The SSL/TLS protocol is widely used in data encryption transmission. Aiming at the problem of detecting SSL/TLS-encrypted malicious traffic with small-scale and unbalanced training data, a deep-forest-based detection method called DF-IDS proposed this paper. According to characteristics SSL/TSL protocol, network was split into sessions according 5-tuple information. Each session then transforme...

Traditional machine learning models used for network intrusion detection systems rely on vast amounts of traffic data with expertly engineered features. The abundance computational and expert resources at the enterprise level allow employment such models; however, these quickly dwindle in edge scenarios. As Internet Battlefield Things (IoBT) networks become common place tactical environments, t...

Network anomaly detection and classification is an important open issue in network security. Several approaches and systems based on different mathematical tools have been studied and developed, among them, the Anomaly-Network Intrusion Detection System (A-NIDS), which monitors network traffic and compares it against an established baseline of a “normal” traffic profile. Then, it is necessary t...

Traffic congestion can be broadly classified as recurrent and non-recurrent based on its relation with daily variation of traffic demand. The former is mainly the result of traffic incidents such as accidents, vehicle breakdowns or any other incident that impedes the normal flow of traffic. Furthermore, traffic incidents could increase the severity of recurrent congestion in terms of the impact...

With the rapid growth of the categories and numbers of network attacks and the increasing network bandwidth, network traffic anomaly detection systems confront with both higher false positive rate and false negative rate. A traffic anomaly detection system with high precision is presented in this paper. First, we use multi-level and multi-dimensional online OLAP method to analyze traffic data. ...

In the proposed hybrid intrusion detection process, misuse detection and anomaly detection model is integrated to detect the attack in traffic pattern. In misuse detection model, the traffic pattern is classified into known attack and not known attack. Each extracted normal data set does not have known attack and it contains small amount of varied connection patterns than overall normal data se...

Accurate Incident detection is one of the important components in Intelligent Transportation Systems. It identifies traffic abnormality based on input signals obtained from different type traffic flow sensors. To date, the development of Intelligent Transportation Systems has urged the researchers in incident detection area to explore new techniques with high adaptability to changing site traff...

Active worms major security threats to the Internet. This is due to the ability of active worms to propagate in an automated fashion as they continuously compromise computers on the Internet. Active worms evolve during their propagation, and thus, pose great challenges to defend against them. In this paper, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm in ...

The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts ...

Network anomaly detection has been a hot research topic for many years. Most detection systems proposed so far employ a supervised strategy to accomplish the task, using either signature-based detection methods or supervised-learning techniques. However, both approaches present major limitations: the former fails to detect unknown anomalies, the latter requires training and labeled traffic, whi...