Book

A Bio-Inspired Hybrid Artificial Intelligence Framework for Cyber Security

Authors:
... 1. A study on bio-inspired hybrid artificial intelligence framework for cyber security (bioHAIFCS) that combines timely and bio-inspired Machine Learning methods suitable for the protection of critical network applications, namely military information systems, applications and networks [4]. ...
Preprint
In the last 25 years, there has been a rapid advance in attacks and security protection. However, the evolution of the velocity of this attack is far outpacing the level of security the businesses are deploying. This is a problem. As a vast number of IoT devices are introduced into the market and each device is transmitting data in real-time. The privacy and security of the data is still at an infant stage, causing it to be subjected to data manipulation and denial-of-service by hackers, through Distributed Denial of Service (DDOS), Man-In-Middle (MIM) and polymorphic malware attacks, among others. For healthcare organizations and services, this problem needs to be immediately remedied to address aspects of trust management and data integrity. In order to prevent the data manipulation, and provide a secure cost effective medium for data transmission to end-users, there is a need to introduce Artificial Intelligence (AI) and Cyber Security in devices. In this paper we are discussing about the proof-of-concept design, of a three stage secure by device solution, consisting of a multi-layered AI based architecture, with polymorphic encryption, and the ability to self-replicate in case of a 5th generation cyber attack(s).
... Finally, the third Fast-Flux Botnet Localization Dataset (F2BLD) comprised of 15 independent variables and 2 classes (benign or botnet). This dataset containing 131,374 patterns (100,000 URLs they were chosen randomly from the database with the 1 million most popular domain names of Alexa, 16,374 malicious URLs from the Black Hole DNS database and 15,000 malicious URLs they were created based on the timestamp DGA algorithm) [11]. ...
Conference Paper
According to the Greek mythology, Ladon was the huge dragon with the 100 heads, which had the ability to stay continuously up, in order to guard the golden “Esperides” apples in the tree of life. Alike the ancient one, digital Ladon is an advanced information systems’ security mechanism, which uses Artificial Intelligence to protect, control and offer early warning in cases of detour or misleading of the digital security measures. It is an effective cross-layer system of network supervision, which enriches the lower layers of the system (Transport, Network and Data). It amplifies in an intelligent manner the upper layers (Session, Presentation and Application) with capabilities of automated control. This is done to enhance the energetic security and the mechanisms of reaction of the general system, without special requirements in computational resources. This paper describes the development of Ladon which is an advanced, incredibly fast and low requirements’ effective filter, that performs analysis of network flow. Ladon uses Online Sequential Extreme Learning Machine with Gaussian Radial Basis Function kernel in order to perform network traffic classification, malware traffic analysis and fast-flux botnets localization.
Article
Full-text available
With information systems worldwide being attacked daily, analogies from traditional warfare are apt, and deception tactics have historically proven effective as both a strategy and a technique for Defense. Defensive Deception includes thinking like an attacker and determining the best strategy to counter common attack strategies. Defensive Deception tactics are beneficial at introducing uncertainty for adversaries, increasing their learning costs, and, as a result, lowering the likelihood of successful attacks. In cybersecurity, honeypots and honeytokens and camouflaging and moving target defense commonly employ Defensive Deception tactics. For a variety of purposes, deceptive and anti-deceptive technologies have been created. However, there is a critical need for a broad, comprehensive and quantitative framework that can help us deploy advanced deception technologies. Computational intelligence provides an appropriate set of tools for creating advanced deception frameworks. Computational intelligence comprises two significant families of artificial intelligence technologies: deep learning and machine learning. These strategies can be used in various situations in Defensive Deception technologies. This survey focuses on Defensive Deception tactics deployed using the help of deep learning and machine learning algorithms. Prior work has yielded insights, lessons, and limitations presented in this study. It culminates with a discussion about future directions, which helps address the important gaps in present Defensive Deception research.
Article
У статті запропоновано переглянути завдання визначення оптимального складу комплексів засобів захисту інформації (ЗЗІ) для узгоджено розподіленої обчислювальної системи (РОС) за допомогою модифікованого генетичного алгоритму (МГА). Як цільову функцію запропоновано критерій максимуму ймовірності успішної протидії ЗЗІ реалізації всіх цілей порушником. На відміну від існуючих підходів, запропонований у роботі МГА і відповідна цільова функція, реалізують кросинговер для випадків, коли пари батьків підбираються виходячи із принципу «елітарності» однієї особини та «випадковості» другої. Показано, що реалізація МГА дозволила прискорити пошук оптимальних варіантів розміщення ЗЗІ по вузлах РОСу 7–15 разів.
Article
In the current ever-changing cybersecurity scenario, active cyber defense strategies are imperative. In this work, we present a standard testbed to measure the efficacy and efficiency of customized networks while analyzing various parameters during the active attack. The presented testbed can be used for analyzing the network behavior in presence of various types of attacks and can help in fine-tuning the proposed algorithm under observation. The proposed testbed will allow users to design, implement, and evaluate the active cyber defense mechanisms with good library support of nature-inspired and AI-based techniques. Network loads, number of clusters, types of home networks, and number of nodes in each cluster and network can be customized. While using the presented testbed and incorporating active-defense strategies on existing network architectures, users can also design and propose new network architectures for effective and safe operation. In this paper, we propose a unified and standard testbed for cyber defense strategy simulation and bench-marking, which would allow the users to investigate current approaches and compare them with others, while ultimately aiding in the selection of the best approach for a given network security situation. We have compared the network performance in difference scenarios namely, normal, under attack and under attack in presence of NICS-based adaptive defense mechanism and achieved stable experimental results. The experimental results clearly show that the proposed testbed is able to simulate the network conditions effectively with minimum efforts in network configuration. The simulation results of defense mechanisms verified on the proposed testbed got the improvement on almost 80 percent while increasing the turnaround time to 1–2 percent. The applicability of proposed testbed in modern technologies like Fog Computing and Edge Computing is also discussed in this paper.
Article
Full-text available
A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization’s security posture on an ongoing basis. The SOC staff works closely with incident response teams, security analysts, network engineers and organization managers using sophisticated data processing technologies such as security analytics, threat intelligence, and asset criticality to ensure security issues are detected, analyzed and finally addressed quickly. Those techniques are part of a reactive security strategy because they rely on the human factor, experience and the judgment of security experts, using supplementary technology to evaluate the risk impact and minimize the attack surface. This study suggests an active security strategy that adopts a vigorous method including ingenuity, data analysis, processing and decision-making support to face various cyber hazards. Specifically, the paper introduces a novel intelligence driven cognitive computing SOC that is based exclusively on progressive fully automatic procedures. The proposed λ-Architecture Network Flow Forensics Framework (λ-ΝF3) is an efficient cybersecurity defense framework against adversarial attacks. It implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming data, using two accurate novel computational intelligence algorithms. Specifically, it uses an Extreme Learning Machine neural network with Gaussian Radial Basis Function kernel (ELM/GRBFk) for the batch data analysis and a Self-Adjusting Memory k-Nearest Neighbors classifier (SAM/k-NN) to examine patterns from real-time streams. It is a forensics tool for big data that can enhance the automate defense strategies of SOCs to effectively respond to the threats their environments face.
Chapter
Full-text available
Prolonged climate change contributes to an increase in the local concentrations of O3 and PMx in the atmosphere, influencing the seasonality and duration of air pollution incidents. Air pollution in modern urban centers such as Athens has a significant impact on human activities such as industry and transport. During recent years the economic crisis has led to the burning of timber products for domestic heating, which adds to the burden of the atmosphere with dangerous pollutants. In addition, the topography of an area in conjunction with the recording of meteorological conditions conducive to atmospheric pollution, act as catalytic factors in increasing the concentrations of primary or secondary pollutants. This paper introduces an innovative hybrid system of predicting air pollutant values (IHAP) using Soft computing techniques. Specifically, Self-Organizing Maps are used to extract hidden knowledge in the raw data of atmospheric recordings and Fuzzy Cognitive Maps are employed to study the conditions and to analyze the factors associated with the problem. The system also forecasts future air pollutant values and their risk level for the urban environment, based on the temperature and rainfall variation as derived from sixteen CMIP5 climate models for the period 2020–2099.
Conference Paper
Full-text available
Modern critical infrastructures are characterized by a high degree of complexity, in terms of vulnerabilities, threats, and interdependencies that characterize them. The possible causes of a digital assault or occurrence of a digital attack are not simple to identify, as they may be due to a chain of seemingly insignificant incidents, the combination of which provokes the occurrence of scalar effects on multiple levels. Similarly, the digital explosion of technologies related to the critical infrastructure and the technical characteristics of their subsystems entails the continuous production of a huge amount of data from heterogeneous sources, requiring the adoption of intelligent techniques for critical analysis and optimal decision making. In many applications (e.g. network traffic monitoring) data is received at a high frequency over time. Thus, it is not possible to store all historical samples, which implies that they should be processed in real time and that it may not be possible to re-review old samples (one-pass constraint). We should consider the importance of protecting critical infrastructure, combined with the fact that many of these systems are cyber-attack targets, but they cannot easily be disconnected from their layout as this could lead to generalized operational problems. This research paper proposes a Multi-Task Learning model for Real-Time & Large-Scale Data Analytics, towards the Cyber protection of Critical Infrastructure. More specifically, it suggests the Multi Overlap LEarning STReaming Analytics (MOLESTRA) which is a standardization of the "Kappa" architecture. The aim is the analysis of large data sets where the tasks are executed in an overlapping manner. This is done to ensure the utilization of the cognitive or learning relationships among the data flows. The proposed architecture uses the k-NN Classifier with Self Adjusting Memory (k-NN SAM). MOLESTRA, provides a clear and effective way to separate the short-term from the long-term memory. In this way the temporal intervals between the transfer of knowledge from one memory to the other and vice versa are differentiated.
Article
Full-text available
During the last few decades, climate change has increased air pollutant concentrations with a direct and serious effect on population health in urban areas. This research introduces a hybrid computational intelligence approach, employing unsupervised machine learning (UML), in an effort to model the impact of extreme air pollutants on cardiovascular and respiratory diseases of citizens. The system is entitled Air Pollution Climate Change Cardiovascular and Respiratory (APCCCR) and it combines the fuzzy chi square test (FUCS) with the UML self organizing maps algorithm. A major innovation of the system is the determination of the direct impact of air pollution (or of the indirect impact of climate change) to the health of the people, in a comprehensive manner with the use of fuzzy linguistics. The system has been applied and tested thoroughly with spatiotemporal data for the Thessaloniki urban area for the period 2004-2013.
Chapter
Full-text available
A serious side effect of climate change is the spread of invasive species (INSP), which constitute a serious and rapidly worsening threat to ecology, to the preservation of natural biodiversity, to the protection of flora and fauna and it can even threaten human population health. These species do not seem to have particular morphological differences, despite the intense variations in their biological characteristics. This often makes their identification very difficult. The need to protect the environment and to safeguard public health requires the development of sophisticated methods for early and valid identification which can lead to timely rational management measures. The aim of this research is the development of an advanced Computational Intelligence (COIN) system, capable to effectively analyze the conditions that influence and favors spreading of invasive species, due to the problem of climate change. Fuzzy Cognitive Maps (FCM) have been used to determine the specific temporal period (in years) in which the rapidly changing average temperature and precipitation in Greece, will become identical to the respective values of the neighboring countries for the period 1996–2015. This climatic evolution will cause spread of INSP met in these Mediterranean countries, to Greece. Separate analysis has been done for several cases of invasive species. The whole analysis is based on climate change models up to 2100.
Chapter
Full-text available
https://link.springer.com/chapter/10.1007%2F978-3-319-44944-9_17 Forest fires are one of the major natural disaster problems of the Mediterranean countries. Their prevention - effective fighting and especially the local prediction of the forest fire risk, requires the rational determination of the related factors and the development of a flexible system incorporating an intelligent inference mechanism. This is an enduring goal of the scientific community. This paper proposes an Intelligent Soft Computing Multivariable Analysis system (ISOCOMA) to determine effective wild fire risk indices. More specifically it involves a Takagi-Sugeno-Kang rule based fuzzy inference approach, that produces partial risk indices (PRI) per factor and per subject category. These PRI are unified by employing fuzzy conjunction T-Norms in order to develop pairs of risk indices (PARI). Through Chi Squared hypothesis testing, plus classification of the PARI and forest fire burned areas (in three classes) it was determined which PARI are closely related to the actual burned areas. Actually we have managed to determine which pairs of risk indices are able to determine the actual burned area for each case under study. Wild fire data related to specific features of each area in Greece were considered. The Soft computing approach proposed herein, was applied for the cases of Chania, and Ilia areas in Southern Greece and for Kefalonia island in the Ionian Sea, for the temporal period 1984–2004.
Article
Full-text available
This research compares the nitrogen monoxide and methane exhaust emissions produced by the engines of two conventional chainsaws (a professional and an amateur one) to those produced by a catalytic. For all the three types of chainsaws, measurements were taken under the following three different functional modes: (a) normal conditions with respect to infrequent acceleration, (b) normal conditions, (c) use of high-quality motor oil with a clean filter. The experiment was extended much further by considering measurements of nitrogen monoxide and methane concentrations for all the three types of chainsaws, in respect to four additional operation forms. More specifically, the emissions were measured (a) under normal conditions, (b) under the application of frequent acceleration, (c) with the use of poor-quality motor oil and (d) with chainsaws using impure filters. The experiments and data collection were performed in the forest under “real conditions.” Measurements conducted under real conditions were named “control” measurements and were used for future comparisons. The authors used a portable analyzer (Dräger X-am 5000 a Dräger Sensor XXSNO and a CatEx 125 PRCH4) for the measurement of exhaust emissions. The said analyzer can measure the concentrations of exhaust gas components online, while the engine is running under field conditions. In this paper, we have been employed fuzzy sets and fuzzy Chi-square tests in order to model air pollution produced by each type of chainsaw under each type of operation condition. The overall conclusion is that the catalytic chainsaw is the most environmentally friendly.
Article
Full-text available
Forest fires are one of the most serious natural disasters for the countries of the Mediterranean basin and especially for Greece. Studying the climate change effect on the maximization of the problem is a constant objective of the scientific community. This research initially proposes an innovative hybrid version of the statistical Chi-Square test that employs Soft Computing methods. More specifically it introduces the Fuzzy Chi Square Independence test that fuzzifies p values using proper Risk Linguistics, based on Fuzzy Membership functions. In the second stage, it proposes a new Hybrid approach that models the evolution of burned areas in Greece. First it analyzes the parameters and determines the way they affect the problem, by constructing Fuzzy cognitive maps. The system projects into the future and forecasts the evolution of the problem through the years till 2100, based on the variance of average monthly temperature and average rain height (due to climate change) for the months May–October based on various climate models. Historical data for the period 1984–2004 were used to test the system for the areas of Chania and Ilia.
Article
Full-text available
Mining hidden knowledge from available datasets is an extremely time-consuming and demanding process, especially in our era with the vast volume of high-complexity data. Additionally, validation of results requires the adoption of appropriate multifactor criteria, exhaustive testing and advanced error measurement techniques. This paper proposes a novel Hybrid Fuzzy Semi-Supervised Forecasting Framework. It combines fuzzy logic, semi-supervised clustering and semi-supervised classification in order to model Big Data sets in a faster, simpler and more essential manner. Its advantages are clearly shown and discussed in the paper. It uses as few pre-classified data as possible while providing a simple method of safe process validation. This innovative approach is applied herein to effectively model the air quality of Athens city. More specifically, it manages to forecast extreme air pollutants’ values and to explore the parameters that affect their concentration. Also it builds a correlation between pollution and general climatic conditions. Overall, it correlates the built model with the malfunctions caused to the city life by this serious environmental problem.
Article
Full-text available
The upgrade of energy infrastructures by the incorporation of communication and Internet technologies might introduce new risks for the security and for the smooth operation of electricity networks. Exploitation of the potential vulnerabilities of the heterogeneous systems used in smart energy grids (SEGs) may lead to the loss of control of critical electronic devices and, moreover, to the interception of confidential information. This may result in the disruption of essential services or even in total power failures. Addressing security issues that can ensure the confidentiality, the integrity, and availability of energy information is the primary objective for a transition to a new energy shape. This research paper presents an innovative system that can effectively offer SEG cybersecurity. It employs soft computing approaches, fuzzy cognitive maps, and a Mamdani fuzzy inference system in order to model overall security level. Three of the 27 scenarios considered herein have low overall security level, 21 of them have middle overall security, whereas only 3 are characterized as secure. The system automates the strategic planning of high security standards, as it allows a thorough audit of digital systems related to potential infrastructures and it contributes towards accurate decision-making in cases of threats.
Article
Full-text available
It is a fact that more and more users are adopting the online digital payment systems via mobile devices for everyday use. This attracts powerful gangs of cybercriminals, which use sophisticated and highly intelligent types of malware to broaden their attacks. Malicious software is designed to run quietly and to remain unsolved for a long time. It manages to take full control of the device and to communicate (via the Tor network) with its Command & Control servers of fast-flux botnets’ networks to which it belongs. This is done to achieve the malicious objectives of the botmasters. This paper proposes the development of the computational intelligence anti-malware framework (CIantiMF) which is innovative, ultra-fast and has low requirements. It runs under the android operating system (OS) and its reasoning is based on advanced computational intelligence approaches. The selection of the android OS was based on its popularity and on the number of critical applications available for it. The CIantiMF uses two advanced technology extensions for the ART java virtual machine which is the default in the recent versions of android. The first is the smart anti-malware extension, which can recognize whether the java classes of an android application are benign or malicious using an optimized multi-layer perceptron. The optimization is done by the employment of the biogeography-based optimizer algorithm. The second is the Tor online traffic identification extension, which is capable of achieving malware localization, Tor traffic identification and botnets prohibition, with the use of the online sequential extreme learning machine algorithm.
Article
Full-text available
The need to protect the environment and biodiversity and to safeguard public health require the development of timely and reliable methods for the identification of particularly dangerous invasive species, before they become regulators of ecosystems. These species appear to be morphologically similar, despite their strong biological differences, something that complicates their identification process. Additionally, the localization of the broader space of dispersion and the development of invasive species are considered to be of critical importance in the effort to take proper management measures. The aim of this research is to create an advanced computational intelligence system for the automatic recognition, of invasive or another unknown species. The identification is performed based on the analysis of environmental DNA by employing machine learning methods. More specifically, this research effort proposes a hybrid bio-inspired computational intelligence detection approach. It employs extreme learning machines combined with an evolving Izhikevich spiking neuron model for the automated identification of the invasive fish species “Lagocephalus sceleratus” extremely dangerous for human health.
Article
Full-text available
Air pollution is the problem of adding harmful substances or other agents into the atmosphere and it is caused by industrial, transport or household activities. It is one of the most serious problems of our times and the determination of the conditions under which we have extreme pollutants' values is a crucial challenge for the modern scientific community. The innovative and effective hybrid algorithm designed and employed in this research effort is entitled Easy Hybrid Forecasting (EHF). The main advantage of the EHF is that each forecasting does not require measurements from sensors, other hardware devices or data that require the use of expensive software. This was done intentionally because the motivation for this work was the development of a hybrid application that can be downloaded for free and used easily by everyday common people with no additional financial cost, running in devices like smart phones. From this point of view it does not require data from sensors or specialized software and it can offer people reliable information about extreme cases.
Article
Full-text available
The clustering algorithm hybridization scheme has become of research interest in data partitioning applications in recent years. The present paper proposes a Hybrid Fuzzy clustering algorithm (combination of Fuzzy C-means with extension and Subtractive clustering algorithm) for data classifications applications. The fuzzy c-means (FCM) and subtractive clustering (SC) algorithm has been widely discussed and applied in pattern recognitions, machine learning and data classifications. However the FCM could not guarantee unique clustering result because initial cluster number is chosen randomly as the result of the classification is unstable. On the other hand, the SC is a fast, one-pass algorithm for estimating the numbers and center of clusters for a set of data. This paper presents the two different clustering algorithms and their comparison. First clustering algorithm is fuzzy c-means clustering, and second is subtractive clustering. Results show that the SC is better than FCM in respect of speed but not as good in accuracy, so a modified hybrid clustering algorithm is designed with all these parameters. The experiments show that the hybrid clustering algorithm can improve the speed, and reduce the iterative amount. At the same time, the hybrid algorithm can make the results of data partitions are more stable and higher accuracy.
Article
Full-text available
The analysis of air quality and the continuous monitoring of air pollution levels are important subjects of the environmental science and research. This problem actually has real impact in the human health and quality of life. The determination of the conditions which favor high concentration of pollutants and most of all the timely forecast of such cases is really crucial, as it facilitates the imposition of specific protection and prevention actions by civil protection. This research paper discusses an innovative three folded intelligent hybrid system of combined machine learning algorithms HISYCOL (henceforth). First it deals with the correlation of the conditions under which high pollutants concentrations emerge. On the other hand it proposes and presents an ensemble system using combination of machine learning algorithms capable of forecasting the values of air pollutants (VAP). What is really important and gives this modeling effort a hybrid nature is the fact that it uses clustered datasets. Moreover this approach improves the accuracy of existing forecasting models by using unsupervised machine learning to cluster the data vectors and trace hidden knowledge. Finally it employs a Mamdani fuzzy inference system for each air pollutant in order to forecast even more effectively its concentrations.
Article
Full-text available
Several machine learning models were used to predict interior spruce wood density using data from open-pollinated progeny testing trial. The data set consists of growth (height and diameter which were used to estimate individual tree volume) and wood quality (wood density determined by X-ray densitometry, resistance to drilling, and acoustic velocity) attributes for a total of 1,146 trees growing on comparable sites in interior British Columbia. Various machine learning models were developed for estimating wood density. The Multi Layer Feed Forward (MLFF) artificial neural networks and Gene Expression Programming (GEP) provided the highest predictability as compared to the other methods tested, including those based on classical multiple regression which was considered as the comparisons benchmark. The utilization of machine learning models as a credible method for estimating wood density using available growth data as an indirect method for determining trees wood density is expected to become increasingly helpful to forest managers and tree breeders.
Conference Paper
Full-text available
The idea that neurones transmit information using a rate code is extremely entrenched in the neuroscience community. The vast majority of neurophysiological studies simply describe neural responses in terms of firing rate, and while studies using Peri-Stimulus Time Histograms (PSTHs) are fairly common, only rarely does one get to see the underlying spikes in the form of a raster display. Even rarer are studies that provide information about how spikes are generated across a population of neurones.
Article
Full-text available
Web application has various input functions which are susceptible to SQL-Injection attack. SQL-Injection occurs by injecting suspicious code or data fragments in a web application.Personal information disclosure ,loss of authenticity, data theft and site fishing falls under this attack category. It is impossible to check original data code and suspicious data code using available algorithms and approaches because of inefficient and proper training techniques of dataset or design aspects. In this paper we will use SVM (Support Vector Machine) for classification and prediction of SQL-Injection attack. In our propose algorithm, SQL-Injection attack detection accuracy is (96.47% and which is the highest among the existing SQL-Injection detection Techniques.
Article
Full-text available
Malware writers employ packing techniques (i.e., encrypt the real payload) to hide the actual code of their creations. Generic unpacking techniques execute the binary within an isolated environment (namely 'sandbox') to gather the real code of the packed executable. However, this approach can be very time consuming. A common approach is to apply a filter-ing step to avoid the execution of not packed binaries. To this end, supervised machine learning models trained with static features from the executables have been proposed. Notwithstand-ing, these methods need the identification and labelling of a high number of packed and not packed executables. In this paper, we propose a new method for packed executable detection that adopts collective learning approaches (a kind of semi-supervised learning) to reduce the labelling requirements of completely supervised approaches. We performed an empirical val-idation demonstrating that the system maintains a high accuracy rate when the number of labelled instances in the dataset is lower.
Article
Full-text available
Modern multi-tier application systems are gen- erally based on high performance database sys- tems in order to process and store business in- formation. Containing valuable business infor- mation, these systems are highly interesting to attackers and special care needs to be taken to prevent any malicious access to this database layer. In this work we propose a novel approach for modelling SQL statements to apply machine learning techniques, such as clustering or out- lier detection, in order to detect malicious be- haviour at the database transaction level. The approach incorporates the parse tree structure of SQL queries as characteristic e.g. for cor- relating SQL queries with applications and dis- tinguishing benign and malicious queries. We demonstrate the usefulness of our approach on real-world data.
Conference Paper
Full-text available
With the rapid expansion of computer networks during the past decade, security has become a crucial issue for computer systems. Different soft-computing based methods have been proposed in recent years for the development of intrusion detection systems. This paper presents a neural network approach to intrusion detection. A Multi Layer Perceptron (MLP) is used for intrusion detection based on an off-line analysis approach. While most of the previous studies have focused on classification of records in one of the two general classes -normal and attack, this research aims to solve a multi class problem in which the type of attack is also detected by the neural network. Different neural network structures are analyzed to find the optimal neural network with regards to the number of hidden layers. An early stopping validation method is also applied in the training phase to increase the generalization capability of the neural network. The results show that the designed system is capable of classifying records with about 91% accuracy with two hidden layers of neurons in the neural network and 87% accuracy with one hidden layer.
Article
Full-text available
In computer networks, large scale attacks in their final stages can readily be identified by observing very abrupt changes in the network traffic, but in the early stage of an attack, these changes are hard to detect and difficult to distinguish from usual traffic fluctuations. In this paper, we develop efficient adaptive sequential and batch-sequential methods for an early detection of attacks from the class of "denial–of–service attacks". These methods employ statis-tical analysis of data from multiple layers of the network protocol for detection of very subtle traffic changes, which are typical for these kinds of attacks. Both the sequential and batch-sequential algorithms utilize thresholding of test statistics to achieve a fixed rate of false alarms. The algo-rithms are developed on the basis of the change-point detec-tion theory: to detect a change in statistical models as soon as possible, controlling the rate of false alarms. There are three attractive features of the approach. First, both meth-ods are self-learning, which enables them to adapt to various network loads and usage patterns. Second, they allow for detecting attacks with small average delay for a given false alarm rate. Third, they are computationally simple, and hence, can be implemented on line. Theoretical frameworks for both kinds of detection procedures, as well as results of simulations, are presented.
Article
Full-text available
As reverse engineering becomes a prevalent technique to an-alyze malware, malware writers leverage various anti-reverse engineering techniques to hide their code. One technique commonly used is code packing as packed executables hin-der code analysis. While this problem has been previously researched, the existing solutions are either unable to handle novel samples, or vulnerable to various evasion techniques. In this paper, we propose a fully dynamic approach that cap-tures an intrinsic nature of hidden code execution that the original code should be present in memory and executed at some point at run-time. Thus, this approach monitors pro-gram execution and memory writes at run-time, determines if the code under execution is newly generated, and then extracts the hidden code of the executable. To demonstrate its effectiveness, we implement a system, Renovo, and eval-uate it with a large number of real-world malware samples. The experiments show that Renovo is accurate compared to previous work, yet practical in terms of performance.
Article
In this interesting and original study, the authors present an ensemble Machine Learning (ML) model for the prediction of the habitats’ suitability, which is affected by the complex interactions between living conditions and survival-spreading climate factors. The research focuses in two of the most dangerous invasive mosquito species in Europe with the requirements’ identification in temperature and rainfall conditions. Though it is an interesting approach, the ensemble ML model is not presented and discussed in sufficient detail and thus its performance and value as a tool for modeling the distribution of invasive species cannot be adequately evaluated.
Presentation
A Machine Hearing Framework for Real-Time Streaming Analytics using Lambda Architecture
Article
Biosafety is defined as a set of preventive measures aimed at reducing the risk of infectious diseases’ spread to crops and animals, by providing quarantine pesticides. Prolonged and sustained overheating of the sea, creates significant habitat losses, resulting in the proliferation and spread of invasive species, which invade foreign areas typically seeking colder climate. This is one of the most important modern threats to marine biosafety. The research effort presented herein, proposes an innovative approach for Marine Species Identification, by employing an advanced intelligent Machine Hearing Framework (MHF). The target is the identification of invasive alien species (IAS), based on the sounds they produce. This classification attempt, can provide significant aid towards the protection of biodiversity, and can achieve overall regional biosecurity. Hearing recognition is performed by using the Online Sequential Multilayer Graph Regularized Extreme Learning Machine Autoencoder (MIGRATE_ELM). The MIGRATE_ELM uses an innovative Deep Learning algorithm (DELE) that is applied for the first time for the above purpose. The assignment of the corresponding class “native” or “invasive” in its locality, is carried out by an equally innovative approach entitled “Geo Location Country Based Service” that has been proposed by our research team.
Chapter
According to the latest projections of the International Energy Agency, smart grid technologies have become essential to handling the radical changes expected in international energy portfolios through 2030. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring, and telecommunication capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial, and residential end user. New digital equipment and devices can be strategically deployed to complement existing equipment. Using a combination of centralized IT and distributed intelligence within critical system control nodes ranging from thermal and renewable plant controls to grid and distribution utility servers to cities, commercial and industrial infrastructures, and homes a smart grid can bring unprecedented efficiency and stability to the energy system. Information and communication infrastructures will play an important role in connecting and optimizing the available grid layers. Grid operation depends on control systems called Supervisory Control and Data Acquisition (SCADA) that monitor and control the physical infrastructure. At the heart of these SCADA systems are specialized computers known as Programmable Logic Controllers (PLCs). There are destructive cyber-attacks against SCADA systems as Advanced Persistent Threats (APT) were able to take over the PLCs controlling the centrifuges, reprogramming them in order to speed up the centrifuges, leading to the destruction of many and yet displaying a normal operating speed in order to trick the centrifuge operators and finally can not only shut things down but can alter their function and permanently damage industrial equipment. This paper proposes a computational intelligence System for Identification Cyber-Attacks on the Smart Energy Grids (SICASEG). It is a big data forensics tool which can capture, record, and analyze the smart energy grid network events to find the source of an attack to both prevent future attacks and perhaps for prosecution. © 2018, Springer International Publishing AG, part of Springer Nature.
Chapter
It is a fact that the geographical position of Greece is in the boundaries of three continents. Its complex geological history and its large topographic heterogeneity is characterized by complex terrain, extensive fallow fragmentation, large number of caves, huge coastline and relatively mild human intervention. Due to all of the above Greece is characterized by its great biodiversity. The most serious consequences of climate change can be detected in biological diversity, which can be influenced by a combination of direct effects on organisms. It is a fact that temperature affects the survival rates and the reproductive success. Also there are indirect effects via biotic interactions, like the allocation of the competitive advantage. On the other hand, there are effects in the change of the abiotic parameters (e.g. flooding’s, changes in ocean currents and other). Due to all of the above, Greece serves as a barometer, as firstly the significant increase in temperature and the reduction in rainfall, positions the country in the heart of climate developments. This paper presents a thorough study of the climate change impact on the biodiversity of ecosystems. More specifically, it is presented a spatiotemporal analysis and recording of the invasion of invasive species in the flora and fauna of the Greek territory. Another important aspect of this research is modeling of the future impacts based on the most probable climate change scenarios.
Conference Paper
Abstract—Prolonged and sustained warming of the sea, acidification of surface water and rising of sea levels, creates significant habitat losses, resulting in the proliferation and spread of invasive species which immigrate to foreign regions seeking colder climate conditions. This is happening either because their natural habitat does not satisfy the temperature range in which they can survive, or because they are just following their food. This has negative consequences not only for the environment and biodiversity but for the socioeconomic status of the areas and for the human health. This research aims in the development of an advanced Machine Hearing system towards the automated recognition of invasive fish species based on their sounds. The proposed system uses the Spiking Convolutional Neural Network algorithm which cooperates with Geo Location Based Services. It is capable to correctly classify the typical local fish inhabitants from the invasive ones.
Chapter
Confidentiality, Integrity, and Availability of Military information is a crucial and critical factor for a country’s national security. The security of military information systems (MIS) and Networks (MNET) is a subject of continuous research and design, due to the fact that they manage, store, manipulate, and distribute the information. This study presents a bio-inspired hybrid artificial intelligence framework for cyber security (bioHAIFCS). This framework combines timely and bio-inspired Machine Learning methods suitable for the protection of critical network applications, namely military information systems, applications and networks. More specifically, it combines (a) the hybrid evolving spiking anomaly detection model (HESADM), which is used in order to prevent in time and accurately, cyber-attacks, which cannot be avoided by using passive security measures, namely: Firewalls, (b) the evolving computational intelligence system for malware detection (ECISMD) that spots and isolates malwares located in packed executables untraceable by antivirus, and (c) the evolutionary prevention system from SQL injection (ePSSQLI) attacks, which early and smartly forecasts the attacks using SQL Injections methods.
Book
Software similarity and classification is an emerging topic with wide applications. It is applicable to the areas of malware detection, software theft detection, plagiarism detection, and software clone detection. Extracting program features, processing those features into suitable representations, and constructing distance metrics to define similarity and dissimilarity are the key methods to identify software variants, clones, derivatives, and classes of software. Software Similarity and Classification reviews the literature of those core concepts, in addition to relevant literature in each application and demonstrates that considering these applied problems as a similarity and classification problem enables techniques to be shared between areas. Additionally, the authors present in-depth case studies using the software similarity and classification techniques developed throughout the book.
Article
The yield behavior of thin-walled whole hollow spheres was studied, whichwere welded at four points by two hemisphere shells. For a single sphere, thereare few cracks at the shell equatorial plane after welding. In the quasistaticuniaxial compression experiments, the yield load is different with the angle ofequatorial plane and the horizontal plane, and the weld point quality. TheRadial basis function networks (RBFNNs,) is employed as a calculate tool of theyield load for a given angle and the designated weld point. All the modelsdeveloped are of acceptable accuracy within the experimental data range,considering the complexity of the property correlation of hollow sphere. TheseANN models could be beneficial to the shell. ICIC International
Article
Due to the rapid change of technology along with advanced data-collection systems, the simultaneous monitoring of two or more quality characteristics (or variables) is necessary. Multivariate Statistical Process Control (SPC) charts are able to effectively detect process disturbances. However, when a disturbance in a multivariate process is triggered by a multivariate SPC chart, process personnel are usually only aware that there are assignable causes causing the multivariate process to be out-of-control. It is very difficult to determine which of the monitored quality characteristics is responsible for this out-of-control signal. This determination is crucial for process improvement, for it can greatly help identify the root causes of the malfunction. As a consequence, this determination becomes a promising research issue in multivariate SPC applications. In this study, we are motivated to propose two mechanisms to solve this difficulty: (1) the integration of the neural network (NN), the Hotelling T2 SPC chart and RAM; and (2) the integration of the support vector machine (SVM), the Hotelling T2 SPC chart and RAM. The performance of various process designs was investigated in this study and is compared with the existing RAM method. Using a series of simulations, the results clearly demonstrate greatly enhanced identification rates.
Article
This paper intends to build up a data analyzing system by mining customers'inner desires on target products through, their specific knowledge, and, thusto automate all, the process of strategy-forming and, product-promotion of EC.The major objectives of this paper are to deploy a hybrid framework to improveweb mining effectively and efficiently, deploy a sequence mining to analyzeuser's navigation, pattern and provide personalized promoted products for eachspecific individual customer in the future and deploy the application of the newmodel to a real, world business case analysis. Several, techniques are employedby this research,. First. "Footstep graph," is used, to visualize theuser's "click-stream data/'. As a result, any particular pattern can bedetected easily and quickly. Secondly, a novel sequence mining technique isapplied, to identify pre-designated, user's navigation, pattern. Third, theback-propagation network (BPN) models are integrated efficiently at the sametime. The techniques listed above are verified by empirical theory to predictprecisely the user's navigation behavior and to categorize his/her desire.ICIC International
Article
This paper introduces a new decentralized adaptive neural network controller for a class of large-scale nonlinear systems with unknown non-affine subsystems and unknown interconnections represented by nonlinear functions. A multilayer feedforward neural network is used to represent the controller's structure. The ultimate boundedness of the closed loop system is guaranteed through Lyapunov stability analysis by introducing a suitably driven adaptive rule. To show the effectiveness of the proposed decentralized adaptive controller, a nonlinear system is chosen as a case study. Simulation results are very promising.
Article
Modern web application systems are generally consisted of database systems in order to process and store business information. These systems are highly interesting to hackers as they contain sensitive information and the diversity and amount of attacks severely undermine the effectiveness of classical signature-based detection. In this work we propose a novel approach for learning SQL statements and apply machine learning techniques, such as one class classification, in order to detect malicious behavior between the database and application. The approach incorporates the tree structure of SQL queries as well as input parameter and query value similarity as characteristic to distinguish malicious from benign queries. We develop the learning system integrated in PHP and demonstrate the usefulness of our approach on real-world application.
Conference Paper
Climate change combined with the increase of extreme weather phenomena, has significantly influenced marine ecosystems, resulting in water overheating, increase of sea level and rising of the acidity of surface waters. The potential impacts in the biodiversity of sensitive ecosystems (such as Mediterranean sea) are obvious. Many organisms are under extinction, whereas other dangerous invasive species are multiplied and thus they are destroying the ecological equilibrium. This research paper presents the development of a sophisticated, fast and accurate Food Pathogen Detection (FPD) system, which uses the biologically inspired Artificial Intelligence algorithm of Extreme Learning Machines. The aim is the automated identification and control of the extremely dangerous for human health invasive fish species “Lagocephalus Sceleratus”. The matching is achieved through extensive comparisons of protein and DNA sequences, known also as DNA barcodes following an ensemble learning approach.
Chapter
In the history of research of the learning problem one can extract four periods that can be characterized by four bright events: (i) Constructing the first learning machines, (ii) constructing the fundamentals of the theory, (iii) constructing neural networks, (iv) constructing the alternatives to neural networks.
Article
In this paper, we present the most critical security risk of vulnerable web applications, SQL injection attack. We design a system based on machine learning for preventing SQL injection attack, which utilizes pattern classifiers to detect injection attacks and protect web applications. The system captures parameters of HTTP requests, and converts them into numeric attributes. Numeric attributes include the length of parameters and the number of keywords of parameters. Using these attributes, the system classifies the parameters by Bayesian classifier for judging whether parameters are injection patterns. If any SQL injection pattern is found, the TCP connection between the attacker and server will be terminated immediately. As a learning-based method, it is necessary to have a training phase before the detection and prevention. We also present a tool that generates massive injection and legitimate patterns automatically by randomization and combination. We evaluated this method with various different types of injection patterns, and evaluated the actual effect with a popular SQL injection attack tool named Sqlmap. The results of evaluation show that proposed system was able to prevent SQL injection attack with a simple mechanism and high positive detection rate.
Conference Paper
Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.
Book
Introduction to Neural Networks with Java, Second Edition, introduces the Java programmer to the world of Neural Networks and Artificial Intelligence. Neural network architectures, such as the feedforward, Hopfield, and self-organizing map architectures are discussed. Training techniques, such as backpropagation, genetic algorithms and simulated annealing are also introduced. Practical examples are given for each neural network. Examples include the traveling salesman problem, handwriting recognition, financial prediction, game strategy, mathematical functions, and Internet bots. All Java source code is available online for easy downloading.
Article
Acidic combustion gases can cause rapid corrosion when they condense on pollution control or energy recovery equipments. Since the potential of sulfuric acid condensation from flue gases is of considerable economic significance, a multi-layer feed forward artificial neural network has been presented for accurate prediction of the flue gas sulfuric acid dew points to mitigate the corrosion problems in process and power plants. According to the network’s training, validation and testing results, a three layer neural network with four neurons in the hidden layer is selected as the best architecture for accurate prediction of sulfuric acid dew points. The presented model is very accurate and reliable for predicting the acid dew points over wide ranges of sulfur trioxide and water vapor concentrations. Comparison of the suggested neural network model with the most important existing correlations shows that the proposed neuromorphic model outperforms the other alternatives both in accuracy and generality. The predicted flue gas sulfuric acid dew points are in excellent agreement with experimental data suggesting the accuracy of the proposed neural network model for predicting the sulfuric acid condensation in stacks, pollution control devices, economizers and flue gas recovery systems in process industries.