Network Intrusion Detection Based on Directed Acyclic Graph and Belief Rule Base

Zhang, Bangcheng; Hu, Guanyu; Zhou, Zhijie; Yu, Xiang; Pei-li, Qiao; Chang, Leilei

doi:10.4218/etrij.17.0116.0305

Cited by 33 publications

(11 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With the increasing probability of network security time, people gradually realize that network attacks and hacker attacks have brought great threats to people's daily life. Therefore, Zhang et al (2017) found that network situational awareness can effectively predict network intrusion [11], which is basically consistent with the results of this study that CS-RBF based network security situational awareness model can effectively predict attack and vulnerability information. DDos attack refers to that it can reasonably request resources from the server, thus occupying a variety of services so that users who normally request access can't get a response.…”

Section: Discussionsupporting

confidence: 88%

Software Development and Design of Network Security System Under Big Data Analysis

Chen

2020

International Journal of Advanced Information and Communication Technology

View full text Add to dashboard Cite

To explore the prediction effect of network security situational awareness on network vulnerabilities and attacks under the background of big data, this study constructs a predictive index system based on the network security situational awareness model. Based on the improved cuckoo algorithm, the cuckoo search radial basis function neural network is used to predict the situation. The weight value in the model is determined by the hierarchical analysis method, vulnerability simulation is conducted by Nessus software and network attack simulation is conducted by Snort software, and then the situation is evaluated by a fuzzy comprehensive evaluation method. Finally, Jquery and Bootstrap software is used to develop the system. The results show that the cuckoo search radial basis function model proposed in this study could predict network security situations more accurately than the radial basis function model, cuckoo search back-propagation neural network model, genetic algorithm radial basis function model and Support vector machine model based on particle swarm optimization model.

show abstract

Section: Discussionsupporting

confidence: 88%

Software Development and Design of Network Security System Under Big Data Analysis

Chen

2020

International Journal of Advanced Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…In fact, it is impossible to execute physically perfect access control in an in-vehicle CAN. Although it is possible to find abnormal connections using an intrusion detection system (IDS), network IDS is a complex classification problem [30], so it is difficult to apply it to the vehicular ECUs.…”

Section: G Access Control Policymentioning

confidence: 99%

CAN ID Shuffling Technique (CIST): Moving Target Defense Strategy for Protecting In-Vehicle CAN

Woo¹,

Moon²,

Youn³

et al. 2019

IEEE Access

View full text Add to dashboard Cite

New vehicles have become increasingly targeted for cyber-attacks as their rate of digitalization is accelerated. Research on vehicle hacking has highlighted the security vulnerabilities of in-vehicle controller area networks (CANs) as the biggest problem. In particular, a CAN does not offer access control, authentication, or confidentiality, so it fails to prevent reconnaissance operations conducted by an adversary. Because its static configuration (CAN ID, data frame transmission cycle, and data field format) is used in an in-vehicle network environment, the adversary can conduct reconnaissance and easily acquire information to be used for an attack. One of the moving target defense strategies, network address shuffling (NAS), is an extremely practical security solution that can prevent in-vehicle CAN reconnaissance acts. In this paper, we propose a CAN ID shuffling technique using NAS. Our proposed security solution aims to increase the cost burden for the adversary to analyze CAN data frames. To evaluate the performance of the proposed security solution, we conducted an evaluation based on a labcar. Our proposed security solution may be implemented without altering the unique characteristics of the CAN standard. Hence, it can be used as a practical countermeasure to solve the problems affecting in-vehicle CANs. INDEX TERMS Controller area network, in-vehicle network security, moving target defense, network address shuffling, vehicular cyber kill chain.

show abstract

“…Zhang et al [2] divided methods for network intrusion detection into two types: direct methods using single algorithm and combination method by combination of several methods. The author proposed a new detection model based on a directed acyclic graph (DAG) and a belief rule base (BRB).…”

Section: A Deep Learning-based Intrusion Detectionmentioning

confidence: 99%

Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles

et al. 2019

View full text Add to dashboard Cite

One of the major challenges in cybersecurity is the provision of an automated and effective cyber-threats detection technique. In this paper, we present an AI technique for cyber-threats detection, based on artificial neural networks. The proposed technique converts multitude of collected security events to individual event profiles and use a deep learning-based detection method for enhanced cyber-threat detection. For this work, we developed an AI-SIEM system based on a combination of event profiling for data preprocessing and different artificial neural network methods, including FCNN, CNN, and LSTM. The system focuses on discriminating between true positive and false positive alerts, thus helping security analysts to rapidly respond to cyber threats. All experiments in this study are performed by authors using two benchmark datasets (NSLKDD and CICIDS2017) and two datasets collected in the real world. To evaluate the performance comparison with existing methods, we conducted experiments using the five conventional machine-learning methods (SVM, k-NN, RF, NB, and DT). Consequently, the experimental results of this study ensure that our proposed methods are capable of being employed as learning-based models for network intrusion-detection, and show that although it is employed in the real world, the performance outperforms the conventional machine-learning methods.

show abstract

Network Intrusion Detection Based on Directed Acyclic Graph and Belief Rule Base

Cited by 33 publications

References 26 publications

Software Development and Design of Network Security System Under Big Data Analysis

Software Development and Design of Network Security System Under Big Data Analysis

CAN ID Shuffling Technique (CIST): Moving Target Defense Strategy for Protecting In-Vehicle CAN

Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles

Contact Info

Product

Resources

About