15 research outputs found
A review on the Detection of Missing Content Queries in FAQ Retrieval Systems
When developing an automated FAQ retrieval system, the information supplier constructs question candidates in advance using their own knowledge. Then they answer these question candidates to create question-answer pairs to use in the FAQ retrieval system. However, these question-answer pairs will not always satisfy the users’ information needs. When there is no relevant question–answer pair to a users’ query, such a user may submit various query reformulations browsing over the long results list and may abandon the search before their information need has been satisfied. Such users many never return to use the system again because of the inability of the system to return relevant question-answer pairs to their query. In order to alleviate this, modern automated FAQ retrieval systems use a Missing Content Query (MCQ) detection subsystem to detect those queries that do not have the relevant question–answer pair. In this article we conduct a review of the different approaches proposed in the literature for detecting these MCQs. In particular, we provide a comprehensive review of the different systems that deployed the binary classification approach, the thresholding approach and the hybrid approach in the detection of MCQs. Moreover, we describe the strength and weaknesses of each approach.</jats:p
Unsupervised Learning for Feature Selection: A Proposed Solution for Botnet Detection in 5G Networks
YesThe world has seen exponential growth in deploying Internet of Things (IoT) devices. In recent years, connected IoT devices have surpassed the number of connected non-IoT devices. The number of IoT devices continues to grow and they are becoming a critical component of the national infrastructure. IoT devices' characteristics and inherent limitations make them attractive targets for hackers and cyber criminals. Botnet attack is one of the serious threats on the Internet today. This article proposes pattern-based feature selection methods as part of a machine learning (ML) based botnet detection system. Specifically, two methods are proposed: the first is based on the most dominant pattern feature values and the second is based on Maximal Frequent Itemset (MFI) mining. The proposed feature selection method uses Gini Impurity (GI) and an unsupervised clustering method to select the most influential features automatically. The evaluation results show that the proposed methods have improved the performance of the detection system. The developed system has a True Positive Rate (TPR) of 100% and a False Positive Rate (FPR) of 0% for best performing models. In addition, the proposed methods reduce the computational cost of the system as evidenced by the detection speed of the system
Machine Learning for Botnet Detection: An Optimized Feature Selection Approach
YesTechnological advancements have been evolving for so long, particularly
Internet of Things (IoT) technology that has seen an increase
in the number of connected devices surpass non IoT connections.
It has unlocked a lot of potential across different organisational
settings from healthcare, transportation, smart cities etc. Unfortunately,
these advancements also mean that cybercriminals are
constantly seeking new ways of exploiting vulnerabilities for malicious
and illegal activities. IoT is a technology that presents a
golden opportunity for botnet attacks that take advantage of a
large number of IoT devices and use them to launch more powerful
and sophisticated attacks such as Distributed Denial of Service
(DDoS) attacks. This calls for more research geared towards the detection
and mitigation of botnet attacks in IoT systems. This paper
proposes a feature selection approach that identifies and removes
less influential features as part of botnet attack detection method.
The feature selection is based on the frequency of occurrence of the
value counts in each of the features with respect to total instances.
The effectiveness of the proposed approach is tested and evaluated
on a standard IoT dataset. The results reveal that the proposed
feature selection approach has improved the performance of the
botnet attack detection method, in terms of True Positive Rate (TPR)
and False Positive Rate (FPR). The proposed methodology provides
100% TPR, 0% FPR and 99.9976% F-score
Machine Learning for Malware Detection in Network Traffic
NoDeveloping advanced and efficient malware detection systems is
becoming significant in light of the growing threat landscape in cybersecurity. This work aims to tackle the enduring problem of identifying malware and protecting digital assets from cyber-attacks.
Conventional methods frequently prove ineffective in adjusting
to the ever-evolving field of harmful activity. As such, novel approaches that improve precision while simultaneously taking into
account the ever-changing landscape of modern cybersecurity problems are needed. To address this problem this research focuses on
the detection of malware in network traffic. This work proposes
a machine-learning-based approach for malware detection, with
particular attention to the Random Forest (RF), Support Vector Machine (SVM), and Adaboost algorithms. In this paper, the model's
performance was evaluated using an assessment matrix. Included
the Accuracy (AC) for overall performance, Precision (PC) for positive predicted values, Recall Score (RS) for genuine positives, and
the F1 Score (SC) for a balanced viewpoint. A performance comparison has been performed and the results reveal that the built model
utilizing Adaboost has the best performance. The TPR for the three
classifiers performs over 97% and the FPR performs < 4% for each of
the classifiers. The created model in this paper has the potential to
help organizations or experts anticipate and handle malware. The
proposed model can be used to make forecasts and provide management solutions in the network's everyday operational activities
Sequential Pattern Mining: A Proposed Approach for Intrusion Detection Systems
NoTechnological advancements have played a pivotal role in the rapid
proliferation of the fourth industrial revolution (4IR) through the
deployment of Internet of Things (IoT) devices in large numbers.
COVID-19 caused serious disruptions across many industries with
lockdowns and travel restrictions imposed across the globe. As a
result, conducting business as usual became increasingly untenable,
necessitating the adoption of new approaches in the workplace.
For instance, virtual doctor consultations, remote learning, and
virtual private network (VPN) connections for employees working
from home became more prevalent. This paradigm shift has brought
about positive benefits, however, it has also increased the attack vectors and surfaces, creating lucrative opportunities for cyberattacks.
Consequently, more sophisticated attacks have emerged, including
the Distributed Denial of Service (DDoS) and Ransomware attacks,
which pose a serious threat to businesses and organisations worldwide. This paper proposes a system for detecting malicious activities
in network traffic using sequential pattern mining (SPM) techniques.
The proposed approach utilises SPM as an unsupervised learning
technique to extract intrinsic communication patterns from network traffic, enabling the discovery of rules for detecting malicious
activities and generating security alerts accordingly. By leveraging this approach, businesses and organisations can enhance the
security of their networks, detect malicious activities including
emerging ones, and thus respond proactively to potential threats
Multi-stage attack detection: emerging challenges for wireless networks
YesMulti-stage attacks (MSAs) are among the most serious threats in cyberspace today. Criminals target big organisations and government critical infrastructures mainly for financial gain. These attacks are becoming more advanced and stealthier, and thus have capabilities to evade Intrusion Detection Systems (IDSs). As a result, the attack strategies used in the attack render IDSs ineffective, particularly because of new security challenges introduced by some of the key emerging technologies such as 5G wireless networks, cloud computing infrastructure and Internet of Things (IoT), Advanced persistent threats (APTs) and botnet attacks are examples of MSAs, these are serious threats on the Internet. This work analyses recent MSAs, outlines and reveals open issues, challenges and opportunities with existing detection methods
Internet of Things botnets: A survey on Artificial Intelligence based detection techniques
YesThe Internet of Things (IoT) is a game changer when it comes to digitisation across industries. The Fourth Industrial Revolution (4IR), brought about a paradigm shift indeed, unlocking possibilities and taking industries to greater heights never reached before in terms of cost saving and improved performance leading to increased productivity and profits, just to mention a few. While there are more benefits provided by IoT, there are challenges arising from the complexities, limitations and requirements of IoT and key enabling technologies. Distributed Denial of Service (DDoS) attacks are among the most prevalent and dominant cyber-attacks that have been making headlines repeatedly in recent years. IoT technology has increasingly become the preferred technology for delivering these cyber-attacks. It does not come as a surprise that IoT devices are an attractive target for adversaries, as they are easy to compromise due to inherent limitations and given that they are deployed in large numbers. This paper reviews IoT botnet detection approaches proposed in recent years. Furthermore, IoT ecosystem components are outlined, revealing their challenges, limitations and key requirements that are vital to securing the whole ecosystem. These include cloud computing, Machine Learning (ML) and emerging wireless technologies: 5G and 6G
Latent Dirichlet Allocation for the Detection of Multi-Stage Attacks
NoThe rapid shift and increase in remote access to
organisation resources have led to a significant increase in the
number of attack vectors and attack surfaces, which in turn
has motivated the development of newer and more sophisticated
cyber-attacks. Such attacks include Multi-Stage Attacks (MSAs).
In MSAs, the attack is executed through several stages. Classifying malicious traffic into stages to get more information about
the attack life-cycle becomes a challenge. This paper proposes a
malicious traffic clustering approach based on Latent Dirichlet
Allocation (LDA). LDA is a topic modelling approach used in
natural language processing to address similar problems. The
proposed approach is unsupervised learning and therefore will
be beneficial in scenarios where traffic data is not labeled and
analysis needs to be performed. The proposed approach uncovers
intrinsic contexts that relate to different categories of attack
stages in MSAs. These are vital insights needed across different
areas of cybersecurity teams like Incident Response (IR) within
the Security Operations Center (SOC), the insights uncovered
could have a positive impact in ensuring that attacks are detected
at early stages in MSAs. Besides, for IR, these insights help to
understand the attack behavioural patterns and lead to reduced
time in recovery following an incident. The proposed approach is
evaluated on a publicly available MSAs dataset. The performance
results are promising as evidenced by over 99% accuracy in
identified malicious traffic clusters
Non-Negative Matrix Factorisation for Feature Selection: A Proposed Approach for the Detection of Multi-Stage Attacks
NoWith the emergence of digital technologies like 5G wireless networks, cloud computing, and the Internet of Things (IoT), our daily lives, travel, and work have undergone a transformation. These advancements have led to improved productivity, informed decision-making, and increased profits. However, adversaries have also found lucrative opportunities to launch attacks, which have become more sophisticated and stealthier, making them challenging to detect. Multi-Stage attacks (MSAs), in particular, have gained popularity due to their stealthy nature and the success they have achieved in recent years. To combat these attacks, this paper utilised an optimised Non-Negative Matrix Factorisation (NMF) for feature selection, as part of the Machine Learning (ML) approach to enhance the detection of MSAs
Latent Semantic Analysis for Feature Selection: A Proposed Approach for Anomaly Detection in Network Traffic
NoIn recent times, there has been a paradigm shift in technological advancement that has brought about a revolution in every aspect of our lives. Advancements in technologies such as the Internet of Things (IoT), cloud computing and emerging wireless connectivity are now an integral part of our lives and have become an essential national infrastructure component. However, with the advancements in these technologies, cyber attacks have become more sophisticated and stealthier, making it increasingly challenging to detect them using typical layers of defence such as firewalls a nd an tivirus so ftware, w h ich are predominantly rule-based. To complement these layers of defence, Intrusion Detection Systems (IDSs) have been developed. This work proposes an adaptive feature selection approach as part of IDSs. Its effectiveness in detecting anomalies in network traffic has been demonstrated, and it can complement traditional layers of defence such as firewalls and antivirus software. The prop osed approach involves a two-step process: first, pr eprocessing and feature selection, and second, the training and deployment of a Machine Learning (ML) model for the detection of anomalies in network traffic. The p roposed a pproach u tilises a n unsupervised learning technique called Latent Semantic Analysis (LSA) for feature selection. To evaluate the effectiveness of the proposed approach, a publicly available dataset is used, which yields an accuracy, True Positive Rate (TPR), and F-Score of 99.89%, 100%, and 99.94% respectively. Furthermore, the proposed approach yields a lowest False Positive Rate (FPR) of 0.68%
