Optimized Intrusion Detection System Using Deep Learning Algorithm
Optimized Intrusion Detection System Using Deep Learning Algorithm
Optimized Intrusion Detection System Using Deep Learning Algorithm
Comput er Communicat ions and Net works Josephh Miggaa Kizza Guide t o Comput er Net work Securit …
Ikhwan Ardiant o
Akshaya College of Engineering and Technology, Kinathukadavu, Coimbatotre, Tamil Nadu, India
ABSTRACT
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer
network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two
different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a
network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined
Network (SDN) proposes the separation of forward and control planes by introducing a new independent plane called network
controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based
at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The
performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code
generation time for both SDN and the proposed machine learning SDN.
1. INTRODUCTION
1.1. NETWORK SECURITY system that analyzes the traffic crossing the network,
A series of devices or computing nodes interconnected by classifies packets according to header, content, or pattern
communication link that allow to share and exchange the matching, and further inspects payload information with
data among all devices is defined by the term ‘Network’. A respect to content/regular-expression matching rules for
device can be anything which is capable of sending or detecting the occurrence of anomalies or attacks. FPGA
receiving the data that is generated by the device and that is combined FA based NIDS efficiently handles the anomaly and
exchanged over the medium or channel. In other words, intruded packet in the network.
more than one autonomous computer is grouped together to
exchange the information using the communication channel Network intrusion detection systems (NIDS) are an
is called as ‘Network’. In computer networks, the following important tool to protect network systems from external
characteristics or factors are mainly used to classify the attack. NIDS are used to identify and analyze packets that
various types of networks. may signify an impending threat to organization’s network.
Traditional software-based NIDS architectures are becoming
1.2. INTRUSION DETECTION SYSTEM strained as network data rates increase and attacks intensify
An Intrusion detection system (IDS) is an active process or in volume and complexity. In recent years, researchers have
device that analyzes system and network activity for proposed using FPGAs to perform the computationally-
unauthorized entry or malicious activity. The ultimate aim of intensive components of a NIDS.
any IDS is to catch perpetrators in the act before they do real
damage to resources. An IDS protects a system from attack, MODEL BASED INTRUSION DETECTION
misuse, and compromise. It can also monitor network It states that certain scenarios are inferred by certain other
activity, audit network and system configurations for observable activities. If these activities are monitored, it is
vulnerabilities, analyze data integrity, and more. Intrusion possible to find intrusion attempts by looking at activities
detection system (IDS) is software that automates the that infer a certain intrusion scenario. The model-based
intrusion detection process. The primary responsibility of scheme consists of three important modules. The anticipator
IDS is to detect unwanted and malicious activities. uses the active models and the scenario models to try to
predict the next step in the scenario that is expected to
Intrusion Prevention System (IPS) is software that has all the occur. A scenario model is a knowledge base with
capabilities of an intrusion detection system and can also specifications of intrusion scenarios. The planner then
attempt to stop possible incidents. An intrusion detection translates this hypothesis into a format that shows the
system (IDS) is a type of security software designed to behavior, as it would occur in the audit trail. It uses the
automatically alert administrators when someone or predicted information to plan what to search for next. A
something is trying to compromise information system NIDS aims at detecting possible intrusions such as a
through malicious activities or through security policy malicious activity, computer attack or computer misuse,
violations. spread of a virus, etc, and alerting the proper individuals
upon detection.
1.3. NETWORK INTRUSION DETECTION
A Network intrusion detection system (NIDS) is a 2. LITERATURE SURVEY
combination of hardware and software that monitors a As more wireless and sensor networks are deployed, they
computer network for attempts to violate a security policy. will increasingly become tempting targets for malicious
Network intrusion detection system identifies and attacks. Due to the shared nature of the wireless medium,
eliminates misbehaving malicious in the network. A NIDS is a attackers can gather useful identity information during
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 528
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
passive monitoring and further utilize the identity Kerberos in a general environment. This means that
information to launch identity-based attacks, in particular, security-critical assumptions must be few in number and
the two most harmful but easy to launch attacks: 1) spoofing stated clearly. For the widest utility, the network must be
attacks and 2) Sybil attacks. In identity-based spoofing considered as completely open. Specifically, the protocols
attacks, an attacker can forge its identity to masquerade as should be secure even if the network is under the complete
another device or even create multiple illegitimate identities control of an adversary. This means that defeating the
in the networks. protocol should require the adversary to invert the
encryption algorithm or to subvert a principal specifically
For instance, in an IEEE 802.11 network, it is easy for an assumed to be trustworthy. Only such a strong design goal
attacker to modify its Media Access Control address of can justify the expense of encryption.
Network interface card to another device through vendor-
supplied NIC drivers or open-source NIC drivers. In addition, Authorization Model And Access Control
by masquerading as an authorized wireless Access point or In this section, discuss about the secure information sharing
an authorized client, an attacker can launch Denial-of-service using the hierarchical path. Our focus is on maintaining the
attacks, bypass access control mechanisms, or falsely hierarchy rather than maintaining a shortest path. U sage
advertise services to wireless clients. On the other hand, in policy: If user is authorized to access data of a particular
Sybil attacks, a Sybil node can forge different identities to level in the network, then it performs the operation as many
trick the network with multiple fake nodes. The Sybil attack times he wants. Essentially there is no predefined usage
can significantly reduce the network performance by control. In this model, the authorization starts with the level
defeating group-based voting techniques and fault-tolerant selection of the network. At the time of choosing the levels,
schemes. the nodes can have their keys for the secure communication.
A node can have different paths to reach to other nodes; it
Therefore, identity-based attacks will have a serious impact can choose any particular path based on the preference.
to the normal operation of wireless and sensor networks. It
is thus desirable to detect the presence of identity-based Attribute-Based Access Control: This kind of access control
attacks and eliminate them from the network. The uses attribute-based encryption techniques in which a
traditional approach to address identity-based attacks is to sender encrypts a data packet with an access policy and a
apply cryptographic authentication. However, authentication receiver decrypts the packet and reads its content only if its
requires additional infrastructural overhead and attributes satisfy the access policy. An example of the
computational power associated with distributing and schemes which use such techniques is called Secure
maintaining cryptographic keys. Due to the limited power symptom based handshake (SSH).
and resources available to the wireless devices and sensor
nodes, it is not always possible to deploy authentication. Confidentiality is the term used to prevent the disclosure of
information to unauthorized individuals or systems. In other
Detecting the presence of identity-based attacks in the words, it means that no one can gain, read, or manipulate
network provides first order information toward defending information other than for whom it is intended. Basically,
against attackers. Furthermore, learning the physical confidentiality is achieved in two steps: encryption and
location of the attackers allows the network administrators decryption. Using encryption, the sender converts plaintext
to further exploit a wide range of defense strategies. This to ciphertext with the aim of rendering it unintelligible to
explore and how can find the positions of the adversaries by parties except the intended recipient. Using decryption,
integrating our attack detector into a real-time indoor ciphertext is rendered intelligible to the intended recipient
localization system. Our cluster-analysis-based attack by converting it back to the plaintext.
detector is not specific to any RSS-based localization
algorithms and is thus general. For two kinds of algorithms, 3. EXISTING SYSTEM
area- and point-based algorithms, show that using the Cross Layer Design
centroids of the clusters that are returned by the attack Cross layer design, where the boundary among the protocol
detector in signal space as the input to the localization layers is a violated by sharing internal information, helping
system, the positions of the attackers can be localized with layers to become aware of the changes in the others and
the same relative estimation errors as under normal provide higher quality of services to the user. To allow
conditions. communication between layers by permitting one layer to
access the data of the layer to exchange information and
Kerberos Authentication System enable integration. Cross-layer designs involve cross-layer
The Kerberos authentication system was introduced by MIT signaling which is not defined in the protocol architecture.
to meet the needs of Project Athena. It has since been These signaling methods should consume as scarce
adopted by a number of other organizations for their own resources as possible reducing the overhead.
purposes, and is being discussed as a possible standard.
These problems fall into several categories. Some stem from Packet headers: Information can be encoded in layer headers
the Project Athena environment. Kerberos was designed for which can later be used by some other layer to glean the
that environment; if the basic assumptions differ, the desired information. This can be compared to have pipe like
authentication system may need to be changed as well. Other flow of signals among the layers.
problems are simply deficiencies in the protocol design.
Some of these are corrected in the proposed version 5 of ICMP messages: In IP based networks, Internet Control
Kerberos, but not all. Message Protocol (ICMP) messages can be used for signaling.
However, as ICMP messages are always encapsulated by IP
Kerberos is a security system. The functionality and packets, the messages have to traverse through the network
efficiency, our primary emphasis is on the security of
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 529
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
layer, even if the interacting layer pairs are data link and must send either the certificate message or a no certificate
physical or transport and application. alert. The client key exchange message is now sent, and the
content of that message will depend on the public key
The estimation of link available bandwidth from mac layer algorithm selected between the client hello and the server
information that take into account the activities of the node’s hello. If the client has sent a certificate with signing ability, a
neighbours and adapt to change of channel condition digitally-signed certificate verify message is sent to explicitly
dynamically is used in the network layer to provide efficient verify the certificate.
routing. And radio selection and channel assignment from
physical layer is used, Best-effort traffic and Real-time traffic At this point, a change cipher spec message is sent by the
from application layer is used to provide QoS guarantee for client, and the client copies the pending CipherSpec into the
real-time multimedia applications. current CipherSpec. The client then immediately sends the
finished message under the new algorithms, keys, and
Network layer: secrets. In response, the server will send its own change
It is main layer which executes the DAWN process. The cipher spec message, transfer the pending to the current
following procedures are implemented in network layer CipherSpec, and send its finished message under the new
itself. CipherSpec. At this point, the handshake is complete and the
1. Traffic classification client and server may begin to exchange application layer
2. Executing physical routing data.
3. Logical routing from bandwidth information
Client Server
Mac layer:
Like all 802.11 network, nodes broadcasts RTS, CTS, Data Client Hello -------->
acknowledge handshake process and complete the Server Hello
transmission for all packet. And each time of transmission
node maintains the used bandwidth value and calculates Certificate*
remaining raw bandwidth value. Then idle duration is Server Key Exchange*
calculated for each node. And available bandwidth value is Certificate Request*
calculated from raw and idle values. <-------- ServerHelloDone
Certificate*
Physical layer:
Channel assignment and interface switching process is Client Key Exchange
executed in this layer. By selecting the maximum CSI value Certificate Verify*
interface to be selected for transmission is identified. [Change Cipher Spec]
Security Management Finished -------->
SSL Certificates have a key pair: a public and a private key. [ChangeCipherSpec]
Device connects to a web server (website) secured with SSL <-------- Finished
(https). Device requests that the server identify itself. Server Application Data <-------> Application Data
sends a copy of its SSL Certificate, including the server public
key. Device checks the certificate root against a list of trusted *Indicates optional or situation-dependent messages that
CAs and that the certificate is unexpired, unrevoked, and that are notalways sent.
its common name is valid for the website that it is connecting
to. If the Device trusts the certificate, it creates, encrypts, and 4. IMPLEMENTATION
sends back a symmetric session key using the servers public Implementing and using SSL to secure HTTP traffic
key. Server decrypts the symmetric session key using its Security of the data stored on a file server is very important
private key and sends back an acknowledgement encrypted these days. Compromised data can cost thousands of dollars
with the session key to start the encrypted session. to company. In the last section, compiled LDAP
authentication module into the Apache build to provide a
The cryptographic parameters of the session state are Authentication mechanism. However, HTTP traffic is very
produced by the SSL handshake protocol, which operates on insecure, and all data is transferred in clear text - meaning,
top of the SSL record layer the client sends a client hello the LDAP authentication (userid/passwd) will be
message to which the server must respond with a server transmitted as clear text as well. This creates a problem.
hello message, or else a fatal error will occur and the Anyone can sniff these userid/passwd and gain access to
connection will fail. The client hello and server hello DAV store. To prevent this encrypt the HTTP traffic is
establish the following attributes: Protocol Version, Session essentially as HTTP + SSL or HTTPS. Anything transferred
ID, Cipher Suite, and Compression Method. over HTTPS is encrypted, so the LDAP userid/passwdcan not
be easily deciphered. HTTPS runs on port 443.
Following the hello messages, the server will send its
certificate, if it is to be authenticated. Additionally, a server Introduction to SSL
key exchange message may be sent, if it is required .If the SSL is a protocol layer that exists between the Network
server is authenticated, it may request a certificate from the Layer and Application layer. As the name suggest SSL
client, if that is appropriate to the cipher suite selected. Now provides a mechanism for encrypting all kinds of traffic -
the server will send the server hello done message, LDAP, POP, IMAP and most importantly HTTP.
indicating that the hello-message phase of the handshake is
complete. The server will then wait for a client response. If
the server has sent a certificate request message, the client
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 530
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
Encryption algorithms used in SSL Step1: In this step the Original "Clear Text" message is
There are three kinds of cryptographic techniques used in encrypted using the Sender's Private Key, which
SSL: Public-Private Key, Symmetric Key, and Digital results in Cipher Text 1. This ensures the
Signature. Authenticity of the sender.
Step2: In this step the "CipherText 1" is encrypted using
Public-Private Key Crytography - Initiating SSL connection: Receiver's Public Key resulting in "CipherText 2".
In this algorithm, encryption and decryption is performed This will ensure the Authenticity of the Receiver i.e.
using a pair of private and public keys. The Web-server holds only the Receiver can decipher the Messsage using
the private Key, and sends the Public key to the client in the his Private Key.
Certificate. Step3: Here the SHA1 Message Digest of the "Clear Text" is
created.
The following is a over-simplified structure of the layers Step4: SHA1 Message Digest is then encrypted using
involved in SSL. Sender's Private Key resulting in the Digital
+-------------------------------------------+ Signature of the "ClearText". This Digital Signature
| LDAP | HTTP | POP | IMAP | can be used by the receiver to ensure the Integrity
+-------------------------------------------+ of the message and authenticity of the Sender.
| SSL | Step5: The "Digital Signature" and the "CipherText 2" are
+-------------------------------------------+ then send to the Receiver.
| Network Layer |
+-------------------------------------------+ SSL Certificates have a key pair: a public and a private key.
1. Device connects to a web server (website) secured with
1. The client request content from the Web Server using SSL (https). Device requests that the server identify
HTTPS. itself.
2. The web server responds with a Digital Certificate which 2. Server sends a copy of its SSL Certificate, including the
includes the server's public key. server’s public key.
3. The client checks to see if the certificate has expired. 3. Device checks the certificate root against a list of trusted
4. Then the client checks if the Certificate Authority that CAs and that the certificate is unexpired, unrevoked, and
signed the certificate, is a trusted authority listed in the that its common name is valid for the website that it is
Device. The client then checks to see if the Fully connecting to. If the Device trusts the certificate, it
Qualified Domain Name (FQDN) of the web server creates, encrypts, and sends back a symmetric session
matches the Comman Name (CN) on the certificate? key using the server’s public key.
4. Server decrypts the symmetric session key using its
Anything encrypted with Private Key can only be decrypted private key and sends back an acknowledgement
by using the Public Key. Similarly anything encrypted using encrypted with the session key to start the encrypted
the Public Key can only be decrypted using the Private Key. session.
There is a common mis-conception that only the Public Key 5. Server and Device now encrypt all transmitted data with
is used for encryption and Private Key is used for decryption. the session key.
This is not case. Any key can be used for
encryption/decryption. However if one key is used for The cryptographic parameters of the session state are
encryption then the other key must be used for decryption. produced by the SSL handshake protocol, which operates on
e.g. A message cannot encrypted and then decrypted using top of the SSL record layer. When an SSL client and server
only the Public Key. first start communicating, they agree on a protocol version,
select cryptographic algorithms, optionally authenticate each
Using Private Key to encrypt and a Public Key to decrypt other, and use public key encryption techniques to generate
ensures the integrity of the sender (owner of the Private shared secrets. These processes are performed in the
Key) to the recipients. Using Public Key to encrypt and a handshake protocol, which can be summarized as follows:
Private Key to decrypt ensures that only the inteded the client sends a client hello message to which the server
recipient (owner of the Private Key) will have access to the must respond with a server hello message, or else a fatal
data.(i.e. only the person who holds the Private Key will be error will occur and the connection will fail.
able to decipher the message).
A cryptography system design which are related to
Symmetric Cryptography - Actual transmission of data: After generation, exchange, storage, safeguarding, use, vetting, and
the SSL connection has been established, Symmetric replacement of keys in key management. It includes
cryptography is used for encrypting data as it uses less CPU cryptographic protocol design which includes key servers,
cycles. In symmetric cryptography the data can be encrypted user procedures, and other relevant protocols. Key
and decrypted using the same key. The Key for symmetric management concerns keys at the user level, either between
cryptography is exchanged during the initiation process, users or systems. This is in contrast to key scheduling; key
using Public Key Cryptography. scheduling typically refers to the internal handling of key
material within the operation of a cipher. Successful key
Message Digest The server uses message digest algoritm management is critical to the security of a cryptosystem.
such as HMAC, SHA-1, MD5 to verify the integrity of the
transferred data. SCALABILITY
The ability of a system, network, or process, to handle
Ensuring Authenticity and Integrity growing amount of work in a capable manner or its ability to
Encryption be enlarged to accommodate that growth. Scalability, as a
property of systems, is generally difficult to define and in any
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 531
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
particular case it is necessary to define the specific system by employing the learning process using the
requirements for scalability on those dimensions that are Boltzmann learning parameters. During the data
deemed important. It is a highly significant issue in transmission, packet drop process and packet delaying can
electronics systems, databases, routers, and networking. A be occurred due to the congestion and the collision along
system whose performance improves after adding hardware, with the unavailability of the channel beau case of the hidden
proportionally to the capacity added, is said to be a scalable terminal and exposed terminal problem. This will lead to the
system. An algorithm, design, networking protocol, program, false detection of the normal behaviour as malicious
or other system is said to scale,(e.g. a large input data set or a behaviour in the network environment. In order to handle
large number of participating nodes in the case of a this network dynamics, the learning system is employed
distributed system). If the design fails when the quantity based on the reinforcement learning system.
increases, it does not scale. 1. The behavioural prediction and decision making system
is operated from the input collected during the learning
focuses on well-understood security attributes and features process.
such as integrity, authentication, authorization, key 2. From the collected input, the collaborated view of the
management, and intrusion detection. A classification of IDS hidden layer is formed by using the dynamic Bayesian
risks and vulnerabilities has recently been published by network with Boltzmann input.
NIST. Working mechanism is as follows:Initially network is 3. The Dynamic Bayesian Network is constructed with the
deployed with server, router, commander and DDOS 3 input models,
attackers A. Inference model
1. Communication tree is formed between all wireless B. Parameter learning
devices using the router nodes as interface C. Structured learning
2. Commander node initiates the DDOS attack by sending 4. The inference system collects the variation between the
the command message with victim id to all DDOS Actual state and the expected state after performing the
attackers present in the network. initial IDS
3. Command message is rebroadcasted to all DDOS 5. For each inferences identified in the system, the
attackers and it launches the attack to reduce the collected parameters are differentiated with respect to
availability of resource of the victim node. the identified behaviour of the node and channel in
4. Flow monitoring is performed by all router nodes which terms of state information in the parameter learning
validate the each incoming flows. process.
5. It computes the data generation rate of each monitoring
flow and performs the IP trace back A deep Boltzmann machine (DBM) is a recently introduced
Markov random field model that has multiple layers of
IDS algorithm hidden units. It has been shown empirically that it is difficult
1. Once the network deployment gets completed, data to train a DBM with approximate maximum-likelihood
transmission is originated between source and learning using the stochastic gradient unlike its simpler
destination. special case, restricted Boltzmann machines (RBM)Deep
2. A network device may fail to forward a packet due to Boltzmann machine (DBM) is a recently introduced variant
various reasons. of Boltzmann machines which extends widely used
3. During the situation, the devices generates the ICMP restricted Boltzmann machines (RBM) to a model that has
error message (path backscatter message) multiple hidden layers. It differs from the popular deep
4. But the packet contains the IP spoofed id as source id, belief network (DBN) which is built by stacking multiple
then the packet will sent to the source IP address layers of RBMs. DBMs facilitate propagating uncertainties
indicated in the original packet ie., the node who owns across multiple layers of hidden variables. Although it is
the actual ip address straightforward to derive a learning algorithm.
5. The ICMP message is generated during the high class
congestion occurred in the data transmission Deep Boltzmann machines are interesting for several
reasons. First, like deep belief networks, DBM’s have the
The proposed system is designed by using the principle potential of learning internal representations that become
component analysis. The proposed approach working increasingly complex, which is considered to be a promising
mechanism is as follows: way of solving object and speech recognition problems.
1. Network is deployed with set of mobile nodes including Second, high-level representations can be built from a large
major and minor player supply of unlabeled sensory inputs and very limited labeled
2. Data transmission is initiated between mobilenodes by data can then be used to only slightly fine-tune the model for
forming the multihop route a specific task at hand. Finally, unlike deep belief networks,
3. DOS attacker nodes launches attacks against victim node the approximate inference procedure, in addition to an
(src and dst nodes) initial bottom up pass, can incorporate top-down feedback,
4. Packet is captured and either dropped or content is allowing deep Boltzmann machines to better propagate
changed by the DOS attacker uncertainty about, and hence deal more robustly with,
5. Major and minor player game is invoked between ambiguous input.
mobile nodes to perform the detection process
6. IDS nodes performs the data validation and attack RESULT AND DISCUSSION
detection process by applying the Machine Learning. OPERATIONAL ENVIRONMENT
The real world testing process is done in C#.net environment
The proposed system is designed by using the reinforcement by running the working design using the validation metrics.
learning in the machine learning model which significantly This analysis is used to test the performance of the existing
improves accuracy of the intrusion and anomaly detection protocols as well as newly derived protocols.The
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 532
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
performance evaluation is conducted to validate the
execution of the proposed technique in terms of packet
related metrics such as key generation and key sharing
delay, hash code generation delay. The table shows that the
parameters used to perform the network performance
validation.
(2)
Figure7.3.Hash Generation Delay
Hash Generation Delay: Hashing delay refers the time
required to complete the hash code generation and it is Figure 4, 5 and 6 shows the average performance
estimated using equation (3). comparisons between SDN and MLSDN in terms of Key
Generation Delay, Key Sharing Delayand Hash Generation
Delay respectively.
(3)
5. PERFORMANCE EVALUATION
Figure 1, 2 and 3 shows the comparisons between Software
Defined Network (SDN) and Machine Learning Software
Defined Network (MLSDN) in terms of Key Generation Delay,
Key Sharing Delayand Hash Generation Delay respectively. It
outcomes in key generation process and key sharing process.
In case of Key Generation Delay, MLSDN achieves higher
performance by obtaining the lower delay. Similarly for Key
SharingDelay MLSDN in lower latency compare to SDN. In
case of Hash Generation Delay, MLSDN achieves lower delay
while generating the hash code.
CONCLUSION
The SDN model is the novel networking model which utilizes
the separation of forward and control planes by introducing
a new independent plane called network controller. The
architecture enhances the network resilient, decompose
management complexity, and support more straight forward
network policies enforcement. Proposed IDS system
analyzes the network activity for unauthorized entry or
malicious activity using the machine learning algorithm
instead of software defined network. Proposed system that
analyzes the traffic crossing the network, classifies packets
according to header, content, or pattern matching, and
further inspects payload information with respect to
content/regular-expression matching rules for detecting the
Figure7.2. Key Sharing Delay occurrence of anomalies or attacks
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 533
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
FUTURE WORK Multimodal Deep Learning. IEEE Transactions on
It can enhance by deep learning optimization scheme for Multimedia, 20(4), pp.997-1007.
secure channel processing. Compliance with real-time
[5] Jiang, F., Fu, Y., Gupta, B.B., Lou, F., Rho, S., Meng, F. and
constraints: In real-time applications, data is delay con-
Tian, Z., 2018. Deep Learning based Multi-channel
strained and has a certain bandwidth requirement. For
intelligent attack detection for Data Security. IEEE
instance, scheduling messages with deadlines is an
Transactions on Sustainable Computing.
important issue in order to take appropriate actions in real
time. However, due to the interference and contention on the [6] G.-G. Wang, X. Cai, Z. Cui, G. Min, and J. Chen. High
wireless medium, this is a challenging task. Multi-channel performance computing for cyber physical social
communication can help to reduce the delay by increasing systems by using evolutionary multi-objective
the number of parallel transmissions and help the network optimization algorithm. IEEE Transactions on Emerging
to achieve real-time guarantees. Assignment of overlapping Topics in Computing, 2017. [26] L. Wang, H. Geng, P. Liu,
channels during run-time: Use of overlapping channels at K. Lu, J. Kolodziej, R. Ranjan,
run time during medium access is an interesting and
[7] Lei, L., You, L., Dai, G., Vu, T.X., Yuan, D. and Chatzinotas,
challenging future research direction.
S., 2017, August. A deep learning approach for
optimizing content delivering in cache-enabled HetNet.
REFERENCES
In Wireless Communication Systems (ISWCS), 2017
[1] Khoshkbarforoushha, R. Ranjan, R.Gaire, E. Abbasnejad,
International Symposium on (pp. 449-453). IEEE.
L. Wang, and A. Y. Zomaya. Distribution based workload
modelling of continuous queries in clouds. IEEE [8] Loukas, G., Vuong, T., Heartfield, R., Sakellari, G., Yoon, Y.
Transactions on Emerging Topics in and Gan, D., 2018. Cloud-based cyber-physical intrusion
Computing,5(1):120–133, 2017 detection for vehicles using Deep Learning. IEEE Access,
6, pp.3491-3508.
[2] Benaloh.J, “Key Compression and Its Application to
Digital Fingerprinting” technical report, Microsoft [9] Y. Ye, T. Li, D. Adjeroh, and S. S. Iyengar. A survey on
Research, 2009. malware detection using data mining techniques. ACM
Computing Surveys(CSUR), 50(3):41, 2017
[3] D. D´ıaz-Pernil, A. Berciano, F. Pe˜na-Cantillana, and M. A.
Guti´errez- Naranjo. Bio-inspired parallel computing of [10] Z. Cui, B. Sun, G. Wang, Y. Xue, and J. Chen. A novel
representative geometrical objects of holes of binary 2d- oriented cuckoo search algorithm to improve dv-hop
images. International Journal of Bio-Inspired performance for cyber–physical systems. Journal of
Computation, 9(2):77–92, 2017. Parallel and Distributed Computing, 103:42–52, 2017.
[4] Chen, F., Ji, R., Su, J., Cao, D. and Gao, Y., 2018. Predicting
Microblog Sentiments via Weakly Supervised
@ IJTSRD | Unique Reference Paper ID – IJTSRD21447 | Volume – 3 | Issue – 2 | Jan-Feb 2019 Page: 534