to the new location and then estimate the label based on them. A user-
7. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
87
defined constant (k-nearest neighbor learning) or a variable dependent on the local density of
points are both possible for the number of samples (radius-based neighbor learning). In general,
the distance can be measured in any metric unit; the most popular option is the conventional
Euclidean distance. Since neighbors-based techniques only "remember" all of their training data,
they are referred to as non-generalizing machine learning approaches. The KNN parameter and
values are displayed in Table 2.
Table 2. Parameters of KNN
Parameters Value(s)
Neighbors 0 to 30
Distance (P) 1 ,2,3,4,5
i) N-Neighbors:
The number of neighbors to employ for k-neighbors queries is represented by the n neighbors
variable. The Train & Test AUC Score is presented in Figure 2. High AUC from the range of 2 to
5. High N-Neighbor has a low AUC Score in comparison to other neighbors.
Figure 2. AUC based on N-Neighbors in KNN
ii) Distance:
This is the Minkowski metric's power parameter. This is similar to using the manhattan distance
(l1) formula for p=1 and the euclidean distance (l2) formula for p=2. Minkowski distance (l p) is
utilized for arbitrary p. AUC Score grew as distance increased, as seen in Figure 3.
8. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
88
Figure 3. AUC with Distance in KNN
From the above figures here conclude the best parameter for KNN, the value of N-Neighbor is ‘2’
and Distance is ‘1.0’
b) Support Vector Machine
A Support Vector Machine is a supervised machine learning algorithm which can be used for
both classification and regression problems. The data is transformed using a method known as the
kernel trick, and based on these changes, an ideal boundary between the potential outputs is
discovered. The SVM's parameters and values are displayed in Table 3.
Table 3. SVM Parameters
Parameters Value(s)
Kernels Linear, RBF, Poly
Gamma 0.1, 1, 10, 100
C 0.1, 1, 10, 100, 1000
i) Kernel
The kind of hyperplane utilized to split the data is chosen by kernel parameters. When "linear" is
used, a linear hyperplane is used. A nonlinear hyper-plane is used by "RBF" and "poly." The
AUC Score and kernels are shown in Figure 4. The "RBF" kernel outperforms the Linear and
Poly kernels in terms of AUC Score.
9. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
89
Figure 4. Kernel-based AUC in SV
ii) C
The error term's penalty parameter is C. It manages the trade-off between accurately categorizing
the training points and a smooth decision boundary. Figure 5 displays a high AUC Score while
the letter "C" was raised.
Figure 5. AUC with ‘C’ Value in SVM
iii) Gamma
A parameter for nonlinear hyperplanes is gamma. The more gamma, the harder it attempts to
match the training data set accurately. The maximum Gamma value, "100," provides a high train
and test AUC, as shown in Figure 6.
10. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
90
Figure 6. Gamma Values based AUC
From the above figures here conclude the best parameter for SVM, the value of Kernel is ‘RBF’,
Gamma value is ’100’ and ‘C’ Value is ‘800’
c) Decision Tree
A decision tree represents the potential consequences of several connected decisions. It enables a
person or organization to compare potential courses of action based on their costs, probabilities,
and rewards. They may be used to spark casual conversation or to design an algorithm that
calculates the optimal decision. Typically, a decision tree has one node at the beginning that
branches out into potential outcomes. Each of those outcomes connects to more nodes, which
diverge into further possibilities. it resembles a tree.
Nodes come in three varieties: end nodes, decision nodes, and chance nodes. A circle-based
chance node illustrates the probability of various outcomes. An end node represents the result of
a decision route, while a decision node, represented by a square, shows a decision that has to be
taken. The hyperparameter tuning techniques include selecting potential options for model design
from a range of possible hyperparameter values. The parameter value for the decision tree model
is displayed in Table 4. The Decision Tree's tuned parameter is displayed in Table 4.
Table 4. Decision Tree Parameters
Parameters Value(s)
Max Depth 1 to 32
Min Sample Split 0.1 to 1.0
Leaf 0.1 to 0.5
i) Max Depth:
Max depth has to be adjusted first. This reveals the potential depth of the tree. The more splits a
tree has, the more information it can collect about the data. The training and test AUC values
should be plotted after fitting a decision tree with depths ranging from 1 to 32. The depth of the
tree is seen in Figure 7. The highest tree yields a high AUC Score.
11. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
91
Figure 7. AUC with Depth of the tree in Decision Tree
ii) Min Samples Split:
The bare minimum of samples needed to separate an internal node is represented by the min
samples split variable. This might range from taking into account at least one sample at each node
to taking into account every sample at each node. The tree is more limited when we raise this
value since it must take into account more samples at each node. The range of the parameter is
10% to 100% of the samples. The Min Sample Split, which gives the highest AUC for Both Sets,
is explained in Figure 8.
Figure 8. Samples Split-based AUC
iii) Min Sample Leaf:
The bare minimum of samples needed to be at a leaf node is specified by the min samples leaf
variable. This option is comparable to min sample splits, except it specifies the minimal number
of samples at the tree's base, at the leaves. The Min Sample Leaf has a high AUC in the lowest
range, as seen in Figure 9.
12. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
92
Figure 9. AUC with Min Samples Leaf
From the above figures here conclude the best parameter for the Decision Tree, the value of the
Depth of the Tree is ‘30, Sample_Split value is ‘0.2’ and Min_Samples_Leaf is ‘0.1’.
4. RESULT AND DISCUSSION
This section explains the implementation Environment of the proposed system and shows the
comparative analysis of the proposed prediction model.
4.1. Implementation Environment
This proposed framework was constructed using a system with a Windows 10 operating system, a
1 TB hard drive, 8 GB Ram and an Intel Core i7 processor. Python 3.9 and the Anaconda
Framework 3.5-2022, together with the Pandas, Scikit-Learn, and Matplot libraries, were used to
code the implementation.
4.2. K-Fold Validation
The best classifier utilizing the k-fold technique is demonstrated in this section. One of the most
often employed techniques for model evaluation is K-fold cross-validation. Although less
common than the validation set technique, this can help us understand our data and model better.
The k-Fold splits the dataset five to ten times, whereas the validation set technique only does it
once. Consider utilizing a new set of data and the validation set technique 10 times. Divide the
dataset's 100 rows into tenfold groups at random. There will be around 10 rows of data in each
fold. The initial fold will serve as the validation set, while the remaining folds will serve as the
training set. Then, the model is trained with this dataset, and determine the accuracy or loss. Use
a different fold for the validation set and repeat this step.
In all possible classification thresholds, AUC (Area under the ROC Curve) provides an aggregate
measure of performance. AUC can be interpreted as the probability of the model ranking a
random positive example higher than a random negative example. There is a range of values
from 0 to 1 for AUC. The AUC of a model that makes 100% incorrect predictions is 0.0; the
AUC of a model that makes 100% correct predictions is 1.0. From Figure 10 to 12 shows the
AUC for the attack prediction with various thresholds.
13. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
93
Figure 10. SVM
Figure 10 displays the ‘5’ fold and the overall accuracy for the SVM Tuned Classifier. From the
result, we understand the AUC maintains the level at 0.85 to 0.86.
Figure 11. KNN
Figure 11 displays the folded and the overall AUC for the KNN Tuned Classifier. From the
result, we understand the AUC maintains the level at 0.89 to 0.87. Figure 12 shows the report
about Decision tree classifiers and it maintains the ranges from 0.79 to 0.81.
14. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
94
Figure 12. Decision Tree
From the above three figures compared with three algorithms, KNN has the best AUC Score.
4.3. Comparative Analysis
CIC-Darknet2020 Dataset contains VPN and Tor applications based real dark net traffic
[20]. Dark net traffic classification is significantly important to categorize real-time
applications. Analysing dark net traffic helps in early monitoring of malware before
onslaught and detection of malicious activities after outbreak.
a) Accuracy
Classification accuracy, which measures the number of correct predictions made divided by the
total number of predictions made, multiplied by (*) 100 to turn it into a percentage. Figure 13
shows the Accuracy of the various classifiers with CIC-Darkent2020 and HTTP CSIC 2010
Dataset.
Accuracy= No. of Correct Prediction / Total No. of Prediction (1)
15. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
95
Figure 13. Classification Accuracy
b) Error Rate
Error rate (ERR) is calculated as the number of all incorrect predictions divided by the total
number of the dataset. The best error rate is 0.0, whereas the worst is 100. Figure 14 shows the
Error rate of the KNN, Decision Tree, SVM with CIC-Darkent2020 and HTTP CSIC 2010
Dataset.
Error Rate = (1 – Accuracy) *100 (2)
Figure 14. Classification Error Rate
5. CONCLUSION
This work uses machine learning approaches to implement attack detection for the Web
environment. Devices used in the web environment are connected to the internet and other
networks, increasing security risks. Consequently, utilizing the dataset HTTP CSIC 2010, the
work concentrated on the attack in this setting. The effort primarily concentrated on identifying
the assault using characteristics provided by the payload to shorten prediction time and improve
identification accuracy. The payload of the provided dataset is used to generate the custom
features. To make the raw dataset smaller for processing, it is pre-processed to remove
unnecessary, redundant, and empty columns. The suggested approach of SVM, KNN, and
16. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
96
Decision Tree is used to carry out the prediction process, and it produces improved outcomes.
Decision Tree model scores the better accuracy comparing with various dataset (94% and 96 %)
shown in comparative results. Furthermore, this work integrated with real-time web system to
make the web site more security and new artificial intelligence will assimilate for new feature
construction and feature reduction and attack detection in future research.
CONFLICTS OF INTEREST
The authors declare no conflict of interest.
REFERENCES
[1] Giménez, C.T., Villegas, A.P. and Marañón, G.Á., (2010), “HTTP data set CSIC 2010”. Information
Security Institute of CSIC (Spanish Research National Council).
[2] Varouni, A.M., Teshnehlab, M. and Kashi, S.S., (2019), “Leveraging deep neural networks for
anomaly-based Web Application Firewall”, IET Information Security, Vol.13, Issue.4, pp.352-361.
[3] Tekerek, A. and Bay, O.F., (2019), “Design and implementation of an artificial intelligence-based
Web Application Firewall model”, Neural Network World, Vol.29, Issue.4, pp.189-206.
[4] Ahmad, A., Anwar, Z., Hur, A. and Ahmad, H.F., (2012), “Formal reasoning of Web Application
Firewall rules through ontological modelling”. IEEE 15th International Multi-topic Conference
(INMIC) pp. 230-237.
[5] P. Duessel, C. Gehl, U. Flegel, S. Dietrich, and M. Meier, (2017), “Detecting zero-day attacks using
context-aware anomaly detection at the application-layer,” Vol.16, Issue.5, pp.475-490.
[6] C. Raıssi, J. Brissaud, G. Dray, P. Poncelet, M. Roche, and M. Teisseire, (2007), “Web analysing
traffic challenge: description and results,” in Proceedings of the ECML/PKDD, pp. 47–52.
[7] W. Wang and X. Zhang, (2011), “High-speed web attack detection through extracting exemplars
from http traffic,” in Proceedings of the 2011 ACM symposium on applied computing. ACM, pp.
1538–1543.
[8] Y. Pan, F. Sun, Z. Teng, J. White, D. C. Schmidt, J. Staples, and L. Krause, (2019) “Detecting web
attacks with end-to-end deep learning,” Journal of Internet Services and Applications, vol. 10, no. 1,
pp. 1– 22.
[9] M. Sahin and I. Sogukpınar, (2017), "An efficient firewall for web applications (EFWA),”
International Conference on Computer Science and Engineering (UBMK), pp.1150-1155, doi:
10.1109/UBMK.2017.8093398.
[10] Shang Wu, Yijie Wang, (2021), "Attention-based Encoder-Decoder Recurrent Neural Networks for
HTTP Payload Anomaly Detection", IEEE International Conference on Parallel & Distributed
Processing with Applications.
[11] A. Perez-Villegas, C. Torrano-Gimenez, G. Alvarez., (2010) “Applying Markov Chains to Web
Intrusion Detection”. In Proceeding of Reunión Española sobre Criptología y Seguridad de la
Información (RECSI 2010), pp. 361-366.
[12] Chinotec Technologies Company, (2004), “Paros - for web application security assessment”, Web
Reference: http://www.parosproxy.org/index.shtml.
[13] Andrés Riancho, (2007), “Web Application Attack and Audit Framework”, Web Reference:
http://w3af.sourceforge.net.
[14] Web-Reference: https://github.com/payloadbox/sql-injection-payload-list
[15] Web-Reference:https://github.com/cujanovic/Markdown-XSS-Payloads/blob/master/Markdown-
XSS-Payloads.txt
[16] Web-Reference:https://github.com/cujanovic/CRLF-Injection-Payloads/blob/master/CRLF-
payloads.txt
[17] Web-Reference: https://github.com/payloadbox/command-injection-payload-list
[18] Web-Reference:https://ismailtasdelen.medium.com/server-side-template-injection-payloads-
895c6fc273e4.
[19] G.B.Govinda Prabhu,R.Mahalakshmi priya, Dr.M.Vasumathy, (2018), "A Study on Intrusion
Detection and Prevention System for Knowledge Management", International Conference on
Emerging Trends and Challanges - ICETC'18, pp.112-119.
17. International Journal of Computer Networks & Communications (IJCNC) Vol.14, No.6, November 2022
97
[20] T.S. Urmila and R. Balasubramanian, (2017), “A Novel Framework for Intrusion Detection Using
Distributed Collaboration Detection Scheme in Packet Header Data ", International Journal of
Computer Networks & Communications (IJCNC) Vol.9, No.4, pp.97-112.
[21] Arash Habibi Lashkari, Gurdip Kaur, and Abir Rahali, (2020) “DIDarknet: A Contemporary
Approach to Detect and Characterize the Darknet Traffic using Deep Image Learning”, 10th
International Conference on Communication and Network Security, pp.1-13.
AUTHORS
S. Meena, Research Scholar (Reg.no: PHDCS18P570), Mother Teresa Women’s University,
Kodaikanal, Tamilnadu, India. Completed MCA at Ramakrishna College of arts and science
for women in 2009 and M.Phil at MKU 2011 Evening College, Dindigul. Have 11 years of
experience in teaching. Published 2 papers at conferences.
Dr. A. Pethalaksmi M.Sc., M.Phil., Ph.D., has 37 years of experience in teaching. Currently
working as Principal, Algappa Government Arts College, Karaikudi, Tamilnadu, India.
Successfully guided 11 Ph.D. Scholars, 52 M.Phil Scholars, 6 Ph.D. in Progressing and
published 65 Research Papers in Journals, 36 Papers in Conferences. Successfully
Conducted 1 National Conference, 3 Workshops, 4 Seminars, and 4 Intercollege Meet. She
has areas of research interest fuzzy, rough set, and neural networks