The Detection of anomalies in Computer Networks is one of the most considerable challenges that experts in this field are facing nowadays. Thus far, different artificial intelligence methods and algorithms have been proposed, tested, and utilized for detecting these anomalies. However, attempts made to enhance the speed and accuracy of these anomalies’ Detection process are continuously ongoing. In this research, pattern recognition based on artificial neural Networks is applied to automatically detect anomalies in Computer Networks. Also, to increase the speed of the pattern recognition based on the process of the neural network, the principal component analysis algorithm will be used as a method for dimension reduction of training samples. The results of the performed simulations based on the proposed methods in this research show that dimension reduction of training samples by principal component analysis algorithm and then applying the pattern recognition based on neural Networks method leads to high-speed (less than 10 seconds) and high-accuracy (99-100%) Detection of anomalies in Computer Networks.

Since the Detection of anomalies in dynamic social Networks takes place in a sequence of graphs over time, in addition to the storage management challenge, the Detection process is difficult due to the slow evolution of graphs. A number of graphs are selected in the specified time frame, and by examining the changes of these graphs, the possible anomalies are detected. Therefore, choosing the number of time points (graphs) in the sequence of graphs is an important challenge in the Detection of anomalies. In this paper, a novel method is proposed to detect anomalies based on structural data extracted from dynamic social network graphs. By extracting the centrality indicators from the network graph and their normalized mean, the activity criterion for each individual has been defined. Over time, changes in the activity criterion for each individual are measured and marked as the possibility of normal or abnormal behavior. If the individual's behavior measure exceeds a certain threshold, it is reported as an Anomaly. The results show that the proposed method detects more anomalies with the accuracy and recall of 64. 29 and 81. 82 respectively, for the VAST 2008 data set. It also, detects more anomalies by selecting different number of time points in the graph sequence.

Complex malwares which infiltrate systems in a country’ s critical infrastructure with the purpose of destruction or espionage are major threats in cyber space. What is presented in this article is a smart solution to discover zero day worms which can be polymorphic and encrypted and their nature is still unknown to defense tools. To do this, we first outlined our desirable detector and then presented a solution based on data mining methods for detecting malicious extensions with the emphasis on worm’ s scanning feature, communication model of the infected hosts and the packets’ headers transmitted across the network. By clustering clean data, and using clean and contaminated data classifications, experimental samples and the C5 decision tree, we managed to present the best model with an accuracy of 94. 49%, precision of 92. 92%, and a recall of 94. 70% in identifying infected packages from the clean ones. Finally, we also showed that the use of clustering in the patterns of clean hosts’ traffic could reach better results in identifying infected traffic.

Software defined Networks have attracted enormous attention because they simplify the process of setting up the network. They have been able to leave behind in a short time, most of the technologies that were used in traditional Networks by industrialists and researchers. The ease and efficiency are due to the separation of control and data planes from each other such that the control plane is a logically centralized controller and the data plane switches in as the flow table has been implemented. In these Networks, network topology adjustment is done using a flow table that has special flow rules and network services, such as Qos, security and etc., which operate as programs on the network. Flow tables can be directly or indirectly changed by any of these services in the network. Although access to the table of current units simplifies network configurations, it could lead to anomalies between flow rules for separate modules. In addition to consuming too much switch memory, these anomalies can cause problems for network security and applications. Fortunately, so far, some researches on the Detection of anomalies in flow tables of software defined Networks has been done but this method is not only imposing a great deal of time and processing on the controller, in some cases only conflict resolution has been performed. In this paper we have shown how to speed up the Detection algorithm and then tried to improve the speed of Anomaly Detection algorithm in the flow table of switches in the software defined Networks using different variables.

Abstract: In this paper, an attack analysis and Detection method in cluster-based mobile ad hoc Networks with AODV routing protocol is proposed. The proposed method uses the Anomaly Detection approach for detecting attacks in which the required features for describing the normal behavior of AODV protocol are defined via step by step analysis of AODV protocol and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy voting method is used for combining support vector data description (SVDD), mixture of Gaussians (MoG), and self-organizing maps (SOM) one-class classifiers and the combined model is utilized to partially detect the attacks in cluster members. The votes of cluster members are periodically transmitted to the cluster head and final decision on attack Detection is carried out in the cluster head. In the proposed method, a fuzzy voting method is used for aggregating the votes of cluster members in the cluster head by which the performance of the method improves significantly in detecting blackhole, rushing, route error fabrication, packet replication, and wormhole attacks. In this paper, an attack analysis method based on feature sensitivity ranking is also proposed that determines which features are influenced more by the mentioned attacks. This sensitivity ranking leads to the Detection of the types of attacks launched on the network.

Identifying malicious Networks has been a subject of study for decades, and since the volume of network traffic is increasing day by day, there is a need for a successful intrusion-Detection system that can make the identification process easier during attacks. The aim behind this research was to take decisions more accurately via real time and faster processing. The purpose of this research was to detect intrusion into Computer Networks by combining K-means and XG-boost clustering algorithms. The proposed method was performed in two stages. In the first stage, the pre-processing was done by normalizing and digitizing the data set, as well as removing outliers based on two PCA methods and reducing the dimensions of the feature, then using the learner. The researchers used the k-means algorithm to find the optimal number of clusters, finally the Elbow method was utilized to find the optimum number of clusters. The second stage consisted of classifying malicious and normal network traffic from each other by combining K-means and XG-Boost algorithms on computing platforms. The experiments in this article were done using the NSLKDD data set and its implementation in the knime emulator platform; the final evaluation results revealed the superiority of the error Detection rate, and the accuracy and correctness of the proposed algorithm compared over other similar methods.

Feature selection is one of the key challenges in developing intrusion Detection systems. Classification algorithms in intrusion Detection systems may be inconvenient for problems having so many features, because the size of the search space grows exponentially in terms of the number of features. This is while most of the features may be either irrelevant or redundant. Therefore, considering only relevant features (i.e. feature selection) may have a significant impact on the performance of the classification algorithms. The Imperialist Competitive Algorithm (ICA) can be used as a feature selection method with a high convergence, but it sometimes gets trapped in a local optimum. On the contrary, the Genetic Algorithm (GA) is powerful enough in terms of search for solutions, but it suffers from late convergence. Therefore, using a combination of both algorithms for feature selection may result in a rapid convergence as well as in a high precision. In this paper, by applying the Assimilate operator of the ICA to the GA, we propose a new feature selection algorithm for intrusion Detection systems. The proposed algorithm has been tested on the KDD99 dataset using the decision tree classification. The experimental results show that the proposed algorithm has improved the Detection rate (95.03%), false alarm rate (1.46) and the speed of convergence (3.82 second).

In this paper, an Anomaly Detection method in cluster-based mobile ad hoc Networks with ad hoc on demand distance vector (AODV) routing protocol is proposed. In the method, the required features for describing the normal behavior of AODV are defined via step by step analysis of AODV and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy averaging method is used for combining one-class support vector machine (OCSVM), mixture of Gaussians (Mo G), and self-organizing maps (SOM) one-class classifiers and the combined model is utilized to partially detect the attacks in cluster members. The votes of cluster members are periodically transmitted to the cluster head and final decision on attack Detection is carried out in the cluster head. In the proposed method, an adaptive ordered weighted averaging (OWA) operator is used for aggregating the votes of cluster members in the cluster head. Since the network topology, traffic, and environmental conditions of a MANET as well as the number of nodes in each cluster dynamically change, the mere use of a fixed quantifier-based weight generation approach for OWA operator is not efficient. We propose a condition-based weight generation method for OWA operator in which the number of cluster members that participate in decision making may be varying in time and OWA weights are calculated periodically and dynamically based on the conditions of the network. Simulation results demonstrate the effectiveness of the proposed method in detecting rushing, Route Error fabrication, and wormhole attacks.

This paper presents a novel real-time intrusion Detection framework that leverages Spiking Neural Networks (SNNs) for detecting anomalies and cyberattacks in network traffic. Inspired by the biological functioning of the brain, SNNs process information using discrete spikes over time, enabling efficient handling of spatiotemporal patterns in traffic data. The proposed approach dynamically adapts to new and evolving attack strategies through Spike-Timing-Dependent Plasticity (STDP), a biologically inspired learning mechanism that adjusts synaptic weights based on the precise timing of neuron activations. This adaptability allows the system to detect zero-day attacks without requiring frequent retraining, a key advantage over traditional machine learning and deep learning models.The proposed system was evaluated using well-established cybersecurity datasets, NSL-KDD and CIC-IDS2017, covering a broad spectrum of attack types, including DDoS, brute force attacks, infiltration attempts, and port scanning. Comparative experiments demonstrate that the SNN-based Detection system consistently outperforms traditional models, such as Random Forest, Support Vector Machines (SVM), and conventional deep learning architectures, in terms of Detection accuracy, adaptability, and computational efficiency. The system achieves high Detection accuracy while maintaining low false positive rates and significantly reducing Detection time, making it highly suitable for real-time deployment in modern network environments.This research highlights the potential of neuromorphic computing in the field of cybersecurity, offering a scalable, adaptive, and energy-efficient solution for intrusion Detection in evolving network infrastructures.