Browsing by Author "Jang-Jaccard J"

Now showing 1 - 13 of 13
  • Thumbnail Image
    Item
    AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification
    (IEEE, 2021-10-27) Wei Y; Jang-Jaccard J; Sabrina F; Singh A; Xu W; Camtepe S; Oliva D
    Distributed Denial-of-Service (DDoS) attacks are increasing as the demand for Internet connectivity massively grows in recent years. Conventional shallow machine learning-based techniques for DDoS attack classification tend to be ineffective when the volume and features of network traffic, potentially carry malicious DDoS payloads, increase exponentially as they cannot extract high importance features automatically. To address this concern, we propose a hybrid approach named AE-MLP that combines two deep learning-based models for effective DDoS attack detection and classification. The Autoencoder (AE) part of our proposed model provides an effective feature extraction that finds the most relevant feature sets automatically without human intervention (e.g., knowledge of cybersecurity professionals). The Multi-layer Perceptron Network (MLP) part of our proposed model uses the compressed and reduced feature sets produced by the AE as inputs and classifies the attacks into different DDoS attack types to overcome the performance overhead and bias associated with processing large feature sets with noise (i.e., unnecessary feature values). Our experimental results, obtained through comprehensive and extensive experiments on different aspects of performance on the CICDDoS2019 dataset, demonstrate both a very high and robust accuracy rate and F1-score that exceed 98% which also outperformed the performance of many similar methods. This shows that our proposed model can be used as an effective DDoS defense tool against the growing number of DDoS attacks.
  • Thumbnail Image
    Item
    Artificial Intelligence-Enabled DDoS Detection for Blockchain-Based Smart Transport Systems.
    (MDPI (Basel, Switzerland), 2021-12-22) Liu T; Sabrina F; Jang-Jaccard J; Xu W; Wei Y
    A smart public transport system is expected to be an integral part of our human lives to improve our mobility and reduce the effect of our carbon footprint. The safety and ongoing maintenance of the smart public transport system from cyberattacks are vitally important. To provide more comprehensive protection against potential cyberattacks, we propose a novel approach that combines blockchain technology and a deep learning method that can better protect the smart public transport system. By the creation of signed and verified blockchain blocks and chaining of hashed blocks, the blockchain in our proposal can withstand unauthorized integrity attack that tries to forge sensitive transport maintenance data and transactions associated with it. A hybrid deep learning-based method, which combines autoencoder (AE) and multi-layer perceptron (MLP), in our proposal can effectively detect distributed denial of service (DDoS) attempts that can halt or block the urgent and critical exchange of transport maintenance data across the stakeholders. The experimental results of the hybrid deep learning evaluated on three different datasets (i.e., CICDDoS2019, CIC-IDS2017, and BoT-IoT) show that our deep learning model is effective to detect a wide range of DDoS attacks achieving more than 95% F1-score across all three datasets in average. The comparison of our approach with other similar methods confirms that our approach covers a more comprehensive range of security properties for the smart public transport system.
  • Thumbnail Image
    Item
    Caring for the last 3%: Telehealth potential and broadband implications for remote Australia
    (CSIRO, 2012-11-20) Dods S; Freyne J; Alem L; Nepal S; Li J; Jang-Jaccard J
    Australians living in remote regions of our nation live with far poorer health outcomes than those in our regional and urban areas. The gaps in health service availability and outcomes between people in urban areas and those in remote parts of our country are well known. Telehealth, the provision of health related services at a distance using technology assisted communications, offers a means to narrow this gap by improving the level and diversity of services in remote areas.
  • Thumbnail Image
    Item
    Cybersecurity threats in cloud computing
    (Telecommunications Association Inc., 24/09/2013) Jang-Jaccard J; Nepal S; GUO YJ
  • Thumbnail Image
    Item
    Deep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection
    (MDPI (Basel, Switzerland), 2022-03-11) Alavizadeh H; Alavizadeh H; Jang-Jaccard J; Quaresma P; Nogueira V; Saias J
    The rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of the network intrusion detection method, which combines a Q-learning based reinforcement learning with a deep feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment that can detect different types of network intrusions using an automated trial-error approach and continuously enhance its detection capabilities. We provide the details of fine-tuning different hyperparameters involved in the DQL model for more effective self-learning. According to our extensive experimental results based on the NSL-KDD dataset, we confirm that the lower discount factor, which is set as 0.001 under 250 episodes of training, yields the best performance results. Our experimental results also show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches.
  • Thumbnail Image
    Item
    Entitlement-Based Access Control for Smart Cities Using Blockchain
    (MDPI (Basel, Switzerland), 2021-08-04) Sabrina F; Jang-Jaccard J; Dai H-N; Wu J; Wang H
    Smart cities use the Internet of Things (IoT) devices such as connected sensors, lights, and meters to collect and analyze data to improve infrastructure, public utilities, and services. However, the true potential of smart cities cannot be leveraged without addressing many security concerns. In particular, there is a significant challenge for provisioning a reliable access control solution to share IoT data among various users across organizations. We present a novel entitlement-based blockchain-enabled access control architecture that can be used for smart cities (and for any ap-plication domains that require large-scale IoT deployments). Our proposed entitlement-based access control model is flexible as it facilitates a resource owner to safely delegate access rights to any entities beyond the trust boundary of an organization. The detailed design and implementation on Ethereum blockchain along with a qualitative evaluation of the security and access control aspects of the proposed scheme are presented in the paper. The experimental results from private Ethereum test networks demonstrate that our proposal can be easily implemented with low latency. This validates that our proposal is applicable to use in the real world IoT environments.
  • Thumbnail Image
    Item
    Improved Bidirectional GAN-Based Approach for Network Intrusion Detection Using One-Class Classifier
    (MDPI (Basel, Switzerland), 2022-06-01) Xu W; Jang-Jaccard J; Liu T; Sabrina F; Kwak J
    Existing generative adversarial networks (GANs), primarily used for creating fake image samples from natural images, demand a strong dependence (i.e., the training strategy of the generators and the discriminators require to be in sync) for the generators to produce as realistic fake samples that can “fool” the discriminators. We argue that this strong dependency required for GAN training on images does not necessarily work for GAN models for network intrusion detection tasks. This is because the network intrusion inputs have a simpler feature structure such as relatively low-dimension, discrete feature values, and smaller input size compared to the existing GAN-based anomaly detection tasks proposed on images. To address this issue, we propose a new Bidirectional GAN (Bi-GAN) model that is better equipped for network intrusion detection with reduced overheads involved in excessive training. In our proposed method, the training iteration of the generator (and accordingly the encoder) is increased separate from the training of the discriminator until it satisfies the condition associated with the cross-entropy loss. Our empirical results show that this proposed training strategy greatly improves the performance of both the generator and the discriminator even in the presence of imbalanced classes. In addition, our model offers a new construct of a one-class classifier using the trained encoder–discriminator. The one-class classifier detects anomalous network traffic based on binary classification results instead of calculating expensive and complex anomaly scores (or thresholds). Our experimental result illustrates that our proposed method is highly effective to be used in network intrusion detection tasks and outperforms other similar generative methods on two datasets: NSL-KDD and CIC-DDoS2019 datasets.
  • Thumbnail Image
    Item
    Improving Performance of Autoencoder-Based Network Anomaly Detection on NSL-KDD Dataset
    (IEEE, 2021-09-29) Xu W; Jang-Jaccard J; Singh A; Wei Y; Sabrina F; Ji Z
    Network anomaly detection plays a crucial role as it provides an effective mechanism to block or stop cyberattacks. With the recent advancement of Artificial Intelligence (AI), there has been a number of Autoencoder (AE) based deep learning approaches for network anomaly detection to improve our posture towards network security. The performance of existing state-of-the-art AE models used for network anomaly detection varies without offering a holistic approach to understand the critical impacts of the core set of important performance indicators of AE models and the detection accuracy. In this study, we propose a novel 5-layer autoencoder (AE)-based model better suited for network anomaly detection tasks. Our proposal is based on the results we obtained through an extensive and rigorous investigation of several performance indicators involved in an AE model. In our proposed model, we use a new data pre-processing methodology that transforms and removes the most affected outliers from the input samples to reduce model bias caused by data imbalance across different data types in the feature set. Our proposed model utilizes the most effective reconstruction error function which plays an essential role for the model to decide whether a network traffic sample is normal or anomalous. These sets of innovative approaches and the optimal model architecture allow our model to be better equipped for feature learning and dimension reduction thus producing better detection accuracy as well as f1-score. We evaluated our proposed model on the NSL-KDD dataset which outperformed other similar methods by achieving the highest accuracy and f1-score at 90.61% and 92.26% respectively in detection.
  • Thumbnail Image
    Item
    Joint Spectral Clustering based on Optimal Graph and Feature Selection
    (Springer Nature Switzerland AG, 2021-02) Zhu J; Jang-Jaccard J; Liu T; Zhou J
    Redundant features and outliers (noise) included in the data points for a machine learning clustering model heavily influences the discovery of more distinguished features for clustering. To solve this issue, we propose a spectral new clustering method to consider the feature selection with the L2 , 1-norm regularization as well as simultaneously learns orthogonal representations for each sample to preserve the local structures of data points. Our model also solves the issue of out-of-sample, where the training process does not output an explicit model to predict unseen data points, along with providing an efficient optimization method for the proposed objective function. Experimental results showed that our method on twelve data sets achieves the best performance compared with other similar models.
  • Thumbnail Image
    Item
    Key management service: Enabling secure sharing and deleting of documents on public clouds
    (STCC, 30/06/2016) Nepal S; Friedrich C; Wise C; Sinnott RO; Jang-Jaccard J; Chen S; STCC
    The primary focus of existing secure cloud storage solutions have been on securing data both in motion and at rest. These storage solutions mostly focus on three essential properties: confidentiality, integrity and availability. However, modern enterprise applications demand data can be shared within or across organizations. The challenge is how to securely share data in public clouds using federated identities without increasing data movement and computation costs. Furthermore, the consumer should be able to delete their data in the cloud in the context of collaboration without leaving any traces behind. This problem has been addressed in recent times by utilizing or developing new data encryption techniques such as identitybased encryption, attribute-based encryption and proxy-re-encryption. However, these techniques suffer from scalability and flexibility problems when dealing with big data and support for dynamic and federated access control. This paper presents a novel architecture and corresponding protocols to provide secure sharing and deletion of documents on public cloud services: CloudDocs. This system uses AES for data encryption to achieve scalability, supports identity-based access control rules using private-public key pairs to provide flexibility, and uses independent key management services to support secure deletion, whereby the data is irrecoverable once the keys are destroyed. The key management service also supports dynamic and federated access control.
  • Thumbnail Image
    Item
    Masquerade Attacks Against Security Software Exclusion Lists
    (AJIIPS, 2019) McIntosh T; Jang-Jaccard J; Watters P; Susnjak T
    Security software, commonly known as Antivirus, has evolved from simple virus scanners to become multi-functional security suites. To combat ever-growing malware threats, modern security software utilizes both static and dynamic analysis to assess malware threats, inevitably leading to occasional false positive and false negative reports. To mitigate this, existing state-of-the-art security software offers the feature of Exclusion Lists to allow users to exclude specified files and folders from being scanned or monitored. Through rigorous evaluation, however, we found that some of such products stored their Exclusion Lists as unencrypted cleartexts either in known or predictable locations. In this paper we empirically demonstrate how easy it is to exploit the Exclusion Lists by launching masquerade attacks. We argue that the Exclusion Lists should be better implemented such as using application whitelisting, the contents of the lists to be better safeguarded, and only be readable by authorized entities within a strong access control scheme.
  • Thumbnail Image
    Item
    Novel Architecture of Security Orchestration, Automation and Response in Internet of Blended Environment
    (Tech Science Press, 2022-05-18) Lee M; Jang-Jaccard J; Kwak J
    New technologies that take advantage of the emergence of massive Internet of Things (IoT) and a hyper-connected network environment have rapidly increased in recent years. These technologies are used in diverse environments, such as smart factories, digital healthcare, and smart grids, with increased security concerns. We intend to operate Security Orchestration, Automation and Response (SOAR) in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged. To facilitate the understanding of the security concern involved in this newly emerging area, we offer the definition of Internet of Blended Environment (IoBE) where various convergence environments are interconnected and the data analyzed in automation. We define Blended Threat (BT) as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE. We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process. The Security Orchestration, Automation, and Response (SOAR) part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data. SOAR is operated under Collaborative Units of Blended Environment (CUBE) which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.
  • Thumbnail Image
    Item
    Scalable, high-performance, and generalized subtree data anonymization approach for Apache Spark
    (MDPI (Basel, Switzerland), 2021-03-03) Bazai SU; Jang-Jaccard J; Alavizadeh H; Guitart J
    Data anonymization strategies such as subtree generalization have been hailed as techniques that provide a more efficient generalization strategy compared to full-tree generalization counterparts. Many subtree-based generalizations strategies (e.g., top-down, bottom-up, and hybrid) have been implemented on the MapReduce platform to take advantage of scalability and parallelism. However, MapReduce inherent lack support for iteration intensive algorithm implementation such as subtree generalization. This paper proposes Distributed Dataset (RDD)-based implementation for a subtree-based data anonymization technique for Apache Spark to address the issues associated with MapReduce-based counterparts. We describe our RDDs-based approach that offers effective partition management, improved memory usage that uses cache for frequently referenced intermediate values, and enhanced iteration support. Our experimental results provide high performance compared to the existing state-of-the-art privacy preserving approaches and ensure data utility and privacy levels required for any competitive data anonymization techniques.