Tim Watson

Assessment of geometric features for individual identification and verification in biometric hand systems

This paper studies the reliability of geometric features for the identification of users based on hand biometrics. Our methodology is based on genetic algorithms and mutual information. The aim is to provide a system for user identification rather than a classification. Additionally, a robust hand segmentation method to extract the hand silhouette and a set of geometric features in hard and complex environments is described. This paper focuses on studying how important and discriminating the hand geometric features are, and if they are suitable in developing a robust and reliable biometric identification. Several public databases have been used to test our method. As a result, the number of required features have been drastically reduced from datasets with more than 400 features. In fact, good classification rates with about 50 features on average are achieved, with a 100% accuracy using the GA-LDA strategy for the GPDS database and 97% for the CASIA and IITD databases, approximately. For these last contact-less databases, reasonable EER rates are also obtained.

2012 Special Issue: Application of growing hierarchical SOM for visualisation of network forensics traffic data

Digital investigation methods are becoming more and more important due to the proliferation of digital crimes and crimes involving digital evidence. Network forensics is a research area that gathers evidence by collecting and analysing network traffic data logs. This analysis can be a difficult process, especially because of the high variability of these attacks and large amount of data. Therefore, software tools that can help with these digital investigations are in great demand. In this paper, a novel approach to analysing and visualising network traffic data based on growing hierarchical self-organising maps (GHSOM) is presented. The self-organising map (SOM) has been shown to be successful for the analysis of highly-dimensional input data in data mining applications as well as for data visualisation in a more intuitive and understandable manner. However, the SOM has some problems related to its static topology and its inability to represent hierarchical relationships in the input data. The GHSOM tries to overcome these limitations by generating a hierarchical architecture that is automatically determined according to the input data and reflects the inherent hierarchical relationships among them. Moreover, the proposed GHSOM has been modified to correctly treat the qualitative features that are present in the traffic data in addition to the quantitative features. Experimental results show that this approach can be very useful for a better understanding of network traffic data, making it easier to search for evidence of attacks or anomalous behaviour in a network environment.

The security challenges in the IoT enabled cyber-physical systems and opportunities for evolutionary computing & other computational intelligence

Internet of Things (IoT) has given rise to the fourth industrial revolution (Industrie 4.0), and it brings great benefits by connecting people, processes and data. However, cybersecurity has become a critical challenge in the IoT enabled cyber physical systems, from connected supply chain, Big Data produced by huge amount of IoT devices, to industry control systems. Evolutionary computation combining with other computational intelligence will play an important role for cybersecurity, such as artificial immune mechanism for IoT security architecture, data mining/fusion in IoT enabled cyber physical systems, and data driven cybersecurity. This paper provides an overview of security challenges in IoT enabled cyber-physical systems and what evolutionary computation and other computational intelligence technology could contribute for the challenges. The overview could provide clues and guidance for research in IoT security with computational intelligence.

Visualisation of network forensics traffic data with a self-organising map for qualitative features

Digital crimes are a part of modern life but evidence of these crimes can be captured in network traffic data logs. Analysing these logs is a difficult process, this is especially true as the format that different attacks can take can vary tremendously and may be unknown at the time of the analysis. The main objective of the field of network forensics consists of gathering evidence of illegal acts from a networking infrastructure. Therefore, software tools, and techniques, that can help with these digital investigations are in great demand. In this paper, an approach to analysing and visualising network traffic data based upon the use of self-organising maps (SOM) is presented. The self-organising map has been widely used in clustering tasks in the literature; it can enable network clusters to be created and visualised in a manner that makes them immediately more intuitive and understandable and can be performed on high-dimensional input data, transforming this into a much lower dimensional space. In order to show the usefulness of this approach, the self-organising map has been applied to traffic data, for use as a tool in network forensics. Moreover, the proposed SOM takes into account the qualitative features that are present in the traffic data, in addition to the quantitative features. The traffic data was was clustered and visualised and the results were then analysed. The results demonstrate that this technique can be used to aid in the comprehension of digital forensics and to facilitate the search for anomalous behaviour in the network environment.

Application of artificial neural networks and related techniques to intrusion detection

The increasing complexity of todays information technology (IT) together with our dependency upon it, has led to a situation in which a security breach not only has effects for individuals but can also affect the availability of critical services (power supply, communication) or result in significant financial loss. Criminals and terrorists want to exploit system vulnerabilities to capitalise on modern societys interwovenness with IT. To counter this, organisations try to secure their IT assets to enforce security policies, to be compliant with legal and regulatory requirements and ultimately to deter unauthorised intruders from gaining access to them. At the core, the goal of intrusion detection systems is the identification of suspicious traffic flowing within, leaving or entering an organisation. To identify such traffic, intrusion detection systems may focus on data within a single host or on integrated information from various network segments. Identified traffic can then be reported to responsible authorities to take an appropriate course of action. This report is concerned with the state-of-the-art in intrusion detection systems. Systems leveraging information gathered from a single host, i.e. host-based intrusion detection systems, are presented as well as approaches observing and analysing information flowing across networks, i.e. network-based intrusion detection systems. Specific focus is placed on systems that make use of artificial neural networks and variations thereof to separate suspicious and potentially malicious traffic from ordinary traffic.

A renewed approach to serious games for cyber security

We are living in a world which is continually evolving and where modern conflicts have moved to the cyber domain. In its 2010 Strategic Concept, NATO affirmed its engagement to reinforce the defence and deterrence of its state members. In this light, it has been suggested that the gamification of training and education for cyber security will be beneficial. Although serious games have demonstrated pedagogic effectiveness in this field, they have only been used in a limited number of contexts, revealing some limitations. Thus, it is argued that serious games could be used in informal contexts while achieving similar pedagogic results. It is also argued that the use of such a serious game could potentially reach a larger audience than existing serious games, while complying with national cyber strategies. To this end, a framework for designing serious games which are aimed at raising an awareness of cyber security to those with little or no knowledge of the subject is presented. The framework, based upon existing frameworks and methodologies, is also accompanied with a set of cyber security skills, itself based upon content extracted from government sponsored awareness campaigns, and a method of integrating these skills into the framework. Finally, future research will be conducted to refine the framework and to improve the set of cyber security related skills in order to suit a larger range of players. A proof of concept will also be designed in order to collect empirical data and to validate the effectiveness of the framework.

The industrial internet of things (IIoT) : an analysis framework

Abstract Historically, Industrial Automation and Control Systems (IACS) were largely isolated from conventional digital networks such as enterprise ICT environments. Where connectivity was required, a zoned architecture was adopted, with firewalls and/or demilitarized zones used to protect the core control system components. The adoption and deployment of ‘Internet of Things’ (IoT) technologies is leading to architectural changes to IACS, including greater connectivity to industrial systems. This paper reviews what is meant by Industrial IoT (IIoT) and relationships to concepts such as cyber-physical systems and Industry 4.0. The paper develops a definition of IIoT and analyses related partial IoT taxonomies. It develops an analysis framework for IIoT that can be used to enumerate and characterise IIoT devices when studying system architectures and analysing security threats and vulnerabilities. The paper concludes by identifying some gaps in the literature.

An Introduction to the Use of Neural Networks for Network Intrusion Detection

Modern Society is becoming increasingly dependent upon ever-more complex systems. We are in a situation where a security breach can have an impact on individuals, institutions and critical services, such as power and communication systems. This reliance, along with the possibility of remaining both anonymous and geographically separate from an intrusion, has made cyber-crime an attractive arena for criminals. To protect their assets organisations can use a multi-layered approach to security. As well as the other areas of access control, systems which can detect if malicious or unauthorised activity is occurring are becoming more and more prevalent; intrusion detection systems are at the centre of this. Of particular benefit to intrusion detection systems are any technique with the potential to identify previously unseen patterns, such as neural networks. This chapter is concerned with the state-of-the-art of using neural networks, as part of an intrusion detection system, to identify suspicious or malicious systems traffic. We examine host based systems (where all the information is gathered from a single host) and network based systems. We examine a cross section of different types of neural networks and their application to differing types of intrusion detection.

A LogitBoost-Based Algorithm for Detecting Known and Unknown Web Attacks

The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However used in isolation, this can limit the capability of the system as it is only able to recognize known attacks. To overcome the problem, we propose an anomaly-based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost is then employed together with random forests as a weak classifier. The proposed ensemble technique was evaluated with some artificial data sets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 data set. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.

Re-thinking threat intelligence

Attribution relies largely on technology; however, experts who rely on technology may inadvertently inject their own biases when evaluating findings. Attackers are now deceiving the analysts, by misleading them through the use of deceptive data and exploiting defender and analyst biases. One set of biases that can be objectively measured is cultural bias. Cultural biases are so firmly engrained that they act as a type of automatic processing system. Culture influences thoughts, choices and behaviors in the physical world, so culture can be expected to have the same influences in the cyber world. To date, culture has been shown to play a role in specific cyber behaviors; this study was performed to determine if culture plays a role in cyber decisions. Zone-H data from the year 2011 was examined for a list of known attackers by most used attack vectors. The popularity of attack vectors was examined within the context of Hofstede’s national cultures framework looking for evidence of cultural preferences associated with attack vector choices. The findings indicated cultural preferences in three of six cultural dimensions. These findings add to the growing body of work that have shown cultural preferences in cyber behaviors, and lend support to the further examination of cyber choices.