An efficient approach to online bot detection based on a reinforcement learning technique

In recent years, Botnets have been adopted as a popular method used to carry and spread many malicious codes on the Internet. These codes pave the way to conducting many fraudulent activities, including spam mail, distributed denial of service attacks (DDoS) and click fraud. While many Botnets are set up using a centralized communication architecture such as Internet Relay Chat (IRC) and Hypertext Transfer Protocol (HTTP), peer-to-peer (P2P) Botnets can adopt a decentralized architecture using an overlay network for exchanging command and control (C&C) messages, which is a more resilient and robust communication channel infrastructure. Without a centralized point for C&C servers, P2P Botnets are more flexible to defeat countermeasures and detection procedures than traditional centralized Botnets. Several Botnet detection techniques have been proposed, but Botnet detection is still a very challenging task for the Internet security community because Botnets execute attacks stealthily in the dramatically growing volumes of network traffic. However, current Botnet detection schemes face significant problem of efficiency and adaptability. The present study combined a traffic reduction approach with reinforcement learning (RL) method in order to create an online Bot detection system. The proposed framework adopts the idea of RL to improve the system dynamically over time. In addition, the traffic reduction method is used to set up a lightweight and fast online detection method. Moreover, a host feature based on traffic at the connection-level was designed, which can identify Bot host behaviour. Therefore, the proposed technique can potentially be applied to any encrypted network traffic since it depends only on the information obtained from packets header. Therefore, it does not require Deep Packet Inspection (DPI) and cannot be confused with payload encryption techniques. The network traffic reduction technique reduces packets input to the detection system, but the proposed solution achieves good a detection rate of 98.3% as well as a low false positive rate (FPR) of 0.012% in the online evaluation. Comparison with other techniques on the same dataset shows that our strategy outperforms existing methods. The proposed solution was evaluated and tested using real network traffic datasets to increase the validity of the solution

A classification model for predicting course outcomes using ensemble methods

Educational data mining has sparked a lot of attention in latest years. Many machine learning methods have been suggested to discover hidden information from educational data. The extracted knowledge assists institutions in enhancing the effectiveness of teaching tactics and the quality of education. As a result, it improves students' performance and educational outputs overall. In this paper, a classification model was built to classify students' grades in a specific course into different categories (binary and multi-level classification tasks). The dataset contains features related to academic and non-academic information. The models were built using a variety of machine learning algorithms: decision tree (J48), support vector machine (SVM), and k-nearest neighbor (K-NN). Furthermore, ensemble methods (bagging, boosting, random subspace, and random forest) which combined multiple decision tree classifiers were implemented to improve the models' performance. The data set was modified under two stages: features selection method and data augmentation using a method called synthetic minority over sampling technique (SMOTE). Based on the results of the experiments, it is possible to predict the students' performance successfully by using machine learning algorithms and ensemble methods. Random subspace obtained the best accuracy at two-level classification task with modified data with 91.20%. At the three-level classification task, the best accuracy was obtained by random forest with 87.18%

A general framework for metaverse based on parallel computing and HPC

As virtual and actual universes merge inside the creating metaverse, requests have pointedly ascended for continuous, intuitive, and intense encounters. The ability of the metaverse to effectively analyze and render complicated links and information supplied by clients is critical for realizing that goal. These demanding computational demands are starting to be supported by parallel processing, and high-performance computing (HPC) is beyond uncertainty key to this domain. The integrative framework presented in this paper addresses the core challenges of inertness, flexibility, and ease of use while integrating equal registration into the metaverse. The system enables prompt handling of client actions and quick response times by distributing calculations over multiple processors, which is essential for the seamless client experience. It also manages the vast amount of metaverse material and interactions as well as the various data processing needs. The paper looks at intrinsic equal processing difficulties in this unique climate, including creating versatile and energy-effective equal calculations that consider load adjusting and asset designation. It features the need to democratize equal figuring assets to produce metaverse extension while accentuating the significance of information protection and security conventions in multi-client settings. The cooperative energy between metaverse development and equal registering progressions vows to push limits, empowering remarkable degrees of virtual submersion and collaboration

Forecasting research influence: a recurrent neural network approach to citation prediction

As the volume of scientific publications continues to proliferate, effective evaluation tools to determine the impact and quality of research articles are increasingly necessary. Citations serve as a widely utilized metric for gauging scientific impact. However, accurately prognosticating the long-term citation impact of nascent published research presents a formidable challenge due to the intricacy and unpredictability innate to the scientific ecosystem. Sophisticated machine learning methodologies, particularly recurrent neural networks (RNNs), have recently demonstrated promising potential in addressing this task. This research proposes an RNN architecture leveraging encoder-decoder sequence modeling capabilities to ingest historical chronicles and predict succeeding evolution via latent temporal dynamics learning. Comparative analysis between the RNN approach and baselines, including random forest, support vector regression, and multi-layer perceptron, demonstrate superior performance on unseen test data and rigorous k-fold cross-validation. On a corpus from Petra University, the RNN methodology attained the lowest errors (root mean squared error (RMSE) 1.84) and highest accuracy (0.91), area under the curve (AUC) (0.96), and F1-score (0.92). Statistical tests further verify significant improvements. The findings validate our deep learning solution's efficacy, robustness, and real-world viability for long-term scientific impact quantification to aid stakeholders in research evaluation. The findings intimate that RNN-based predictive modeling constitutes a potent technology for citation-driven scientific impact quantification

Deep reinforcement learning based Evasion Generative Adversarial Network for botnet detection

Botnet detectors based on machine learning are potential targets for adversarial evasion attacks. Several research works employ adversarial training with samples generated from generative adversarial nets (GANs) to make the botnet detectors adept at recognising adversarial evasions. However, the synthetic evasions may not follow the original semantics of the input samples. This paper proposes a novel GAN model leveraged with deep reinforcement learning (DRL) to explore semantic aware samples and simultaneously harden its detection. A DRL agent is used to attack the discriminator of the GAN that acts as a botnet detector. The agent trains the discriminator on the crafted perturbations during the GAN training, which helps the GAN generator converge earlier than the case without DRL. We name this model RELEVAGAN, i.e. [“relieve a GAN” or deep REinforcement Learning-based Evasion Generative Adversarial Network] because, with the help of DRL, it minimises the GAN's job by letting its generator explore the evasion samples within the semantic limits. During the GAN training, the attacks are conducted to adjust the discriminator weights for learning crafted perturbations by the agent. RELEVAGAN does not require adversarial training for the ML classifiers since it can act as an adversarial semantic-aware botnet detection model. The code will be available at https://github.com/rhr407/RELEVAGAN

Security Hardening of Botnet Detectors Using Generative Adversarial Networks

Machine learning (ML) based botnet detectors are no exception to traditional ML models when it comes to adversarial evasion attacks. The datasets used to train these models have also scarcity and imbalance issues. We propose a new technique named Botshot , based on generative adversarial networks (GANs) for addressing these issues and proactively making botnet detectors aware of adversarial evasions. Botshot is cost-effective as compared to the network emulation for botnet traffic data generation rendering the dedicated hardware resources unnecessary. First, we use the extended set of network flow and time-based features for three publicly available botnet datasets. Second, we utilize two GANs (vanilla, conditional) for generating realistic botnet traffic. We evaluate the generator performance using classifier two-sample test (C2ST) with 10-fold 70-30 train-test split and propose the use of ’recall’ in contrast to ’accuracy’ for proactively learning adversarial evasions. We then augment the train set with the generated data and test using the unchanged test set. Last, we compare our results with benchmark oversampling methods with augmentation of additional botnet traffic data in terms of average accuracy, precision, recall and F1 score over six different ML classifiers. The empirical results demonstrate the effectiveness of the GAN-based oversampling for learning in advance the adversarial evasion attacks on botnet detectors

Machine Learning-driven Optimization for SVM-based Intrusion Detection System in Vehicular Ad Hoc Networks

Machine Learning (ML) driven solutions have been widely used to secure wireless communications Vehicular ad hoc networks (VANETs) in recent studies. Unlike existing works, this paper applies support vector machine (SVM) for intrusion detection in VANET. The structure of SVM has many computation advantages, such as special direction at a finite sample and irrelevance between the complexity of algorithm and the sample dimension. Intrusion detection in VANETis nonconvex and combinatorial problem. Thus, three intelligence optimization algorithms are used for optimizing the accuracy value of SVM classifier. These optimization algorithms include Genetic algorithm (GA), Particle Swarm Optimization (PSO), and Ant Colony Optimization (ACO). Our results demonstrate that GA outperformed other optimization algorithms

Machine Learning-driven Optimization for Intrusion Detection in Smart Vehicular Networks

An essential element in the smart city vision is providing safe and secure journeys via intelligent vehicles and smart roads. Vehicular ad hoc networks (VANETs) have played a significant role in enhancing road safety where vehicles can share road information conditions. However, VANETs share the same security concerns of legacy ad hoc networks. Unlike exiting works, we consider, in this paper, detection a common attack where nodes modify safety message or drop them. Unfortunately, detecting such a type of intrusion is a challenging problem since some packets may be lost or dropped in normal VANET due to congestion without malicious action. To mitigate these concerns, this paper presents a novel scheme for minimizing the invalidity ratio of VANET packets transmissions. In order to detect unusual traffic, the proposed scheme combines evidences from current as well as past behaviour to evaluate the trustworthiness of both data and nodes. A new intrusion detection scheme is accomplished through a four phases, namely, rule-based security filter, Dempster–Shafer adder, node’s history database, and Bayesian learner. The suspicion level of each incoming data is determined based on the extent of its deviation from data reported from trustworthy nodes. Dempster–Shafer’s theory is used to combine multiple evidences and Bayesian learner is adopted to classify each event in VANET into well-behaved or misbehaving event. The proposed solution is validated through extensive simulations. The results confirm that the fusion of different evidences has a significant positive impact on the performance of the security scheme compared to other counterparts