Department of Computer Science and Information Systems

Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928

Browse

Filters

2022 - 20232

Settings

Author: search.filters.author.Viswanathan, SangeethaSubject: search.filters.subject.Anomaly detection

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Anomaly-based Intrusion Detection using GAN for Industrial Control Systems
    (IEEE, 2022) Viswanathan, Sangeetha
    In recent years, cyber-attacks on modern industrial control systems (ICS) have become more common and it acts as a victim to various kind of attackers. The percentage of attacked ICS computers in the world in 2021 is 39.6%. To identify the anomaly in a large database system is a challenging task. Deep-learning model provides better solutions for handling the huge dataset with good accuracy. On the other hand, real time datasets are highly imbalanced with their sample proportions. In this research, GAN based model, a supervised learning method which generates new fake samples that is similar to real samples has been proposed. GAN based adversarial training would address the class imbalance problem in real time datasets. Adversarial samples are combined with legitimate samples and shuffled via proper proportion and given as input to the classifiers. The generated data samples along with the original ones are classified using various machine learning classifiers and their performances have been evaluated. Gradient boosting was found to classify with 98% accuracy when compared to other
  • No Thumbnail Available
    Item
    Classifying DNS over HTTPS Malicious/Benign Traffic Using Deep Learning Models
    (IEEE, 2023) Viswanathan, Sangeetha
    As we live in an era where privacy over the Internet has become rudimentary, protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT), which promote encryption, have become popular. While these protocols were introduced to overcome the drawbacks of DNS protocol, even DoH has some security issues that need to be tackled to prevent any misuse. Herein, we implemented deep learning models to classify DNS over HTTPS traffic and found the most efficient method in regard to time-required complexity and computational requirements. Previous studies have used a variety of features from datasets to identify malicious activities. Although machine learning and deep learning models are commonly used, they require more human intervention. These models are also more computationally complex, as one is required to tune the model and its parameters for accurate results. In comparison, some deep learning models are more efficient as they work well without any human intervention and are capable of parameter tuning by themselves. In this work, we used the CIRA-CIC-DoHBrw-2020 dataset and performed data imbalance handling, one hot encoding, and feature selection to create a model that can be used for a more generalized environment. We implemented long short-term memory (LSTM), bidirectional LSTM (BiLSTM), and gated recurrent unit (GRU) models to classify DoH traffic with high accuracy. Although the mentioned models produced good accuracy, the BiLSTM model performs better than the LSTM model in the time taken for prediction and accuracy; the GRU model outperformed both LSTM and BiLSTM models in terms of accuracy, computation time, and computation complexity. Hence, it is more efficient than both LSTM and BiLSTM models.