Browsing by Author "Alavizadeh H"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
- ItemDeep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection(MDPI (Basel, Switzerland), 2022-03-11) Alavizadeh H; Alavizadeh H; Jang-Jaccard J; Quaresma P; Nogueira V; Saias JThe rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of the network intrusion detection method, which combines a Q-learning based reinforcement learning with a deep feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment that can detect different types of network intrusions using an automated trial-error approach and continuously enhance its detection capabilities. We provide the details of fine-tuning different hyperparameters involved in the DQL model for more effective self-learning. According to our extensive experimental results based on the NSL-KDD dataset, we confirm that the lower discount factor, which is set as 0.001 under 250 episodes of training, yields the best performance results. Our experimental results also show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches.
- ItemHarnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation(Elsevier B.V., 2023-11-01) McIntosh T; Liu T; Susnjak T; Alavizadeh H; Ng A; Nowrozy R; Watters PThis study investigated the potential of Generative Pre-trained Transformers (GPTs), a state-of-the-art large language model, in generating cybersecurity policies to deter and mitigate ransomware attacks that perform data exfiltration. We compared the effectiveness, efficiency, completeness, and ethical compliance of GPT-generated Governance, Risk and Compliance (GRC) policies, with those from established security vendors and government cybersecurity agencies, using game theory, cost-benefit analysis, coverage ratio, and multi-objective optimization. Our findings demonstrated that GPT-generated policies could outperform human-generated policies in certain contexts, particularly when provided with tailored input prompts. To address the limitations of our study, we conducted our analysis with thorough human moderation, tailored input prompts, and the inclusion of legal and ethical experts. Based on these results, we made recommendations for corporates considering the incorporation of GPT in their GRC policy making.
- ItemScalable, high-performance, and generalized subtree data anonymization approach for Apache Spark(MDPI (Basel, Switzerland), 2021-03-03) Bazai SU; Jang-Jaccard J; Alavizadeh H; Guitart JData anonymization strategies such as subtree generalization have been hailed as techniques that provide a more efficient generalization strategy compared to full-tree generalization counterparts. Many subtree-based generalizations strategies (e.g., top-down, bottom-up, and hybrid) have been implemented on the MapReduce platform to take advantage of scalability and parallelism. However, MapReduce inherent lack support for iteration intensive algorithm implementation such as subtree generalization. This paper proposes Distributed Dataset (RDD)-based implementation for a subtree-based data anonymization technique for Apache Spark to address the issues associated with MapReduce-based counterparts. We describe our RDDs-based approach that offers effective partition management, improved memory usage that uses cache for frequently referenced intermediate values, and enhanced iteration support. Our experimental results provide high performance compared to the existing state-of-the-art privacy preserving approaches and ensure data utility and privacy levels required for any competitive data anonymization techniques.
