Browsing by Author "Chambers, Jonathon A."

Now showing 1 - 6 of 6
  • Thumbnail Image
    ItemOpen Access
    Adding Contextual Information to Intrusion Detection Systems Using Fuzzy Cognitive Maps
    (IEEE, 2016-06-23) Aparicio-Navarro, Francisco J.; Kyriakopoulos, Kyriakos; Parish, David J.; Chambers, Jonathon A.
    In the last few years there has been considerable increase in the efficiency of Intrusion Detection Systems (IDSs). However, networks are still the victim of attacks. As the complexity of these attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of IDSs should be designed incorporating reasoning engines supported by contextual information about the network, cognitive information and situational awareness to improve their detection results. In this paper, we propose the use of a Fuzzy Cognitive Map (FCM) in conjunction with an IDS to incorporate contextual information into the detection process. We have evaluated the use of FCMs to adjust the Basic Probability Assignment (BPA) values defined prior to the data fusion process, which is crucial for the IDS that we have developed. The experimental results that we present verify that FCMs can improve the efficiency of our IDS by reducing the number of false alarms, while not affecting the number of correct detections.
  • Thumbnail Image
    ItemOpen Access
    A look into the information your smartphone leaks
    (IEEE, 2017-10-19) Aparicio-Navarro, Francisco J.; Chambers, Jonathon A.; Chadza, Timothy; Kyriakopoulos, Konstantinos
    Some smartphone applications (apps) pose a risk to users’ personal information. Events of apps leaking information stored in smartphones illustrate the danger that they present. In this paper, we investigate the amount of personal information leaked during the installation and use of apps when accessing the Internet. We have opted for the implementation of a Man-in-the-Middle proxy to intercept the network traffic generated by 20 popular free apps installed on different smartphones of distinctive vendors. This work describes the technical considerations and requirements for the deployment of the monitoring WiFi network employed during the conducted experiments. The presented results show that numerous mobile and personal unique identifiers, along with personal information are leaked by several of the evaluated apps, commonly during the installation process.
  • Thumbnail Image
    ItemOpen Access
    Statistical anomaly detection in communication networks
    (Defence Science and Technology Laboratory, 2018-02-08) Aparicio-Navarro, Francisco J.; Chambers, Jonathon A.; Kyriakopoulos, Konstantinos; Gong, Yu; Rixson, Matthew; Barrington, Stephen
    This chapter describes the development of algorithms for automatic detection of anomalies from multi-dimensional, undersampled and incomplete datasets. The challenge in this work is to identify and classify behaviours as normal or abnormal, safe or threatening, from an irregular and often heterogeneous sensor network. Many defence and civilian applications can be modelled as complex networks of interconnected nodes with unknown or uncertain spatio-temporal relations. The behavior of such heterogeneous networks can exhibit dynamic properties, reflecting evolution in both network structure (new nodes appearing and existing nodes disappearing), as well as inter-node relations. The UDRC work has addressed not only the detection of anomalies, but also the identification of their nature and their statistical characteristics. Normal patterns and changes in behavior have been incorporated to provide an acceptable balance between true positive rate, false positive rate, performance and computational cost. Data quality measures have been used to ensure the models of normality are not corrupted by unreliable and ambiguous data. The context for the activity of each node in complex networks offers an even more efficient anomaly detection mechanism. This has allowed the development of efficient approaches which not only detect anomalies but which also go on to classify their behaviour.
  • Thumbnail Image
    ItemOpen Access
    Support Vector Machine for Network Intrusion and Cyber-Attack Detection
    (IEEE, 2017-12-21) Ghanem, Kinan; Aparicio-Navarro, Francisco J.; Kyriakopoulos, Konstantinos; Lambotharan, Sangarapillai; Chambers, Jonathon A.
    Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features.
  • Thumbnail Image
    ItemOpen Access
    Using Pattern-of-Life as Contextual Information for Anomaly-based Intrusion Detection Systems
    (IEEE, 2017-10-20) Aparicio-Navarro, Francisco J.; Kyriakopoulos, Konstantinos; Gong, Yu; Parish, David J.; Chambers, Jonathon A.
    As the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measurable network traffic, but also on the available highlevel information related to the protected network. To this end, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate an FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect detection rate (i.e., 99.76%) and only 6.33% false positive rate, depending on the particular metric combination.
  • Thumbnail Image
    ItemOpen Access
    Using the Pattern-of-Life in Networks to Improve the Effectiveness of Intrusion Detection Systems
    (IEEE, 2017-07-31) Aparicio-Navarro, Francisco J.; Chambers, Jonathon A.; Kyriakopoulos, Konstantinos; Gong, Yu; Parish, David J.
    As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high- level information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination.