AI/ML Based Detection and Categorization of Covert Communication in IPv6 Network

• URL: http://arxiv.org/abs/2501.10627v1
• Date: Sat, 18 Jan 2025 02:05:37 GMT
• Title: AI/ML Based Detection and Categorization of Covert Communication in IPv6 Network
• Authors: Mohammad Wali Ur Rahman, Yu-Zheng Lin, Carter Weeks, David Ruddell, Jeff Gabriellini, Bill Hayes, Salim Hariri, Edward V. Ziegler Jr,
• Abstract summary: IPv6 extension headers allow attackers to create covert channels or bypass security mechanisms, leading to potential data breaches or system compromises. The complexity of detecting covert communication, evolving injection techniques, and scarcity of data make building machine-learning models challenging. This study uses comprehensive machine learning techniques to train the model proposed in this study to detect threats.
• Score: 0.8130739369606821
• License:
• Abstract: The flexibility and complexity of IPv6 extension headers allow attackers to create covert channels or bypass security mechanisms, leading to potential data breaches or system compromises. The mature development of machine learning has become the primary detection technology option used to mitigate covert communication threats. However, the complexity of detecting covert communication, evolving injection techniques, and scarcity of data make building machine-learning models challenging. In previous related research, machine learning has shown good performance in detecting covert communications, but oversimplified attack scenario assumptions cannot represent the complexity of modern covert technologies and make it easier for machine learning models to detect covert communications. To bridge this gap, in this study, we analyzed the packet structure and network traffic behavior of IPv6, used encryption algorithms, and performed covert communication injection without changing network packet behavior to get closer to real attack scenarios. In addition to analyzing and injecting methods for covert communications, this study also uses comprehensive machine learning techniques to train the model proposed in this study to detect threats, including traditional decision trees such as random forests and gradient boosting, as well as complex neural network architectures such as CNNs and LSTMs, to achieve detection accuracy of over 90\%. This study details the methods used for dataset augmentation and the comparative performance of the applied models, reinforcing insights into the adaptability and resilience of the machine learning application in IPv6 covert communication. In addition, we also proposed a Generative AI-assisted interpretation concept based on prompt engineering as a preliminary study of the role of Generative AI agents in covert communication.

Related papers

• AI-in-the-Loop Sensing and Communication Joint Design for Edge Intelligence [65.29835430845893]
  We propose a framework that enhances edge intelligence through AI-in-the-loop joint sensing and communication. A key contribution of our work is establishing an explicit relationship between validation loss and the system's tunable parameters. We show that our framework reduces communication energy consumption by up to 77 percent and sensing costs measured by the number of samples by up to 52 percent.
  arXiv  Detail & Related papers  (2025-02-14T14:56:58Z)
• Leveraging Conversational Generative AI for Anomaly Detection in Digital Substations [0.0]
  The research employs advanced performance metrics to conduct a comparative assessment between the proposed AD and HITL-based AD frameworks. This approach presents a promising solution for enhancing the reliability of power system operations in the face of evolving cybersecurity challenges.
  arXiv  Detail & Related papers  (2024-11-09T18:38:35Z)
• Enhanced Anomaly Detection in Industrial Control Systems aided by Machine Learning [2.2457306746668766]
  This study investigates whether combining both network and process data can improve attack detection in ICSs environments. Our findings suggest that integrating network traffic with operational process data can enhance detection capabilities. Although the results are promising, they are preliminary and highlight the need for further studies.
  arXiv  Detail & Related papers  (2024-10-25T17:41:33Z)
• Adversarial Challenges in Network Intrusion Detection Systems: Research Insights and Future Prospects [0.33554367023486936]
  This paper provides a comprehensive review of machine learning-based Network Intrusion Detection Systems (NIDS) We critically examine existing research in NIDS, highlighting key trends, strengths, and limitations. We discuss emerging challenges in the field and offer insights for the development of more robust and resilient NIDS.
  arXiv  Detail & Related papers  (2024-09-27T13:27:29Z)
• Preliminary study on artificial intelligence methods for cybersecurity threat detection in computer networks based on raw data packets [34.82692226532414]
  In this paper, we investigate deep learning methodologies capable of detecting attacks in real-time directly from raw packet data within network traffic. We propose a novel approach where packets are stacked into windows and separately recognised, with a 2D image representation suitable for processing with computer vision models.
  arXiv  Detail & Related papers  (2024-07-24T15:04:00Z)
• Advancing Security in AI Systems: A Novel Approach to Detecting Backdoors in Deep Neural Networks [3.489779105594534]
  backdoors can be exploited by malicious actors on deep neural networks (DNNs) and cloud services for data processing. Our approach leverages advanced tensor decomposition algorithms to meticulously analyze the weights of pre-trained DNNs and distinguish between backdoored and clean models. This advancement enhances the security of deep learning and AI in networked systems, providing essential cybersecurity against evolving threats in emerging technologies.
  arXiv  Detail & Related papers  (2024-03-13T03:10:11Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Towards AIOps in Edge Computing Environments [60.27785717687999]
  This paper describes the system design of an AIOps platform which is applicable in heterogeneous, distributed environments. It is feasible to collect metrics with a high frequency and simultaneously run specific anomaly detection algorithms directly on edge devices.
  arXiv  Detail & Related papers  (2021-02-12T09:33:00Z)
• A Tutorial on Ultra-Reliable and Low-Latency Communications in 6G: Integrating Domain Knowledge into Deep Learning [115.75967665222635]
  Ultra-reliable and low-latency communications (URLLC) will be central for the development of various emerging mission-critical applications. Deep learning algorithms have been considered as promising ways of developing enabling technologies for URLLC in future 6G networks. This tutorial illustrates how domain knowledge can be integrated into different kinds of deep learning algorithms for URLLC.
  arXiv  Detail & Related papers  (2020-09-13T14:53:01Z)
• Deep Learning for Ultra-Reliable and Low-Latency Communications in 6G Networks [84.2155885234293]
  We first summarize how to apply data-driven supervised deep learning and deep reinforcement learning in URLLC. To address these open problems, we develop a multi-level architecture that enables device intelligence, edge intelligence, and cloud intelligence for URLLC.
  arXiv  Detail & Related papers  (2020-02-22T14:38:11Z)
• Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
  We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
  arXiv  Detail & Related papers  (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.