Journal of Network and Computer Applications最新文献

{"title":"On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks","authors":"Mohammad Al-Fawa’reh, Jumana Abu-khalaf, Naeem Janjua, Patryk Szewczyk","doi":"10.1016/j.jnca.2024.104102","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104102","url":null,"abstract":"Network Intrusion Detection Systems (NIDS), which play a crucial role in defending Industrial Internet of Things (IIoT) networks, often utilize Deep Neural Networks (DNN) for their pattern recognition capabilities. However, these systems remain susceptible to sophisticated adversarial attacks, particularly on-manifold and off-manifold attacks, which skillfully evade detection. This paper addresses the limitations in existing research, focusing primarily on: the predominant focus on off-manifold attacks, while often overlooking subtler yet potent on-manifold attacks; a lack of consideration for the functional behavior of these attacks; reliance on detailed knowledge of the target NIDS for creating attacks; and the need for detailed knowledge about the creation process of adversarial attacks for effective detection. This paper introduces the Saliency Adversarial Autoencoder (SAAE), designed for generating on-manifold attacks through latent space perturbations. This dual-space perturbation approach enables SAAE to efficiently create stealthy attacks that blend with normal network behavior, posing significant challenges to state-of-the-art (SOTA) NIDS. To counter these advanced threats, we propose an attack-agnostic defence mechanism utilizing a fusion-based Autoencoder (AE) with disentangled representations. This defence is adept at detecting threats within the manifold, significantly enhancing NIDS robustness. Comparative assessments with SOTA DNN and Deep Reinforcement Learning (DRL) models highlight the effectiveness of our approach. The SAAE model markedly reduces True Positive Rates (TPR) in these systems. For DNNs, TPR dropped from 99.72% to 41.5%, and for DRLs, from 95.6% to 63.94%. Conversely, our defence model shows high TPR in detecting these attacks, registering 94% for DNNs and 92% for DRLs. Additionally, we release our dataset, named OOM-X-IIoTID<ce:cross-ref ref><ce:sup loc=\"post\">1</ce:sup></ce:cross-ref><ce:footnote><ce:label>1</ce:label><ce:note-para view=\"all\">The datasets can be found at the following link: <ce:inter-ref xlink:href=\"https://github.com/mohdah200/OOM-X-IIoTID\" xlink:type=\"simple\">https://github.com/mohdah200/OOM-X-IIoTID</ce:inter-ref>.</ce:note-para></ce:footnote>, which includes On/Off manifold adversarial attacks, a first in the field, to facilitate further research and development in cybersecurity.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"336 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142889236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Light up that Droid! On the effectiveness of static analysis features against app obfuscation for Android malware detection","authors":"Borja Molina-Coronado, Antonio Ruggia, Usue Mori, Alessio Merlo, Alexander Mendiburu, Jose Miguel-Alonso","doi":"10.1016/j.jnca.2024.104094","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104094","url":null,"abstract":"Malware authors have seen obfuscation as the mean to bypass malware detectors based on static analysis features. For Android, several studies have confirmed that many anti-malware products are easily evaded with simple program transformations. As opposed to these works, ML detection proposals for Android leveraging static analysis features have also been proposed as obfuscation-resilient. Therefore, it needs to be determined to what extent the use of a specific obfuscation strategy or tool poses a risk for the validity of ML Android malware detectors based on static analysis features. To shed some light in this regard, in this article we assess the impact of specific obfuscation techniques on common features extracted using static analysis and determine whether the changes are significant enough to undermine the effectiveness of ML malware detectors that rely on these features. The experimental results suggest that obfuscation techniques affect all static analysis features to varying degrees across different tools. However, certain features retain their validity for ML malware detection even in the presence of obfuscation. Based on these findings, we propose a ML malware detector for Android that is robust against obfuscation and outperforms current state-of-the-art detectors.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"71 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142889244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Clusters in chaos: A deep unsupervised learning paradigm for network anomaly detection","authors":"Seethalakshmi Perumal, P. Kola Sujatha, Krishnaa S., Muralitharan Krishnan","doi":"10.1016/j.jnca.2024.104083","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104083","url":null,"abstract":"In response to the escalating sophistication of cyber threats, traditional security measures are proving insufficient, necessitating advanced solutions. The complexity of cyberattacks renders standard protocols inadequate, leading to an increased frequency of disruptions, data breaches, and financial losses. To address aforementioned challenges, a novel deep clustering algorithm developed to handle high-dimensional network data. Furthermore, the suggested autoencoder method improves anomaly detection by enabling a threshold value. The integration of clustering and the autoencoder method effectively handles anomaly detection. More specifically, involving the grouping of similar normal data points through clustering, followed by training individual autoencoders for each cluster. This innovative technique captures nuanced patterns of normal behavior within each cluster, significantly enhancing the model’s ability to detect anomalies. In addition to implement the intelligent system, NSL-KDD dataset is considered. From the simulation results, the proposed Cluster Autoencoder Pair (CAEP) model reveals that the overall accuracy of 96%, precision of 97%, recall of 98%, and F1-score of 97%, demonstrating superior performance compared to other existing models for network anomaly detection.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"50 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142874157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Consensus hybrid ensemble machine learning for intrusion detection with explainable AI","authors":"Usman Ahmed, Zheng Jiangbin, Sheharyar Khan, Muhammad Tariq Sadiq","doi":"10.1016/j.jnca.2024.104091","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104091","url":null,"abstract":"Intrusion detection systems (IDSs) are dynamic to cybersecurity because they protect computer networks from malicious activity. IDS can benefit from machine learning; however, individual models may be unable to handle sophisticated and dynamic threats. Current cutting-edge research frequently concentrates on single machine-learning models for intrusion detection. They do not emphasize the necessity for more flexible and effective alternatives. The current computer network identification design techniques often need to improve efficiency and interpretability. Techniques that allow different models to operate together and adjust to dynamic network settings are required. This research addresses this gap, suggesting an innovative ensemble learning strategy, the ”Consensus Hybrid Ensemble Model” (CHEM)”, for intrusion detection. We combined different types of models, such as linear, nonlinear, and ensemble methods, neural networks, and probabilistic models, by using a metaclassifier approach. In this setup, a hybrid model of random forest (RF) and decision tree (DT) acts as the metaclassifier in a voting classifier, which uses consensus voting to align predictions from the various base classifiers. This method enhances the decision-making by considering each base classifier’s confidence and agreement. Local and global explanation models, such as the Shapley Additive explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME) approaches, contributed to the primary predictions of the models’ transparency. We used different datasets for testing, such as Kdd99, NSL-KDD, CIC-IDS2017, BoTNeTIoT, and Edge-IIoTset. The proposed ”CHEM” model shows impressive performance across several attack scenarios, including novel and zero-day attacks, and proves its ability to identify and adapt to changing cyber threats. Several ablation experiments were conducted on available datasets to train, test, evaluate, and compare the proposed ”CHEM” model with the most sophisticated and state-of-the-art models. This research combines machine learning algorithms to create a precise IDS that adapts to ever-changing cyber threats.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"60 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142874162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adaptive differential privacy in asynchronous federated learning for aerial-aided edge computing","authors":"Yadong Zhang, Huixiang Zhang, Yi Yang, Wen Sun, Haibin Zhang, Yaru Fu","doi":"10.1016/j.jnca.2024.104087","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104087","url":null,"abstract":"The integration of aerial-aided edge computing and federated learning (FL) is expected to completely change the way data is collected and utilized in edge computing scenarios, while effectively addressing the issues of data privacy protection and data distribution in this scenario. However, in the face of the challenge of device heterogeneity at the edge computing systems, most current synchronous federated learning approaches suffer from low efficiency because of the straggler effect. This issue can be significantly mitigated by adopting Asynchronous Federated Learning (AFL). Despite the potential benefits, AFL remains under-explored, posing a significant hurdle to optimizing the utility of privacy-enhanced AFL. To address this, we introduce adaptive differential privacy algorithms aimed at enhancing the balance between model utility and privacy in AFL. Our approach begins by defining two frameworks for privacy-enhanced AFL, taking into account various factors relevant to different adversary models. Through in-depth analysis of the model convergence in AFL, we demonstrate how differential privacy can be adaptively achieved while maintaining high utility. Extensive experiments on diverse training models and benchmark datasets showcase that our proposed algorithms outperform existing benchmark methods in terms of overall performance, enhancing test accuracy under similar privacy constraints and achieving faster convergence rates.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"128 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142873856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A survey of Machine Learning-based Physical-Layer Authentication in wireless communications","authors":"Rui Meng, Bingxuan Xu, Xiaodong Xu, Mengying Sun, Bizhu Wang, Shujun Han, Suyu Lv, Ping Zhang","doi":"10.1016/j.jnca.2024.104085","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104085","url":null,"abstract":"To ensure secure and reliable communication in wireless systems, authenticating the identities of numerous nodes is imperative. Traditional cryptography-based authentication methods suffer from issues such as low compatibility, reliability, and high complexity. Physical-Layer Authentication (PLA) is emerging as a promising complement due to its exploitation of unique properties in wireless environments. Recently, Machine Learning (ML)-based PLA has gained attention for its intelligence, adaptability, universality, and scalability compared to non-ML approaches. However, a comprehensive overview of state-of-the-art ML-based PLA and its foundational aspects is lacking. This paper presents a comprehensive survey of characteristics and technologies that can be used in the ML-based PLA. We categorize existing ML-based PLA schemes into two main types: multi-device identification and attack detection schemes. In deep learning-based multi-device identification schemes, Deep Neural Networks are employed to train models, avoiding complex processing and expert feature transformation. Deep learning-based multi-device identification schemes are further subdivided, with schemes based on Convolutional Neural Networks being extensively researched. In ML-based attack detection schemes, receivers utilize intelligent ML techniques to set detection thresholds automatically, eliminating the need for manual calculation or knowledge of channel models. ML-based attack detection schemes are categorized into three sub-types: Supervised Learning, Unsupervised Learning, and Reinforcement Learning. Additionally, we summarize open-source datasets used for PLA, encompassing Radio Frequency fingerprints and channel fingerprints. Finally, this paper outlines future research directions to guide researchers in related fields.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"15 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142825310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimizing federated learning with weighted aggregation in aerial and space networks","authors":"Fan Dong, Henry Leung, Steve Drew","doi":"10.1016/j.jnca.2024.104086","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104086","url":null,"abstract":"Federated learning offers a promising solution for overcoming the challenges of networking and data privacy in aerial and space networks by harnessing large-scale private edge data and computing resources from drones, balloons, and satellites. Although existing research has extensively explored optimizing the learning process, improving computing efficiency, and reducing communication overhead, statistical heterogeneity remains a substantial challenge for federated learning optimization. While state-of-the-art algorithms have made progress, they often overlook diversity heterogeneity and fail to significantly improve performance in high-degree label heterogeneity conditions. In this paper, statistical heterogeneity is further dissected into two categories: diversity heterogeneity and label heterogeneity, allowing for a more nuanced analysis. It also emphasizes the importance of addressing both diversity heterogeneity and high-degree label heterogeneity in aerial and space network applications. A theoretical analysis is provided to guide optimization in these two challenging scenarios. To tackle diversity heterogeneity, the WeiAvgCS algorithm is introduced to accelerate federated learning convergence. This algorithm employs weighted aggregation and client selection based on an estimated diversity measure, termed <ce:italic>projection</ce:italic>, enabling WeiAvgCS to outperform other benchmarks without compromising privacy. For high-degree label heterogeneity, the FedBalance algorithm is proposed, utilizing the label distribution information of each client. A novel metric, termed <ce:italic>relative scarcity</ce:italic>, is introduced to determine the aggregation weights assigned to clients. During the training process, fully homomorphic encryption is employed to protect clients’ label distributions. Additionally, two communication protocols are designed to facilitate training across different scenarios. Extensive experiments were conducted, demonstrating the effectiveness of WeiAvgCS and FedBalance in addressing the research gaps in diversity heterogeneity and high-degree label heterogeneity.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"32 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142873857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel community-driven recommendation-based approach to predict and select friendships on the social IoT utilizing deep reinforcement learning","authors":"Babak Farhadi, Parvaneh Asghari, Ebrahim Mahdipour, Hamid Haj Seyyed Javadi","doi":"10.1016/j.jnca.2024.104092","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104092","url":null,"abstract":"The study of how to integrate Complex Networks (CN) within the Internet of Things (IoT) ecosystem has advanced significantly because of the field's recent expansion. CNs can tackle the biggest IoT issues by providing a common conceptual framework that encompasses the IoT scope. To this end, the Social Internet of Things (SIoT) perspective is introduced. In this study, a dynamic community-driven recommendation-oriented connection prediction and choice strategy utilizing Deep Reinforcement Learning (DRL) is proposed to deal with the key challenges located in the SIoT friendship selection component. To increase the efficiency of exploration, we incorporate an approach motivated by curiosity to create an intrinsic bonus signal that encourages the DRL agent to efficiently interact with its surroundings. Also, a novel method for Dynamic Community Detection (DCD) on SIoT to carry out community-oriented object recommendations is introduced. Lastly, we complete the experimental verifications utilizing datasets from the real world, and the experimental findings demonstrate that, in comparison to the related baselines, the approach presented here can enhance the accuracy of the social IoT friendship selection task and the effectiveness of training.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"148 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142873860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A secure routing and malicious node detection in mobile Ad hoc network using trust value evaluation with improved XGBoost mechanism","authors":"Geetika Dhand, Meena Rao, Parul Chaudhary, Kavita Sheoran","doi":"10.1016/j.jnca.2024.104093","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104093","url":null,"abstract":"Mobile ad hoc networks (MANETs) are beneficial in a wide range of sectors because of their rapid network creation capabilities. If mobile nodes collaborate and have mutual trust, the network can function properly. Routing becomes more difficult, and vulnerabilities are exposed more quickly as a result of flexible network features and frequent relationship flaws induced by node movement. This paper proposes a method for evaluating trust nodes using direct trust values, indirect trust values, and comprehensive trust values. Then, evaluating the trust value, the network's malicious and non-malicious nodes are identified using the Improved Extreme Gradient Boosting (XGBoost) algorithm. From the detected malicious nodes, the cluster head is chosen to ensure effective data transmission. Finally, the optimal routes are chosen using a novel Enhanced Cat Swarm-assisted Optimized Link State Routing Protocol (ECSO OLSRP). Furthermore, the Cat Swarm Optimization (CSO) algorithm determines the ideal route path based on characteristics such as node stability degree and connection stability degree. Because the proposed technique provides secure data transmission, node path setup, and node efficiency evaluation, it can maintain network performance even in the presence of several hostile nodes. The performance of the proposed trust-based approach security routing technique in terms of packet delivery ratio of nodes (0.47), end-to-end delay time of nodes (0.06), network throughput of nodes (1852.22), and control overhead of nodes (7.41).","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"1 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142873859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Label-aware learning to enhance unsupervised cross-domain rumor detection","authors":"Hongyan Ran, Xiaohong Li, Zhichang Zhang","doi":"10.1016/j.jnca.2024.104084","DOIUrl":"https://doi.org/10.1016/j.jnca.2024.104084","url":null,"abstract":"Recently, massive research has achieved significant development in improving the performance of rumor detection. However, identifying rumors in an invisible domain is still an elusive challenge. To address this issue, we propose an unsupervised cross-domain rumor detection model that enhances contrastive learning and cross-attention by label-aware learning to alleviate the domain shift. The model performs cross-domain feature alignment and enforces target samples to align with the corresponding prototypes of a given source domain. Moreover, we use a cross-attention mechanism on a pair of source data and target data with the same labels to learn domain-invariant representations. Because the samples in a domain pair tend to express similar semantic patterns, especially on the people’s attitudes (e.g., supporting or denying) towards the same category of rumors. In addition, we add a label-aware learning module as an enhancement component to learn the correlations between labels and instances during training and generate a better label distribution to replace the original one-hot label vector to guide the model training. At the same time, we use the label representation learned by the label learning module to guide the production of pseudo-label for the target samples. We conduct experiments on four groups of cross-domain datasets and show that our proposed model achieves state-of-the-art performance.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"117 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2024-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142825314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}