With the popularity of wireless networks, wireless sensor networks (WSNs) have advanced rapidly, and their flexibility and ease of deployment have resulted in more security concerns, making it critical to research network intrusion prevention for WSNs. Denial of service (DoS) is a common network attack, achieving its goal by bringing down the target network. A DoS attack on WSNs devices with limited resources would be fatal. This paper proposes a method based on principal component analysis (PCA) and a deep convolution neural network (DCNN) for DoS traffic anomaly detection in WSNs, based on the vulnerability of WSNs to attacks and the limited storage space of their devices. Compared with the conventional deep learning structure, the proposed model has a lightweight structure and more effective feature extraction capability, which can effectively detect network abnormal traffic in WSNs devices with limited storage capacity. To assure the effectiveness of the proposed model, receiver operating characteristic (ROC) curves, various classification metrics, and confusion matrices are used to verify the classification results of the model. Through experimental comparison, the proposed model, with small model size, outperforms other mainstream abnormal traffic detection models in terms of classification effect.
The rapid development of information technology has brought much convenience to human life, but more network threats have also come one after another. Network security situation prediction technology is an effective means to protect against network threats. Currently, the network environment is characterized by high data traffic and complex features, making it difficult to maintain the accuracy of the situation prediction. In this study, a network security situation prediction model based on attention mechanism (AM) improved temporal convolutional network (ATCN) combined with bidirectional long short-term memory (BiDLSTM) network is proposed. The TCN is improved by AM to extract the input temporal features, which has a more stable feature extraction capability compared with the traditional TCN and BiDLSTM, which is more capable of processing temporal data, and is used to perform the situation prediction. Finally, by validating on a real network traffic dataset, the proposed method has better performance on multiple loss functions and has more accurate and stable prediction results than TCN, BiDLSTM, TCN-LSTM, and other time-series prediction methods.
Logs are universally available in software systems for troubleshooting. They record system run-time states and messages of system activities. Log analysis is an effective way to diagnosis system exceptions, but it will take a long time for engineers to locate anomalies accurately through logs. Many automatic approaches have been proposed for log-based anomaly detection. However, most of the prior approaches did not consider the corresponding system component of a log message. Such component records the log location, which can help detect the location-sequence-related anomalies. In this paper, we propose LogC, a new Log -based anomaly detection approach with Component-aware analysis. LogC contains two phases: (i) turning log messages into log template sequences and component sequences, (ii) feeding such two sequences to train a combined LSTM model for detecting anomalous logs. LogC only needs normal log sequences to train the combined model. We evaluate LogC on two open-source log datasets: HDFS and ThunderBird. Experimental results show that LogC overall outperforms three baselines (i.e., PCA, IM, and DeepLog) in terms of three metrics (precision, recall, and F-measure).
In recent years, the Internet has shown rapid development, and network security issue has gradually become the focus of research by scholars and enterprises.Network security time series is a reliable source to obtain future network security situation, so as to develop network security defense strategy by exploring the correlation of time series.The network security time series is a reliable source to obtain the future network security situation, and it is the main direction of current network security defense by exploring the correlation of time series, and analyzing the future network security situation so as to formulate network security defense strategies.This is the main direction of network security defense.The existing research focuses on the short-term prediction of network attacks, and the robustness and accuracy of long-term prediction still have big problems.To fuse the information from different data sources and capture the correlation between sequences, we design a data source selection module based on the similarity of measurement curves.We then model the network security situation prediction based on deep learning models and propose a situation prediction model based on Temporal Convolutional Network (TCN)combined Transformer, which focuses on the time series long-term prediction problem, combining the network condition and attack situation to obtain the future network security situation.Our proposed model is divided into three parts, which are the information encoding module, the information synthesis module, and situation value calculation and prediction accuracy evaluation module.The selected multi-dimensional situations element data are used as model input, and the TCN-combined Transformer is employed as the network security situational data processing unit to complete the information fusion and prediction tasks.Finally, the role of data source selection on prediction accuracy is evaluated using an ablation study.We experimented and evaluated the model at different prediction horizon lengths using five existing baseline models and three performance metrics.The experimental results show that our proposed prediction model has better robustness and accuracy in most of the metrics.
Recently, the massive increase in network users has dramatically increased network traffic, making it more difficult to maintain network security. The task of network security situation element extraction is to detect and classify network traffic. The detection rate of minority class samples is low in existing network traffic feature extraction classification methods, and most of the network threat data have seen extreme sample imbalance, which further affects the detection accuracy of minority class samples. To solve these problems, this paper proposes a network security situation element extraction method using conditional generative adversarial network (CGAN) and Transformer. Here, CGAN is applied to solve the sample imbalance problem in the data and improve the detection accuracy of minority samples. Transformer, as an effective feature learning method in natural language direction, has excellent long-distance feature extraction ability. By combining CGAN with Transformer, the detection accuracy of network traffic can be effectively improved. Also, validation was performed using the UNSW-NB15 and KDDcup99 datasets. Experimental results demonstrate that the method using a combination of CGAN and Transformer improved the detection rate for minority samples compared with other advanced-feature extraction classification methods, thereby improving the overall accuracy, F1-score, and specificity. The results are 89.38 % and 93.07 %, 89.75 % and 93.68 %, 87.65 % and 98.20 %, respectively.
Abstract Traditional networks rely heavily on the distribution of expert experience when assessing complex network security situations, resulting in low assessment accuracy, which has been unable to adapt to the current network security needs of the big data era, and has unavoidable problems such as low efficiency and poor flexibility. In response to these problems, this paper proposes a network security situation assessment method based on D-S evidence theory to optimize neural networks. First establish the CS-BP neural network model, enhance the local search ability of the cuckoo algorithm through conjugate gradient calculation, and then introduce it into the BP neural network to improve the training convergence speed and overcome the local minimum problem; finally, in order to reduce the basic probability distribution (BPA) subjective impact, using DS evidence theory to optimize the CS-BP neural network, determine the degree of impact of each attack, and evaluate the value of the network security situation. The experimental results show that the network situation assessment model of CS-BP neural network optimized based on D-S evidence theory can effectively assess the network security situation in the environment of trusted equipment.
'/%3e%3cuse xlink:href='%23a' transform='rotate(23.036 .093 25.536)'/%3e%3cuse xlink:href='%23a' transform='rotate(45.87 1.273 16.18)'/%3e%3cuse xlink:href='%23a' transform='rotate(69.945 .996 12.078)'/%3e%3cuse xlink:href='%23a' transform='rotate(20.66 -19.689 31.932)'/%3e%3c/svg%3e)