Journal of Intelligent & Fuzzy Systems - Volume 35, issue 6

Authors: Hai, Quan Tran | Hwang, Seong Oun

Article Type: Research Article

Abstract: Most Intrusion Detection Systems (IDS) nowadays are signature-based. They are very useful and accurate for detecting known attacks. However, they are inefficient with unknown attacks. Moreover, most of cyber attacks start with malicious URLs. Attackers try to trick users into clicking on malicious URLs. This gives attackers an easy way to launch attacks. To defend against this, companies and organizations use IDS/IPS to detect malicous URLs using blacklist of URLs. This is very efficient with known malicious URLs, but useless with unknown malicious URLs. To overcome this problem, a number of malicious Web site detection systems have been proposed. One …of the most promising methods is to apply machine learning detection techniques. In this paper, we present a new lexical approach to classify URLs by using machine learning techniques which patternize the URLs. Our approach is based on natural language processing features which use word vector representation and ngram models on the blacklist word as the main features. Using this technique can help classifier distinguish benign URLs from malicious ones. Our experimentation shows that our approach can achieve a high degree of accuracy at 97.1% in the case of SVM. Moreover, it can maintain a high level of robustness with 0.97 precision and 0.93 recall scores. Show more

Keywords: Machine learning, cyber Security, URL classification, malicious URL

DOI: 10.3233/JIFS-169831

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5889-5900, 2018

Authors: Inayat, Kashif | Hwang, Seong Oun

Article Type: Research Article

Abstract: This paper presents a distributed Load Balancing Trade Framework (LBTF) with focus on demand response and Advanced Metering Infrastructure (AMI) security in smart grid. This comprehensive energy market model LBTF framework can achieve good balance in demand response in two ways. First way is utility-grid contract, which introduced a simple reward policy using distributed proof-of-work (PoW) consensus algorithm in Blockchain to motivate consumer to use less energy in peak hours. Through this policy consensus algorithm reward electric units to the consumers in peak hours. And in second way scheme introduce Micro-grid contract, which is a peer to peer (P2P) trade …in global market. Those consumer (prosumer) who can generate energy using renewable resources can sell their surplus energy to other consumer through this contract. Furthermore, hash functions, public key encryption and digital signatures have been used to provide privacy preserving to the consumers and integrity to the stored data. Show more

Keywords: Blockchain, smart grid, demand response, security, framework

DOI: 10.3233/JIFS-169832

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5901-5911, 2018

Authors: Joëlle, Misenga Mumpela | Park, Young-Hoon

Article Type: Research Article

Abstract: Software Defined Networking (SDN) is an emerging paradigm, which brings the network innovation and attracts both the industries and researchers. SDN is a programmable network model that separates the control logic from the forwarding plane. The centralize control plane takes care of all networking resources. The attackers target the SDN controller, to paralyze the logic plane that is considered as the brain of the network which provides a lot of benefits. However, due to the characteristics the control plane becomes the attractive target of security attacks for the adversaries. One of the most known threats is Distributed Denial-of-Service (DDoS) attacks …with the goal to exhausting network resources by sending heavy traffic to them, causing network congestion. Since SDN was proposed, DDoS attack has become a popular research field in SDN security and many researchers have been presented DDoS attacks detection, prevention and mitigation solutions in SDN environment using different methods. This paper surveys the previous researches in DDoS attacks detection and mitigation based methods available in SDN environment. Show more

Keywords: SDN, DDoS attacks, detection and mitigation methods

DOI: 10.3233/JIFS-169833

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5913-5925, 2018

Authors: Chew, Yee Jian | Ooi, Shih Yin | Wong, Kok-Seng | Pang, Ying Han | Hwang, Seong Oun

Article Type: Research Article

Abstract: Anomaly-based intrusion detection system (IDS) is gaining wide attention from the research community, due to its robustness in detecting and profiling the newly discovered network attacks. Unlike signature-based IDS which solely relying on a set of pre-defined rules through some massive human efforts, anomaly-based IDS utilises the collected network traces in building its own classification model. The classification model can optimised when a large set of network traces is available. The ideal way of pooling the network traces is through database sharing. However, not many organisations are willing to release or share their network databases due to some privacy concerns, …i.e. to avoid some kinds of internet traffic behaviour profiling. To address this issue, a number of anonymisation techniques was developed. The main usage of anonymisation techniques is to conceal the potentially sensitive information in the network traces. However, it is also important to ensure the anonymisation techniques are not over abusing the performances of IDS. To do so, the convention way is by using a Snort IDS to measure the number of alarms generated before-and-after an anonymisation solution is applied. However, this approach is infeasible for Anomaly-Based IDS. Thus, an alternative way of using machine learning approach is proposed and explored in this manuscript. Instead of manual evaluation through the usage of Snort IDS, a J48 decision tree (Weka package of C4.5 algorithm) is used. In this manuscript, two anonymisation techniques, (1) black-marker , and (2) bilateral classification are used to hide the value of port numbers; and their before-and-after performances are evaluated through a J48 decision tree. Show more

Keywords: Network packet traces, intrusion detection system (IDS), J48 decision tree, anonymisation, black-marker, bilateral classification

DOI: 10.3233/JIFS-169834

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5927-5937, 2018

Authors: Pae, Sung-il

Article Type: Research Article

Abstract: In a recent work, Bernardini and Rinaldo generalize and attempt to improve upon Elias method to obtain unbiased random bits from a geometric distribution resulted from a Poisson process. As a response, we analyse the output rates of their method and compare with the original binary Elias method applied on a Bernoulli process resulted from the same Poisson process, which turns out to be much simpler to implement and to have a higher output rate.

Keywords: random bits, Poisson process, Bernoulli process, geometric distribution, Elias algorithm

DOI: 10.3233/JIFS-169835

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5939-5946, 2018

Authors: Nicholas, Lee | Ooi, Shih Yin | Pang, Ying Han | Hwang, Seong Oun | Tan, Syh-Yuan

Article Type: Research Article

Abstract: The adoption of network flow in the domain of Network-based Intrusion Detection System (NIDS) has steadily risen in popularity. Typically, NIDS detects network intrusions by inspecting the contents of every packet. Flow-based approach, however, uses only features derived from aggregated packet headers. In this paper, all publicly accessible and labeled NIDS data sets are explored. Following the advances in deep learning techniques, the performances of Long Short-Term Memory (LSTM) are also presented and compared with various machine learning classifiers. Amongst the reviewed data sets, the models are trained and evaluated on CIDDS-001 flow-based data set.

Keywords: Intrusion detection system, NIDS, NetFlow, deep learning, LSTM

DOI: 10.3233/JIFS-169836

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5947-5957, 2018

Authors: Park, Jung-Eun | Park, Young-Hoon

Article Type: Research Article

Abstract: In a Personal Area Network (PAN) populated with wearable devices, the security of stored files is an important concern. Secret sharing has received considerable attention as an effective approach for handling security as it guarantees confidentiality and integrity. A high level of data privacy is still assured when devices are compromised, lost, or stolen, and even in cases where the total count of these devices is less than the minimum threshold. However, because traditional secret sharing requires tremendous computational overhead and consumes large storage space, it is suboptimal for battery-powered wearable devices. To overcome these limitations, combinatorial-based file sharing is …proposed. However, this approach is also hindered by an efficiency problem, because the preparation of file storage and retrieval involves computational costs. Additionally, this file sharing scheme was designed without taking into consideration an environment with heterogeneous wearable devices. To address the aforementioned problems, we first propose a new fog network model that delegates the calculation for the preparation of file storage and retrieval to a fog node, such as a smartphone or tablet PC. A fog node has comparatively higher computational speed, and a larger battery capacity; hence, the resources of the devices in the PAN can be managed efficiently. Additionally, we propose a new algorithm that facilitates file shares by considering the heterogeneous characteristics of wearable devices. In particular, we consider the factors of storage capacity and network speed to determine the size of the file shares. We use mathematical analysis and simulations to demonstrate that our proposed model efficiently manages stored files. Show more

Keywords: Fog computing, secret sharing, distributed storage, PAN, file sharing scheme

DOI: 10.3233/JIFS-169837

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5959-5970, 2018

Authors: Hwang, Seong Oun | Le, Minh-Ha

Article Type: Research Article

Abstract: Telco systems usually run large-scale, centralized key management systems. However, centralized approaches based on conventional public key encryption like RSA raise problems such as key escrow, secure channel to delivery key, and third-party query as well as single point of failure. To address these problems, we propose both certificate-based encryption (CBE) and hierarchical certificate-based encryption (HCBE) schemes proved secure in the standard model. Compared with other schemes, our schemes are proved IND-CCA2 (Indistinguishability under Adaptive Chosen Ciphertext Attack) secure in full model, where the number of group elements is independent of the value of security parameter. As far as we …know, the proposed HCBE is the first fully IND-CCA2 secure scheme with ciphetexts of constant size. Show more

Keywords: Certificate-based encryption, hierarchical certificate-based encryption, identity-based encryption

DOI: 10.3233/JIFS-169838

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5971-5981, 2018

Authors: Bae, Youngjun | Kim, Intae | Hwang, Seong Oun

Article Type: Research Article

Abstract: TCP SYN flood attack has been one of representative DDoS attack in computer security history. To cope with this, a number of researches have been done, but they have a high false detection rate and are hard to be applicable in network address translation environment which is very common in the real world. To address these problems, we propose an efficient scheme to cope with SYN flood attacks with spoofed IP addresses. Compared to the existing approaches, it achieves the lowest false positive rate of 0.0003% at maximum and detects false IP packets at an earlier point of time, which …serve to reduce the impacts of DDoS attacks significantly. Show more

Keywords: SYN flood attack, DDoS attack, bloom filter

DOI: 10.3233/JIFS-169839

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5983-5991, 2018

Authors: Jo, Taeho

Article Type: Research Article

Abstract: This article proposes the modified AHC (Agglomerative Hierarchical Clustering) algorithm which considers the feature similarity and is applied to the text clustering. The words which are given as features for encoding texts into numerical vectors are semantic related entities, rather than independent ones, and the synergy effect between the word clustering and the text clustering is expected by combining both of them with each other. In this research, we define the similarity metric between numerical vectors considering the feature similarity, and modify the AHC algorithm by adopting the proposed similarity metric as the approach to the text clustering. The proposed …AHC algorithm is empirically validated as the better approach in clustering texts in news articles and opinions. The significance of this research is to improve the clustering performance by utilizing the feature similarities. Show more

Keywords: Feature value similarity, feature similarity, AHC algorithm, text clustering

DOI: 10.3233/JIFS-169840

Citation: Journal of Intelligent & Fuzzy Systems, vol. 35, no. 6, pp. 5993-6003, 2018