A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Al‐Haija, Qasem Abu; Alohaly, Manar; Odeh, Ammar

doi:10.3390/s23073489

Cited by 20 publications

(4 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A novel Lightweight Double-Stage Scheme for identifying malicious Domain Name System (DNS) over HTTPS traffic is introduced in a recent study by Abu Al-Haija et al [41]. The method uses a hybrid learning approach and provides encouraging insights into better detection techniques for secure network communications.…”

Section: Literature Reviewmentioning

confidence: 99%

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Alrayes,

Zakariah,

Driss

et al. 2023

Sensors

View full text Add to dashboard Cite

Intrusion detection systems, also known as IDSs, are widely regarded as one of the most essential components of an organization’s network security. This is because IDSs serve as the organization’s first line of defense against several cyberattacks and are accountable for accurately detecting any possible network intrusions. Several implementations of IDSs accomplish the detection of potential threats throughout flow-based network traffic analysis. Traditional IDSs frequently struggle to provide accurate real-time intrusion detection while keeping up with the changing landscape of threat. Innovative methods used to improve IDSs’ performance in network traffic analysis are urgently needed to overcome these drawbacks. In this study, we introduced a model called a deep neural decision forest (DNDF), which allows the enhancement of classification trees with the power of deep networks to learn data representations. We essentially utilized the CICIDS 2017 dataset for network traffic analysis and extended our experiments to evaluate the DNDF model’s performance on two additional datasets: CICIDS 2018 and a custom network traffic dataset. Our findings showed that DNDF, a combination of deep neural networks and decision forests, outperformed reference approaches with a remarkable precision of 99.96% by using the CICIDS 2017 dataset while creating latent representations in deep layers. This success can be attributed to improved feature representation, model optimization, and resilience to noisy and unbalanced input data, emphasizing DNDF’s capabilities in intrusion detection and network security solutions.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Alrayes,

Zakariah,

Driss

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…K is the parameter that indicates the number of folds. Figure 4 displays the method of k-cross validation [39].…”

Section: Model Estimation and Optimizationmentioning

confidence: 99%

Cost-effective Detection Model for Injected Automatic Dependent Surveillance-Broadcast Messages (ADS-B) for Secure Aviation Control

Al-Tamimi

Al‐Haija

2023

Preprint

Self Cite

View full text Add to dashboard Cite

Automatic Dependent Surveillance-Broadcast (ADS-B) is considered the future of aviation surveillance and traffic control as it allows different types of aircraft to transmit and gain information about their and other nearby aircraft's positions, velocity, and various other variables periodically. But, as this protocol still show that it lacks in terms of security and that researchers are still developing more methods and frameworks in order to secure this technology, we decided to join the initiative and propose an efficient detection method to help aid with detecting any attempts at injecting these messages which would cause multiple risks to aircrafts such as causing collision avoidance system failure, reporting wrong status of an aircraft, or even stealing it. This paper focused mainly on three different attacks; path modification, ghost aircraft injection, and velocity drift attacks. The dataset we utilized consisted of authentic messages captured from the OpenSky Network and generated injected messages using PyCharm. This study aims to provide a revolutionary methodology that, even in the face of new attacks (zero-day attacks), can successfully detect injected messages. The main advantage was utilizing a recent dataset to create more reliable and adaptive training and testing materials, which were then preprocessed before using different machine learning algorithms to feasibly create the most accurate and time-efficient model. The best outcomes of the binary classification were obtained with 99.14% accuracy, an F1-Score of 99.14%, and a Matthews' Correlation Coefficient (MCC) of 0.982. At the same time, the best outcomes of the multiclass classification were obtained with 99.41% accuracy, an F1-Score of 99.37%, and a Matthews' Correlation Coefficient (MCC) of 0.988. The dataset is thought to offer good outcomes, but the model still requires more testing and a bigger dataset, bearing in mind that the model still needs to be tested against other types of attacks.

show abstract

“…The accuracy is high close to hundred percent. [46] Natural Language Processing based Threat analysis for healthcare systems Proposed method uses Natural Language Processing abilities to parse the widely available documents from the internet. The result of the processing is used as a Threat library for assessing the healthcare systems.…”

Section: Issn (Online):2583-0732mentioning

confidence: 99%

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Pai,

R.Kunte,

Najee

2023

STAIQC

View full text Add to dashboard Cite

This article systematically evaluates the influence of Artificial Intelligence (AI) on the landscape of Threat modelingin cybersecurity. The study involves an extensive review of relevant journal articles, books, and conference papers to comprehensively assess the current state of the field. By synthesizing existing literature, we identify and analyze the ways in which AItechnologies are applied in Threat modelingmethodologies. The evaluation explores the strengths and limitations of these applications, shedding light on the advancements that have significantly enhancedThreat modeling.Furthermore, the research includes a meticulous gap analysis within the existing literature, revealing areas where further investigation is warranted. Identified gaps in the current research landscape serve as a foundation for proposing future research directions in AI-enhanced Threat modeling. The current literature related to the current landscape of Artificial Intelligence research in cybersecurity predominantly focuses on articles and active studies pertaining to the detection and prevention of cyber-attacks. However, there is a noticeable gap in the existing literature when it comes to leveraging Artificial Intelligence to enhance Threat modeling. While numerous innovative methods have been proposed in recent articles, these predominantly concentrate on Threat modeling within specific domains, such as unmanned vehicles, Cyber-Physical Systems, and Healthcare. There is a lack of generalization in applying these findings to improve Threat modeling practices more broadly. A promising avenue for further research lies in the automation of Threat modeling. Existing literature predominantly emphasizes the study of Threat generation areas, leaving other crucial aspects, such as Architecture representation and Model validation,in need of more comprehensive exploration and analysis

show abstract

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Cited by 20 publications

References 59 publications

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Cost-effective Detection Model for Injected Automatic Dependent Surveillance-Broadcast Messages (ADS-B) for Secure Aviation Control

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Contact Info

Product

Resources

About