Sharif Digital Repository

Characteristics and way of behavior of attacks and infiltrators on computer networks are usually very difficult and need an expert. In addition; the advancement of computer networks, the number of attacks and infiltrations is also increasing. In fact, the knowledge coming from expert will lose its value over time and must be updated and made available to the system and this makes the need for expert person always felt. In machine learning techniques, knowledge is extracted from the data itself which has diminished the role of the expert. Various methods used to detect intrusions, such as statistical models, safe system approach, neural networks, etc., all weaken the fact that it uses all the... 

This paper presents a simple yet efficient method for an anomaly-based Intrusion Detection System (IDS). In reality, IDSs can be defined as a one-class classification system, where the normal traffic is the target class. The high diversity of network attacks in addition to the need for generalization, motivate us to propose a semi-supervised method. Inspired by the successes of Generative Adversarial Networks (GANs) for training deep models in semi-unsupervised setting, we have proposed an end-to-end deep architecture for IDS. The proposed architecture is composed of two deep networks, each of which trained by competing with each other to understand the underlying concept of the normal... 

Although the prevention of Distributed Denial of Service (DDoS) attacks is not possible, detection of such attacks plays main role in preventing their progress. In the flooding attacks, especially new sophisticated DDoS, the attacker floods the network traffic toward the target computer by sending pseudo-normal packets. Therefore, multi-purpose IDSs do not offer a good performance (and accuracy) in detecting such kinds of attacks. In this paper, a novel method for detection of DDoS attacks has been introduced based on a statistical pre-processor and an unsupervised artificial neural net. In addition, SPUNNID system has been designed based on the proposed method. The statistical... 

Software Defined Networking (SDN) provides a logically centralized view of the state of the network, and as a result opens up new ways to manage and monitor networks. In this paper we introduce a novel approach to network intrusion detection in SDNs that takes advantage of these attributes. Our approach can detect compromised routers that produce faulty messages, copy or steal traffic or maliciously drop certain types of packets. To identify these attacks and the affected switches, we correlate the forwarding state of network - i.e. installed forwarding rules - with the forwarding status of packets - i.e. the actual route packets take in the network and detect anomaly in routes. Thus, our... 

The capability of fuzzy systems to solve different kinds of problems has been demonstrated in several previous investigations. Genetic fuzzy systems (GFSs) hybridize the approximate reasoning method of fuzzy systems with the learning capability of evolutionary algorithms. The objective of this paper is to design and analysis of various kinds of genetic fuzzy systems to deal with intrusion detection problem as a new real-world application area which is not previously tackled with GFSs. The resulted intrusion detection system would be capable of detecting normal and abnormal behaviors in computer networks. We have presented three kinds of genetic fuzzy systems based on Michigan, Pittsburgh and... 

The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as intrusion detection system (IDS). The objective of this paper is to extract fuzzy classification rules for intrusion detection in computer networks. The proposed method is based on the iterative rule learning approach (IRL) to fuzzy rule base system design. The fuzzy rule base is generated in an incremental fashion, in that the evolutionary algorithm optimizes one fuzzy classifier rule at a time. The performance of final fuzzy classification system has been investigated using intrusion detection problem as a high-dimensional classification problem. Results show... 

Sophisticated and targeted malwares, which today are known as Advanced Persistent Threats (APTs), use multi-step, distributed, hybrid and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to distribute the attack vector, hide malwares behaviors, and therefore make detection difficult for such detection systems. In this paper, a new approach for detecting hybrid and... 

Intrusion Detection Systems (IDS) for Mobile Ad hoc NETworks (MANETs) are necessary when they are deployed in reality. In This paper, we have presented a combined method of selecting IDS agent nodes in mobile ad hoc networks. Since, the IDS agents in MANET due to more activities need to more battery power. In our method, first, compromised nodes are detected and then the nodes with the highest energy power from among valid nodes as IDS agent nodes are considered. So, with this method, some valid nodes contribute in intrusion detection activities and costs of the network monitoring will be reduced and the network lifetime will be increased. © 2009 IEEE  

Mobile Ad hoc NETworks (MANET) due to different characteristics from wired networks are more vulnerable to security attacks. Construction of Intrusion Detection Systems (IDS) for MANETs is complicated by the fact that they are lack of fixed infrastructure and lack of central management for authentication and distribution of cryptographic keys. On the other hand, the network lifetime is an important issue in MANETs because of the energy power of mobile nodes is limited. In this paper is presented a proposed Method that in the first step, authorized nodes are detected by non-interactive zero knowledge technique and in the second step, nodes with the highest battery power from among authorized... 

The growth of intelligent attacks has prompted the designers to envision the intrusion detection as a built-in process in operating systems. This paper investigates a novel anomaly-based intrusion detection mechanism which utilizes the manner of interactions between users and kernel processes. An adequate feature list has been prepared for distinction between normal and anomalous behavior. The method used is introducing a new component to Linux kernel as a wrapper module with necessary hook function to log initial data for preparing desired features list. SVM neural network was applied to classify and recognize input vectors. The sequence of delayed input vectors of features was appended to... 

Cloud computing environments provide users with Internet-based services and one of their main challenges is security issues. Hence, using Intrusion Detection Systems (IDSs) as a defensive strategy in such environments is essential. Multiple parameters are used to evaluate the IDSs, the most important aspect of which is the feature selection method used for classifying the malicious and legitimate activities. We have organized this research to determine an effective feature selection method to increase the accuracy of the classifiers in detecting intrusion. A Hybrid Ant-Bee Colony Optimization (HABCO) method is proposed to convert the feature selection problem into an optimization problem. We... 

The growing number of Internet users and the prevalence of web applications make it necessary to deal with very complex software and applications in the network. This results in an increasing number of new vulnerabilities in the systems, and leading to an increase in cyber threats and, in particular, zero-day attacks. The cost of generating appropriate signatures for these attacks is a potential motive for using machine learning-based methodologies. Although there are many studies on using learning-based methods for attack detection, they generally use extracted features and overlook raw contents. This approach can lessen the performance of detection systems against content-based attacks... 

The growing number of Internet users and the prevalence of web applications make it necessary to deal with very complex software and applications in the network. This results in an increasing number of new vulnerabilities in the systems, and leading to an increase in cyber threats and, in particular, zero-day attacks. The cost of generating appropriate signatures for these attacks is a potential motive for using machine learning-based methodologies. Although there are many studies on using learning-based methods for attack detection, they generally use extracted features and overlook raw contents. This approach can lessen the performance of detection systems against content-based attacks... 

Wireless sensor networks (WSNs) are a new technology, foreseen to be used increasingly in the near future, and security is an important issue for them. However because of the nodes resource limitations, other schemes proposed for securing general ad hoc networks, are not appropriate for WSNs. Usually some nodes act maliciously and they are able to do different kinds of DoS attacks. In order to make the network more secure, malicious nodes should be isolated from the network. In this paper, we model the interaction of nodes in WSN and intrusion detection system (IDS) as a Bayesian game formulation and use this idea to make a secure routing protocol. By this approach nodes are motivated to act...