Tao Yi^1,3, Xingshu Chen^1,2,*, Mingdong Yang³, Qindong Li¹, Yi Zhu¹

CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 929-955, 2024, DOI:10.32604/cmes.2024.048793

Abstract Due to the rapid evolution of Advanced Persistent Threats (APTs) attacks, the emergence of new and rare attack samples, and even those never seen before, make it challenging for traditional rule-based detection methods to extract universal rules for effective detection. With the progress in techniques such as transfer learning and meta-learning, few-shot network attack detection has progressed. However, challenges in few-shot network attack detection arise from the inability of time sequence flow features to adapt to the fixed length input requirement of deep learning, difficulties in capturing rich information from original flow in the case of insufficient samples, and the… More >

Ehab AlMasri¹, Mouhammd Alkasassbeh¹, Amjad Aldweesh^2,*

Computer Systems Science and Engineering, Vol.47, No.2, pp. 2643-2669, 2023, DOI:10.32604/csse.2023.040626

Abstract Supply chain attacks, exemplified by the SUNBURST attack utilizing SolarWinds Orion updates, pose a growing cybersecurity threat to entities worldwide. However, the need for suitable datasets for detecting and anticipating SUNBURST attacks is a significant challenge. We present a novel dataset collected using a unique network traffic data collection methodology to address this gap. Our study aims to enhance intrusion detection and prevention systems by understanding SUNBURST attack features. We construct realistic attack scenarios by combining relevant data and attack indicators. The dataset is validated with the J48 machine learning algorithm, achieving an average F-Measure of 87.7%. Our significant contribution… More >

Hasan Dalmaz^*, Erdal Erdal, Halil Murat Ünver

CMES-Computer Modeling in Engineering & Sciences, Vol.136, No.2, pp. 1277-1314, 2023, DOI:10.32604/cmes.2023.025212

Abstract This paper addresses the urgent need to detect network security attacks, which have increased significantly in recent years, with high accuracy and avoid the adverse effects of these attacks. The intrusion detection system should respond seamlessly to attack patterns and approaches. The use of metaheuristic algorithms in attack detection can produce near-optimal solutions with low computational costs. To achieve better performance of these algorithms and further improve the results, hybridization of algorithms can be used, which leads to more successful results. Nowadays, many studies are conducted on this topic. In this study, a new hybrid approach using Gray Wolf Optimizer… More >

Gürcan Çetin^*

CMC-Computers, Materials & Continua, Vol.73, No.3, pp. 4519-4539, 2022, DOI:10.32604/cmc.2022.031734

Abstract Recently, machine learning algorithms have been used in the detection and classification of network attacks. The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98, KDD’99, NSL-KDD, UNSW-NB15, and Caida DDoS. However, these datasets have two major challenges: imbalanced data and high-dimensional data. Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets. On the other hand, having a large number of features increases the runtime load on the algorithms. A novel model is proposed in this paper to overcome these two concerns. The number of… More >

Peng Hui Li¹, Jie Xu^1,*, Zhong Yi Xu¹, Su Chen¹, Bo Wei Niu², Jie Yin¹, Xiao Feng Sun¹, Hao Liang Lan¹, Lu Lu Chen³

CMC-Computers, Materials & Continua, Vol.73, No.2, pp. 3847-3860, 2022, DOI:10.32604/cmc.2022.029969

Abstract At present, the severe network security situation has put forward high requirements for network security defense technology. In order to automate botnet threat warning, this paper researches the types and characteristics of Botnet. Botnet has special characteristics in attributes such as packets, attack time interval, and packet size. In this paper, the attack data is annotated by means of string recognition and expert screening. The attack features are extracted from the labeled attack data, and then use K-means for cluster analysis. The clustering results show that the same attack data has its unique characteristics, and the automatic identification of network… More >

Hui Wang¹, Chuanhan Zhu¹, Zihao Shen^1,*, Dengwei Lin², Kun Liu¹, MengYao Zhao³

Computer Systems Science and Engineering, Vol.38, No.1, pp. 103-117, 2021, DOI:10.32604/csse.2021.014680

Abstract Computer networks face a variety of cyberattacks. Most network attacks are contagious and destructive, and these types of attacks can be harmful to society and computer network security. Security evaluation is an effective method to solve network security problems. For accurate assessment of the vulnerabilities of computer networks, this paper proposes a network security risk assessment method based on a Bayesian network attack graph (B_NAG) model. First, a new resource attack graph (RAG) and the algorithm E-Loop, which is applied to eliminate loops in the B_NAG, are proposed. Second, to distinguish the confusing relationships between nodes of the attack graph… More >

Zihao Shen^1,2, Hui Wang^1,*, Kun Liu¹, Peiqian Liu¹, Menglong Ba¹, MengYao Zhao³

Computer Systems Science and Engineering, Vol.37, No.1, pp. 121-133, 2021, DOI:10.32604/csse.2021.014988

Abstract The rapid progress of the Internet has exposed networks to an increased number of threats. Intrusion detection technology can effectively protect network security against malicious attacks. In this paper, we propose a ReliefF-P-Naive Bayes and softmax regression (RP-NBSR) model based on machine learning for network attack detection to improve the false detection rate and F1 score of unknown intrusion behavior. In the proposed model, the Pearson correlation coefficient is introduced to compensate for deficiencies in correlation analysis between features by the ReliefF feature selection algorithm, and a ReliefF-Pearson correlation coefficient (ReliefF-P) algorithm is proposed. Then, the Relief-P algorithm is used… More >

Adel Assiri^*

CMC-Computers, Materials & Continua, Vol.66, No.1, pp. 767-778, 2021, DOI:10.32604/cmc.2020.013813

Abstract Anomaly classification based on network traffic features is an important task to monitor and detect network intrusion attacks. Network-based intrusion detection systems (NIDSs) using machine learning (ML) methods are effective tools for protecting network infrastructures and services from unpredictable and unseen attacks. Among several ML methods, random forest (RF) is a robust method that can be used in ML-based network intrusion detection solutions. However, the minimum number of instances for each split and the number of trees in the forest are two key parameters of RF that can affect classification accuracy. Therefore, optimal parameter selection is a real problem in… More >

Deyin Li^{1, 2}, Mingzhi Cheng³, Yu Yang^{1, 2, *}, Min Lei^{1, 2}, Linfeng Shen⁴

CMC-Computers, Materials & Continua, Vol.64, No.1, pp. 623-635, 2020, DOI:10.32604/cmc.2020.09800

Abstract Deep learning networks are widely used in various systems that require classification. However, deep learning networks are vulnerable to adversarial attacks. The study on adversarial attacks plays an important role in defense. Black-box attacks require less knowledge about target models than white-box attacks do, which means black-box attacks are easier to launch and more valuable. However, the state-of-arts black-box attacks still suffer in low success rates and large visual distances between generative adversarial images and original images. This paper proposes a kind of fast black-box attack based on the cross-correlation (FBACC) method. The attack is carried out in two stages.… More >

Wen Tian¹, Xiaopeng Ji^1,*, Weiwei Liu¹, Guangjie Liu¹, Rong Lin^1,2, Jiangtao Zhai³, Yuewei Dai³

CMC-Computers, Materials & Continua, Vol.60, No.1, pp. 193-211, 2019, DOI:10.32604/cmc.2019.05290

Abstract Cyber-physical system (CPS) is an advanced system that integrats physical processes, computation and communication resources. The security of cyber-physical systems has become an active research area in recent years. In this paper, we focus on defensive strategies against network attacks in CPS. We introduce both low- and highinteraction honeypots into CPS as a security management tool deliberately designed to be probed, attacked and compromised. In addition, an analysis resource constraint is introduced for the purpose of optimizing defensive strategies against network attacks in CPS. We study the offensive and defensive interactions of CPS and model the offensive and defensive process… More >