December 2024
·
5 Reads
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
December 2024
·
5 Reads
November 2024
·
5 Reads
·
1 Citation
Proceedings of the ACM on Networking
Network traffic datasets are regularly criticized, notably for the lack of realism and diversity in their attack or benign traffic. Generating synthetic network traffic using generative machine learning techniques is a recent area of research that could complement experimental test beds and help assess the efficiency of network security tools such as network intrusion detection systems. Most methods generating synthetic network flows disregard the temporal dependencies between them, leading to unrealistic traffic. To address this issue, we introduce FlowChronicle , a novel synthetic network flow generation tool from mined patterns and Bayesian networks. As a core component, we propose a novel pattern miner in combination with statistical models to preserve temporal dependencies. We empirically compare our method against state-of-the-art techniques on several criteria, namely realism, diversity, compliance, and novelty. This evaluation demonstrates the capability of FlowChronicle to achieve high-quality generation while significantly outperforming the other methods in preserving temporal dependencies between flows. Besides, in contrast to deep learning methods, the patterns identified by FlowChronicle are explainable, and experts can verify their soundness. Our work substantially advances synthetic network traffic generation, offering a method that enhances both the utility and trustworthiness of the generated network flows.
July 2024
·
99 Reads
·
1 Citation
Cyber-Physical Systems (CPSs) complexity has been continuously increasing to support new life-impacting applications, such as Internet of Things (IoT) devices or Industrial Control Systems (ICSs). These characteristics introduce new critical security challenges to both industrial practitioners and academics. This work investigates how Model-Based System Engineering (MBSE) and attack graph approaches could be leveraged to model secure Cyber-Physical System solutions and identify high-impact attacks early in the system development life cycle. To achieve this, we propose a new framework that comprises (1) an easily adoptable modeling paradigm for Cyber-Physical System representation, (2) an attack-graph-based solution for Cyber-Physical System automatic quantitative security analysis, based on the MulVAL security tool, (3) a set of Model-To-Text (MTT) transformation rules to bridge the gap between SysML and MulVAL. We illustrated the validity of our proposed framework through an autonomous ventilation system example. A Denial of Service (DoS) attack targeting an industrial communication protocol was identified and displayed as attack graphs. In future work, we intend to connect the approach to dynamic security databases for automatic countermeasure selection.
July 2024
·
45 Reads
5G brings significant advancement, offering lower latency, and improved connectivity. Yet, its complexity, stemming from factors such as integrating advanced technologies like Software Defined Networking (SDN) and slicing, introduces challenges in implementing strong security measures against emerging threats. Although Intrusion Detection Systems (IDSs) can successfully detect attacks, the novelty of 5G creates an expanded attack surface. Collaboration is essential for detecting novel, distributed attacks, and ensuring comprehensive observability in multiparty networks. However, such collaboration raises privacy concerns due to the sensitivity of shared data. Federated Learning (FL), a collaborative Machine Learning (ML) approach, is a promising solution to preserve privacy as the model is trained locally without exchanging raw data. In this paper, we examine ongoing efforts on FL-based IDS solutions in 5G. We set out to systematically review them in the light of challenges raised by their practical deployment in 5G networks. Out of the numerous papers we analyzed in FL, only 17 specifically concentrate on 5G scenarios making them the focus of this study. Towards systematizing knowledge, we first identify IDS challenges in 5G. Second, we classify FL-based IDS according to (i) their 5G application domain, (ii) 5G challenges they address, and (iii) their FL approach in terms of architecture, parameters, detection method, evaluation, etc. Through this examination, we find out that some issues receive less attention, prompting us to explore potential solutions. Additionally, we have identified other challenges, like the lack of evaluation results applicability due to the difficulties in getting high quality 5G datasets for evaluation.
July 2024
·
17 Reads
·
1 Citation
June 2024
·
4 Reads
·
1 Citation
June 2024
·
37 Reads
·
1 Citation
January 2024
November 2023
·
9 Reads
April 2023
·
27 Reads
Lecture Notes in Computer Science
Intrusion detection systems are an important domain in cybersecurity research. Countless solutions have been proposed, continuously improving upon one another. Yet, and despite the introduction of distinct approaches, including machine-learning methods, the evaluation methodology has barely evolved.In this paper, we design a comprehensive evaluation framework for Machine Learning (ML)-based intrusion detection systems (IDS) and take into account the unique aspects of ML algorithms, their strengths and weaknesses. The framework design is inspired by both i) traditional IDS evaluation methods and ii) recommendations for evaluating ML algorithms in diverse application areas. Data quality being the key to machine learning, we focus on data-driven evaluation by exploring data-related issues. Our approach goes beyond evaluating intrusion detection performance (also known as effectiveness) and aims at proposing standard data manipulation methods to tackle robustness and stability. Finally, we evaluate our framework through a qualitative comparison with other IDS evaluation approaches from the state of the art.KeywordsIntrusion Detection SystemMachine learningData-driven EvaluationEvaluation Framework
... A possible solution to this problem is represented by the use of synthetic networks, that are generated to reproduce specific characteristics of real networks [31][32][33][34]. Among the synthetic networks that can be built, surrogate networks, i.e., synthetic networks generated to imitate a specific input network, are particularly relevant in this task. ...
November 2024
Proceedings of the ACM on Networking
... The key takeaways are that numerous experts and research articles highlight the importance of AI in cybersecurity for countering contemporary threats and enhancing SOC operational workflows. Nevertheless, it is crucial to address ethical considerations and privacy concerns, ensuring that AI implementation complies with existing legislation [89]- [92]. However, it is evident that AI can be regarded as an essential protection barrier for any organization due to its effectiveness in countering a wide range of potential attacks. ...
November 2022
annals of telecommunications - annales des télécommunications
... Explainable AI (XAI) [15] [16]: XAI attempts to enable machine learning models to be comprehensible and understandable, and able to explain how they make decisions. LIME (Local Interpretable Model-agnostic Explanations) [18] [17] is one popular XAI method to give an account of predictions by replacing hard-to-apprehend models with locally linear models on a particular example. ...
October 2022
annals of telecommunications - annales des télécommunications
... The growing diversity of smart home devices makes standardized network management methods impractical for Broadband Service Providers (BSPs) to identify devices that can degrade network performance. Therefore, automatic device classification plays an increasingly important role in securing smart home networks, particularly with detecting vulnerable devices and enforcing access control measures [5]. ...
September 2022
IEEE Access
... Thus, the strategy followed by many researchers is to generate synthetic IoT traffic. In [138], the authors use an autoencoder and a GAN to generate sequences of packet sizes that correspond to bidirectional flows. The autoencoder is trained to learn a latent representation of real sequences of packet sizes and then the GAN is trained to learn to generate latent vectors that can be decoded into realistic sequences. ...
December 2020
... In more recent works, researchers attempt to promote solutions concerning different aspects. For instance, research and innovation [18], legal and police [19], historical to maintaining computer security [20], challenges to face the interoperable cyber-security of information [21], barriers that have been present in the implementation of CSIRTs [22]. Finally, at a local level, the ECU-CERT of the Ecuadorian government, the CSIRT of Ecuadorian Consortium for the Development of Research and Academia (CEDIA), and the CSIRT of the National Polytechnic School, which function with traditional services, are still in the implementation and improvement to reach their maturity levels. ...
January 2021
... In more recent works, researchers attempt to promote solutions concerning different aspects. For instance, research and innovation [18], legal and police [19], historical to maintaining computer security [20], challenges to face the interoperable cyber-security of information [21], barriers that have been present in the implementation of CSIRTs [22]. Finally, at a local level, the ECU-CERT of the Ecuadorian government, the CSIRT of Ecuadorian Consortium for the Development of Research and Academia (CEDIA), and the CSIRT of the National Polytechnic School, which function with traditional services, are still in the implementation and improvement to reach their maturity levels. ...
January 2021
... In this scenario, an Impersonation Attack could be suffered, where an attacker impersonates an NSM, having total control of the segments, impacting integrity, including confidentiality of the system, with the API being an attack point [11] [12] [13]. If the traffic between VNFS is routed through an insecure physical route, it could suffer replay attacks and MitM affecting confidentiality and can escalate further [11] [12] [15]. In addition, control plane functions such as the network segment selection function (NSSF) are common in several segments. ...
January 2021
Computers & Security
... SDN also plays an enabling role in network analysis and control management. This paradigm is called software-defined vehicular networks (SDVN) [2]. Recently, many researchers carried out their work for improving vehicular networks. ...
September 2019
... Recent studies highlight the increasing focus on integrating anomaly detection into the Internet of Things (IoT), particularly within smart home settings. Shahid et al. [8] have developed novel approaches to enhance anomaly detection in IoT, while Hegde et al. [5] have contributed to the identification of unique challenges in these environments. Research specifically targeting smart homes, such as the work by Doshi et al. [9] and Al Mtawa et al. [10], underscores the complexities introduced by the diversity of devices and user interaction patterns. ...
December 2019