Physical Sciences and Mathematics Commons^™

Camdec: Advancing Axis P1435-Le Video Camera Security Using Honeypot-Based Deception, Leslie F. Sikos, Craig Valli, Alexander E. Grojek, David J. Holmes, Samuel G. Wakeling, Warren Z. Cabral, Nickson M. Karie

Research outputs 2022 to 2026

The explosion of online video streaming in recent years resulted in advanced services both in terms of efficiency and convenience. However, Internet-connected video cameras are prone to exploitation, leading to information security issues and data privacy concerns. The proliferation of video-capable Internet of Things devices and cloud-managed surveillance systems further extend these security issues and concerns. In this paper, a novel approach is proposed for video camera deception via honeypots, offering increased security measures compared to what is available on conventional Internet-enabled video cameras.

Malbot-Drl: Malware Botnet Detection Using Deep Reinforcement Learning In Iot Networks, Mohammad Al-Fawa'reh, Jumana Abu-Khalaf, Patryk Szewczyk, James J. Kang

Research outputs 2022 to 2026

In the dynamic landscape of cyber threats, multi-stage malware botnets have surfaced as significant threats of concern. These sophisticated threats can exploit Internet of Things (IoT) devices to undertake an array of cyberattacks, ranging from basic infections to complex operations such as phishing, cryptojacking, and distributed denial of service (DDoS) attacks. Existing machine learning solutions are often constrained by their limited generalizability across various datasets and their inability to adapt to the mutable patterns of malware attacks in real world environments, a challenge known as model drift. This limitation highlights the pressing need for adaptive Intrusion Detection Systems (IDS), capable …

Intrusion Detection Based On Bidirectional Long Short-Term Memory With Attention Mechanism, Yongjie Yang, Shanshan Tu, Raja Hashim Ali, Hisham Alasmary, Muhammad Waqas, Muhammad Nouman Amjad

Research outputs 2022 to 2026

With the recent developments in the Internet of Things (IoT), the amount of data collected has expanded tremendously, resulting in a higher demand for data storage, computational capacity, and real-time processing capabilities. Cloud computing has traditionally played an important role in establishing IoT. However, fog computing has recently emerged as a new field complementing cloud computing due to its enhanced mobility, location awareness, heterogeneity, scalability, low latency, and geographic distribution. However, IoT networks are vulnerable to unwanted assaults because of their open and shared nature. As a result, various fog computing-based security models that protect IoT networks have been developed. …

Federated Deep Learning For Cyber Security In The Internet Of Things: Concepts, Applications, And Experimental Analysis, Mohamed Amine Ferrag, Othmane Friha, Leandros Maglaras, Helge Janicke, Lei Shu

Research outputs 2014 to 2021

In this article, we present a comprehensive study with an experimental analysis of federated deep learning approaches for cyber security in the Internet of Things (IoT) applications. Specifically, we first provide a review of the federated learning-based security and privacy systems for several types of IoT applications, including, Industrial IoT, Edge Computing, Internet of Drones, Internet of Healthcare Things, Internet of Vehicles, etc. Second, the use of federated learning with blockchain and malware/intrusion detection systems for IoT applications is discussed. Then, we review the vulnerabilities in federated learning-based security and privacy systems. Finally, we provide an experimental analysis of federated …

Packet Analysis For Network Forensics: A Comprehensive Survey, Leslie F. Sikos

Research outputs 2014 to 2021

Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic …

Rdtids: Rules And Decision Tree-Based Intrusion Detection System For Internet-Of-Things Networks, Mohammad Amine Ferrag, Leandros Maglaras, Ahmed Ahmim, Makhlouf Derdour, Helge Janicke

Research outputs 2014 to 2021

This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest …

Ransomware Behavioural Analysis On Windows Platforms, Nikolai Hampton, Zubair A. Baig, Sherali Zeadally

Research outputs 2014 to 2021

Ransomware infections have grown exponentially during the recent past to cause major disruption in operations across a range of industries including the government. Through this research, we present an analysis of 14 strains of ransomware that infect Windows platforms, and we do a comparison of Windows Application Programming Interface (API) calls made through ransomware processes with baselines of normal operating system behaviour. The study identifies and reports salient features of ransomware as referred through the frequencies of API calls

Bringing Defensive Artificial Intelligence Capabilities To Mobile Devices, Kevin Chong, Ahmed Ibrahim

Australian Information Security Management Conference

Traditional firewalls are losing their effectiveness against new and evolving threats today. Artificial intelligence (AI) driven firewalls are gaining popularity due to their ability to defend against threats that are not fully known. However, a firewall can only protect devices in the same network it is deployed in, leaving mobile devices unprotected once they leave the network. To comprehensively protect a mobile device, capabilities of an AI-driven firewall can enhance the defensive capabilities of the device. This paper proposes porting AI technologies to mobile devices for defence against today’s ever-evolving threats. A defensive AI technique providing firewall-like capability is being …

Extraction Of Patterns In Selected Network Traffic For A Precise And Efficient Intrusion Detection Approach, Priya Naran Rabadia

Theses: Doctorates and Masters

This thesis investigates a precise and efficient pattern-based intrusion detection approach by extracting patterns from sequential adversarial commands. As organisations are further placing assets within the cyber domain, mitigating the potential exposure of these assets is becoming increasingly imperative. Machine learning is the application of learning algorithms to extract knowledge from data to determine patterns between data points and make predictions. Machine learning algorithms have been used to extract patterns from sequences of commands to precisely and efficiently detect adversaries using the Secure Shell (SSH) protocol. Seeing as SSH is one of the most predominant methods of accessing systems it …

A Hybrid Behaviour Recognition And Intrusion Detection Method For Mobile Devices, Ashley Woodiss-Field

Australian Information Security Management Conference

Behaviour-based authorisation is a technique that assesses the user of a device for authenticity by comparing their activities to previously established behaviour profiles. Passwords and other point of entry authorisation techniques are often inadequate for protecting mobile device security as they only provide an initial barrier to usage and do not operate continuously. Behaviour-based authorisation continuously assesses user authorisation, using the device owner’s profile for authentication. This research improves upon behaviour-based authorisation performance by applying a hybridised intrusion detection method. The constituent intrusion detection methods that were applied include context-awareness and self-correction. Performance of a behaviour-based authorisation method can be …

Optical Fiber Sensors In Physical Intrusion Detection Systems: A Review, Gary Andrew Allwood, Graham Wild, Steven Hinkley

Research outputs 2014 to 2021

Fiber optic sensors have become a mainstream sensing technology within a large array of applications due to their inherent benefits. They are now used significantly in structural health monitoring, and are an essential solution for monitoring harsh environments. Since their first development over 30 years ago, they have also found promise in security applications. This paper reviews all of the optical fiber-based techniques used in physical intrusion detection systems. It details the different approaches used for sensing, interrogation, and networking, by research groups, attempting to secure both commercial and residential premises from physical security breaches. The advantages and the disadvantages …

Intensity Based Interrogation Of Optical Fibre Sensors For Industrial Automation And Intrusion Detection Systems, Gary Andrew Allwood

Theses: Doctorates and Masters

In this study, the use of optical fibre sensors for intrusion detection and industrial automation systems has been demonstrated, with a particular focus on low cost, intensity-based, interrogation techniques. The use of optical fibre sensors for intrusion detection systems to secure residential, commercial, and industrial premises against potential security breaches has been extensively reviewed in this thesis. Fibre Bragg grating (FBG) sensing is one form of optical fibre sensing that has been underutilised in applications such as in-ground, in-fence, and window and door monitoring, and addressing that opportunity has been a major goal of this thesis. Both security and industrial …

Intelligent Network Intrusion Detection Using An Evolutionary Computation Approach, Samaneh Rastegari

Theses: Doctorates and Masters

With the enormous growth of users' reliance on the Internet, the need for secure and reliable computer networks also increases. Availability of effective automatic tools for carrying out different types of network attacks raises the need for effective intrusion detection systems.

Generally, a comprehensive defence mechanism consists of three phases, namely, preparation, detection and reaction. In the preparation phase, network administrators aim to find and fix security vulnerabilities (e.g., insecure protocol and vulnerable computer systems or firewalls), that can be exploited to launch attacks. Although the preparation phase increases the level of security in a network, this will never completely …

An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone

Australian Information Security Management Conference

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in …

Gap Analysis Of Intrusion Detection In Smart Grids, Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark

International Cyber Resilience conference

Given the recent emergence of the smart grid and smart grid related technologies, their security is a prime concern. Intrusion detection provides a second line of defence. However, conventional intrusion detection systems (IDSs) are unable to adequately address the unique requirements of the smart grid. This paper presents a gap analysis of contemporary IDSs from a smart grid perspective. This paper highlights the lack of adequate intrusion detection within the smart grid and discusses the limitations of current IDSs approaches. The gap analysis identifies current IDSs as being unsuited to smart grid application without significant changes to address smart grid …

Mahalanobis Distance Map Approach For Anomaly Detection, Aruna Jamdagnil, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu

Australian Information Security Management Conference

Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction …

Behaviour Profiling On Mobile Devices, Fudong Li, Nathan Clarke, Maria Papadaki, Paul Dowland

Research outputs pre 2011

Over the last decade, the mobile device has become a ubiquitous tool within everyday life. Unfortunately, whilst the popularity of mobile devices has increased, a corresponding increase can also be identified in the threats being targeted towards these devices. Security countermeasures such as AV and firewalls are being deployed, however, the increasing sophistication of the attacks requires additional measures to be taken. This paper proposes a novel behaviour-based profiling technique that is able to build upon the weaknesses of current systems by developing a comprehensive multilevel approach to profiling. In support of this model, a series of experiments have been …

Identifying Dos Attacks Using Data Pattern Analysis, Mohammed Salem, Helen Armstrong

Australian Information Security Management Conference

During a denial of service attack, it is difficult for a firewall to differentiate legitimate packets from rogue packets, particularly in large networks carrying substantial levels of traffic. Large networks commonly use network intrusion detection systems to identify such attacks, however new viruses and worms can escape detection until their signatures are known and classified as an attack. Commonly used IDS are rule based and static, and produce a high number of false positive alerts. The aim of this research was to determine if it is possible for a firewall to analyse its own traffic patterns to identify attempted denial …

Can Intrusion Detection Implementation Be Adapted To End-User Capabilities?, Patricia A. Williams, Renji J. Mathew

Australian Information Security Management Conference

In an environment where technical solutions for securing networked systems are commonplace, there still exist problems in implementation of such solutions for home and small business users. One component of this protection is the use of intrusion detection systems. Intrusion detection monitors network traffic for suspicious activity, performs access blocking and alerts the system administrator or user of potential attacks. This paper reviews the basic function of intrusion detection systems and maps them to an existing end-user capability framework. Using this framework, implementation guidance and systematic improvement in implementation of this security measure are defined.

With Speed The Hacker Cometh, Craig Valli

Research outputs pre 2011

This paper is an examination of six months of IDS reports and firewall logs for a small enterprise that has a new broadband ADSL connection. The paper examines the information contained in the logfiles and the implications of detected activities by would be attackers. An examination of the issues that the deployment of broadband has for home and small business users is also undertaken.