The rapid growth of IT applications and providing more services on computer networks comes with security threats with malicious and business targets. One method to deal with network traffic analysis complexities is to analyze a summary of network data that is extracted from network connections. Netflow is a defacto standard for generating network flow data introduced by Cisco and integrated into Cisco switches and routers which produce flow records about underlying network traffic. In this paper, we use machine learning techniques to analyze Netflow data and classifying connections pertain to network Attacks and do respective prevention measures after the classification. Machine learning algorithms including Naï ve Bayes, SVM, and NBTree has been used to model different Attacks based on network flow data. In the evaluation phase, KDDcup99 dataset used and related features to Netflow data are selected (7 features), and then, classification has been done with both original KDDcup99 features (41 features) and our selected Netflow features. Average classification accuracy for different 22 Attack classes and one benign class shows that using just seven Netflow related features does not affect the accuracy obviously while the computation overhead is obviously decreased. Average detection accuracy for our selected features in different algorithms is 97% whereas, for the best case (i. e, SVM) with 41 features, the average accuracy is 99% which is not so much better than our less complex Netflow based method.

Wireless sensor networks are made from some small nodes called sensors. These nodes communicate and calibrate for some doing tasks. Various Attacks can threat these networks. A wormhole Attack is an Attack that targets network layer and causes disorder in routing protocols. In the wormhole Attack, packets of an area in the network transmit to other area through high-speed and out-of-band links. This causes nodes that are not in each other’s transmission range detect each other as neighbors unconsciously. To deal with this Attack, various methods are proposed that may require hardware or special defaults. Our proposed method is a distributed one, which uses neighborhood data and requires no special hardware. Our main idea is to use neighborhood list of each legal neighbor node (which is not Attacked) to be aware of real neighbor nodes. In the other words, the proposed method identifies transporting nodes in association with its neighbor nodes.

Recent advances in power system monitoring and control require communication infrastructure to send and receive measurement data and control commands. These cyber-physical interactions, despite increasing efficiency and reliability, have exposed power systems to cyber Attacks. The Automatic Generation Control (AGC) is one of the most important control systems in the power system, which requires communication infrastructure and has been highly regarded by cyber Attackers. Since a successful Attack on the AGC, not only has a direct impact on the system frequency, but can also affect the stability and economic performance of the power system. Therefore, understanding the impact of cyber Attacks on AGC and developing strategies to defend against them have necessity and research importance. In most of the research in the field of Attack-defense of AGC, the limitations of AGC in modeling such as governor dead band and communication network transmission delay have been ignored. On the other hand, considering two cyber Attacks on the AGC and proposing a way to defend against them simultaneously, have not been considered. In this paper, while using the improved AGC model including governor dead band and communication network transmission delay, the effect of two Attacks-data injection Attack (FDI) and delay Attack which are the most important cyber Attacks on AGC-has been investigated. Also, the simultaneous effect of these two Attacks is discussed as a combined cyber Attack. The Kalman filter-based three-step defense method has been proposed to detect, estimate and mitigate the impact of the Attacks and its effectiveness has been tested on the two-area AGC system.

Nowadays, malicious URLs are the common threat to the businesses, social networks, net-banking. Existing approaches have focused on binary detection i.e., either the URL is malicious or benign. Very few literature is found which focused on the detection of malicious URLs and their Attack types. Hence, it becomes necessary to know the Attack type and adopt an effective countermeasure. This paper proposes a methodology to detect malicious URLs and the type of Attacks based on multi-class classification. In this work, we propose 42 new features of spam, phishing and malware URLs. These features are not considered in the earlier studies for malicious URLs detection and Attack types identification. Binary and multi-class dataset is constructed using 49935 malicious and benign URLs. It consists of 26041 benign and 23894 malicious URLs containing 11297 malware, 8976 phishing and 3621 spam URLs. To evaluate the proposed approach, the state-of-the-art supervised batch and online machine learning classifiers are used. Experiments are performed on the binary and multi-class dataset using the aforementioned machine learning classifiers. It is found that, confidence weighted learning classifier achieves the best 98: 44% average detection accuracy with 1: 56% error-rate in the multi-class setting and 99: 86% detection accuracy with negligible error-rate of 0: 14% in binary setting using our proposed URL features.

Distributed Denial of Service (DDoS) Attack is the widespread sending of valid or invalid packets to a server on the Internet, occupying its bandwidth and preventing execute legitimate requests of other users. The best approach to secure the network from such Attacks is to exploit security controls such as intrusion detection and prevention systems. Cyber security researchers have significantly focused on identifying and counteracting this Attack and have increased the accuracy and performance of security systems by providing various artificial intelligence solutions. The purpose of this paper is also to provide a solution for detecting DDoS Attack, where, decision tree, multi-layer perceptron and random forest classifiers have been utilized in an ensemble method to mitigate the over-fitting problem. Also, two approache, i.e., batch learning and active learning have been implemented and evaluated in the classification phase of the proposed method. The evaluation results show that the mean value of accuracy in DDoS Attack detection is 99.81%.

Nowadays, detecting unusual events in the network has been the subject of many researches. Network traffic is huge and very large, and this leads to high data size and increased noise, which makes it very difficult to extract meaningful information to detect abnormal events. Early detection of Attacks improves the stability of a system. Each Attack is a type of specific behavior,But some Attacks may behave similarly and differ only in some features. This article presents a new way to detect malware and Attacks in the cloud computing environment. In this method, data clustering separates the data from each other to provide better conditions for model construction by balancing the data in different classes. This research uses a combination of Adabost, Random Forest and Bosted Gradient Tree algorithms as ensemble learning to improve malware detection in cloud computing. In order to combine boosted learners and build a higher level model, the voting mechanism is used. In the proposed model, ensemble learning, using the strengths of various algorithms, creates a useful, high-performance system for detecting malware in cloud computing. By applying the proposed method on real data, it was observed that the accuracy of the proposed method is equal to 99. 96%, its accuracy is equal to 99. 97% and its recall is equal to 99. 95% which compared to previous methods, it has a noticeable advantage, but its computational complexity has not changed much.