-
Tools for Network Traffic Generation -- A Quantitative Comparison
Authors:
Matthew Swann,
Joseph Rose,
Gueltoum Bendiab,
Stavros Shiaeles,
Nick Savage
Abstract:
Network traffic generators are invaluable tools that allow for applied experimentation to evaluate the performance of networks, infrastructure, and security controls, by modelling and simulating the communication packets and payloads that would be produced by machines and devices on the network. Specifically for security applications, these tools can be used to consistently simulate malicious acti…
▽ More
Network traffic generators are invaluable tools that allow for applied experimentation to evaluate the performance of networks, infrastructure, and security controls, by modelling and simulating the communication packets and payloads that would be produced by machines and devices on the network. Specifically for security applications, these tools can be used to consistently simulate malicious activity on the network and test the components designed to detect and mitigate malicious activities, in a highly reliable and customisable way. However, despite the promising features, most of these tools have some problems that can undermine the correctness of experiments. The accuracy of the simulation results depends strongly on the performance and reliability of the used generator. Thus, in this paper, we investigate the performance and accuracy of three of the most reviewed network traffic generators in literature, namely Cisco TRex, Ostinato and Genesids. Mainly, the comparative experiments examine the strengths and limitations of these tools, which can help the research community to choose the most suitable one to assess the performance of their networks and security controls
△ Less
Submitted 6 September, 2021;
originally announced September 2021.
-
Intrusion Detection using Network Traffic Profiling and Machine Learning for IoT
Authors:
Joseph Rose,
Matthew Swann,
Gueltoum Bendiab,
Stavros Shiaeles,
Nicholas Kolokotronis
Abstract:
The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores t…
▽ More
The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.
△ Less
Submitted 6 September, 2021;
originally announced September 2021.
-
Adversarial Machine Learning -- Industry Perspectives
Authors:
Ram Shankar Siva Kumar,
Magnus Nyström,
John Lambert,
Andrew Marshall,
Mario Goertzel,
Andi Comissoneru,
Matt Swann,
Sharon Xia
Abstract:
Based on interviews with 28 organizations, we found that industry practitioners are not equipped with tactical and strategic tools to protect, detect and respond to attacks on their Machine Learning (ML) systems. We leverage the insights from the interviews and we enumerate the gaps in perspective in securing machine learning systems when viewed in the context of traditional software security deve…
▽ More
Based on interviews with 28 organizations, we found that industry practitioners are not equipped with tactical and strategic tools to protect, detect and respond to attacks on their Machine Learning (ML) systems. We leverage the insights from the interviews and we enumerate the gaps in perspective in securing machine learning systems when viewed in the context of traditional software security development. We write this paper from the perspective of two personas: developers/ML engineers and security incident responders who are tasked with securing ML systems as they are designed, developed and deployed ML systems. The goal of this paper is to engage researchers to revise and amend the Security Development Lifecycle for industrial-grade software in the adversarial ML era.
△ Less
Submitted 19 March, 2021; v1 submitted 3 February, 2020;
originally announced February 2020.
-
Practical Machine Learning for Cloud Intrusion Detection: Challenges and the Way Forward
Authors:
Ram Shankar Siva Kumar,
Andrew Wicker,
Matt Swann
Abstract:
Operationalizing machine learning based security detections is extremely challenging, especially in a continuously evolving cloud environment. Conventional anomaly detection does not produce satisfactory results for analysts that are investigating security incidents in the cloud. Model evaluation alone presents its own set of problems due to a lack of benchmark datasets. When deploying these detec…
▽ More
Operationalizing machine learning based security detections is extremely challenging, especially in a continuously evolving cloud environment. Conventional anomaly detection does not produce satisfactory results for analysts that are investigating security incidents in the cloud. Model evaluation alone presents its own set of problems due to a lack of benchmark datasets. When deploying these detections, we must deal with model compliance, localization, and data silo issues, among many others. We pose the problem of "attack disruption" as a way forward in the security data science space. In this paper, we describe the framework, challenges, and open questions surrounding the successful operationalization of machine learning based security detections in a cloud environment and provide some insights on how we have addressed them.
△ Less
Submitted 20 September, 2017;
originally announced September 2017.
