Martin Andreoni Lopez

Willian T. Lunardi, Martin Andreoni Lopez, Jean-Pierre Giacalone

As the number of heterogenous IP-connected devices and traffic volume increase, so does the potential for security breaches. The undetected exploitation of these breaches can bring severe cybersecurity and privacy risks. Anomaly-based \acp{IDS} play an essential role in network security. In this paper, we present a practical unsupervised anomaly-based deep learning detection system called ARCADE (Adversarially Regularized Convolutional Autoencoder for unsupervised network anomaly DEtection). With a convolutional \ac{AE}, ARCADE automatically builds a profile of the normal traffic using a subset of raw bytes of a few initial packets of network flows so that potential network anomalies and intrusions can be efficiently detected before they cause more damage to the network. ARCADE is trained exclusively on normal traffic. An adversarial training strategy is proposed to regularize and decrease the \ac{AE}'s capabilities to reconstruct network flows that are out-of-the-normal distribution, thereby improving its anomaly detection capabilities. The proposed approach is more effective than state-of-the-art deep learning approaches for network anomaly detection. Even when examining only two initial packets of a network flow, ARCADE can effectively detect malware infection and network attacks. ARCADE presents 20 times fewer parameters than baselines, achieving significantly faster detection speed and reaction time.

Dania Herzalla, Willian T. Lunardi, Martin Andreoni Lopez

The effectiveness of network intrusion detection systems, predominantly based on machine learning, are highly influenced by the dataset they are trained on. Ensuring an accurate reflection of the multifaceted nature of benign and malicious traffic in these datasets is essential for creating models capable of recognizing and responding to a wide array of intrusion patterns. However, existing datasets often fall short, lacking the necessary diversity and alignment with the contemporary network environment, thereby limiting the effectiveness of intrusion detection. This paper introduces TII-SSRC-23, a novel and comprehensive dataset designed to overcome these challenges. Comprising a diverse range of traffic types and subtypes, our dataset is a robust and versatile tool for the research community. Additionally, we conduct a feature importance analysis, providing vital insights into critical features for intrusion detection tasks. Through extensive experimentation, we also establish firm baselines for supervised and unsupervised intrusion detection methodologies using our dataset, further contributing to the advancement and adaptability of intrusion detection models in the rapidly changing landscape of network security. Our dataset is available at https://kaggle.com/datasets/daniaherzalla/tii-ssrc-23.

Martin Andreoni Lopez, Michael Baddeley, Willian T. Lunardi et al.

UAVs are increasingly appearing in swarms or formations to leverage cooperative behavior, forming flying ad hoc networks. These UAV-enabled networks can meet several complex mission requirements and are seen as a potential enabler for many of the emerging use-cases in future communication networks. Such networks, however, are characterized by a highly dynamic and mobile environment with no guarantee of a central network infrastructure which can cause both connectivity and security issues. While wireless mesh networks are envisioned as a solution for such scenarios, these networks come with their own challenges and security vulnerabilities. In this paper, we analyze the key security and resilience issues resulting from the application of wireless mesh networks within UAV swarms. Specifically, we highlight the main challenges of applying current mesh technologies within the domain of UAV swarms and expose existing vulnerabilities across the communication stack. Based on this analysis, we present a security-focused architecture for UAV mesh communications. Finally, from the identification of these vulnerabilities, we discuss research opportunities posed by the unique challenges of UAV swarm connectivity.