Detecting Zero-Day Intrusion Attacks Using Semi-Supervised Machine Learning Approaches

Mbona, Innocent; Eloff, J. H. P.

doi:10.1109/access.2022.3187116

Cited by 32 publications

(20 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to the comparison stated in Table 2 , diverse learning models have been presented in the literature to address the problem of identifying malicious DoH. These include (but are not limited to) the long short-term memory (LSTM) based DoH identification model proposed by Davidson et al [ 38 ], the one class support vector machine (OCSVM) based DoH identification model proposed by Mbona et al [ 51 ], the Bidirectional-LSTM (Bi-LSTM) based DoH identification model proposed by X. Du et al [ 52 ], the ensemble learning of Decision trees (EL-DT) based DoH identification model proposed by Chijioke et al [ 53 ], the optimizable K-nearest neighbors (O-KNN) based model proposed by Al-Haija et at.…”

Section: Resultsmentioning

confidence: 99%

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Al‐Haija

Alohaly

Odeh

2023

Sensors

View full text Add to dashboard Cite

The Domain Name System (DNS) protocol essentially translates domain names to IP addresses, enabling browsers to load and utilize Internet resources. Despite its major role, DNS is vulnerable to various security loopholes that attackers have continually abused. Therefore, delivering secure DNS traffic has become challenging since attackers use advanced and fast malicious information-stealing approaches. To overcome DNS vulnerabilities, the DNS over HTTPS (DoH) protocol was introduced to improve the security of the DNS protocol by encrypting the DNS traffic and communicating it over a covert network channel. This paper proposes a lightweight, double-stage scheme to identify malicious DoH traffic using a hybrid learning approach. The system comprises two layers. At the first layer, the traffic is examined using random fine trees (RF) and identified as DoH traffic or non-DoH traffic. At the second layer, the DoH traffic is further investigated using Adaboost trees (ADT) and identified as benign DoH or malicious DoH. Specifically, the proposed system is lightweight since it works with the least number of features (using only six out of thirty-three features) selected using principal component analysis (PCA) and minimizes the number of samples produced using a random under-sampling (RUS) approach. The experiential evaluation reported a high-performance system with a predictive accuracy of 99.4% and 100% and a predictive overhead of 0.83 µs and 2.27 µs for layer one and layer two, respectively. Hence, the reported results are superior and surpass existing models, given that our proposed model uses only 18% of the feature set and 17% of the sample set, distributed in balanced classes.

show abstract

Section: Resultsmentioning

confidence: 99%

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Al‐Haija

Alohaly

Odeh

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…The main intention of UDP is to saturate the internet pipe. Zero-day flood [25] The "zero-day" used to describe all unknown attacks or new attacks exploiting vulnerabilities.…”

Section: Table 1 Some Of the Common Ddos Attack Typesmentioning

confidence: 99%

Simulation of SDN in mininet and detection of DDoS attack using machine learning

Karthika

Karmel

2023

Bulletin EEI

View full text Add to dashboard Cite

Most contemporary businesses are embracing software defined networking (SDN), a developing architecture that enables an aerial-like perspective of the entire network. SDN operates by virtualizing the network and provides advantages including improved performance, visibility, speed, and scalability. SDN attempts to divide the network control plane from the forwarding plane. The control plane, which includes one or more controllers and incorporates complete intelligence, is thought of as the brain of the SDN. However, SDN has challenges with controller vulnerability, flexibility, and hardware security. But distributed denial of service (DDoS) assaults constitutes a serious threat to the SDN. Transmission control protocol-synchronized (TCP-SYN) floods, a common cyberattack that can harm SDNs, can deplete network resources by opening an excessive number of illegitimate TCP connections. In this research, we provide an OpenFlow port statistic-based architecture for machine learning (ML) enabled TCP-SYN flood detection. This research showed that ML models like support vector machine (SVM), Navie Bayes, and multi-layered perceptron can distinguish between regular traffic and SYN flood traffic and can mitigate the impacts of the attacking node on the network. Results showed that the multilayered perceptron can classify the traffic with highest accuracy of 99.75% for the simulation dataset.

show abstract

“…Also, deep learning has been used to design security models that can be used on large-scale security datasets [ 125 ]. Mbona and Eloff [ 126 ] designed a semi-supervised machine learning approach to detect zero-day (new unknown) intrusion attacks based on the law of anomalous numbers to identify significant network features that effectively show anomalous behaviour. Similarly, Benlamine et al [ 127 ], used a machine learning model to evaluate emotional reactions in virtual reality environments where the face is hidden in a virtual reality headset, making facial expression detection using a webcam impossible.…”

Section: Machine Learning Researchmentioning

confidence: 99%

Machine Learning Research Trends in Africa: A 30 Years Overview with Bibliometric Analysis Review

Ezugwu

Oyelade

Ikotun

et al. 2023

Arch Computat Methods Eng

View full text Add to dashboard Cite

The machine learning (ML) paradigm has gained much popularity today. Its algorithmic models are employed in every field, such as natural language processing, pattern recognition, object detection, image recognition, earth observation and many other research areas. In fact, machine learning technologies and their inevitable impact suffice in many technological transformation agendas currently being propagated by many nations, for which the already yielded benefits are outstanding. From a regional perspective, several studies have shown that machine learning technology can help address some of Africa’s most pervasive problems, such as poverty alleviation, improving education, delivering quality healthcare services, and addressing sustainability challenges like food security and climate change. In this state-of-the-art paper, a critical bibliometric analysis study is conducted, coupled with an extensive literature survey on recent developments and associated applications in machine learning research with a perspective on Africa. The presented bibliometric analysis study consists of 2761 machine learning-related documents, of which 89% were articles with at least 482 citations published in 903 journals during the past three decades. Furthermore, the collated documents were retrieved from the Science Citation Index EXPANDED, comprising research publications from 54 African countries between 1993 and 2021. The bibliometric study shows the visualization of the current landscape and future trends in machine learning research and its application to facilitate future collaborative research and knowledge exchange among authors from different research institutions scattered across the African continent.

show abstract

Detecting Zero-Day Intrusion Attacks Using Semi-Supervised Machine Learning Approaches

Cited by 32 publications

References 44 publications

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Simulation of SDN in mininet and detection of DDoS attack using machine learning

Machine Learning Research Trends in Africa: A 30 Years Overview with Bibliometric Analysis Review

Contact Info

Product

Resources

About