Cloud Hosting

Here, we take a look at the IDSNet model, which was developed to identify cyber-attacks in Agriculture 4.0 and makes use of a one-dimensional convolutional neural network and the PDO.

The agriculture 4.0 network model is provided, which is composed of the following three layers: (1) agricultural sensors; (2) fog computing; and (3) cloud computing. The agriculture industry uses data gathered by drones and other Internet of Things sensors. When certain thresholds are met in the data collected by the agricultural sensor layer, the actuators below are triggered. To ensure that Internet of Things (IoT) devices always have access to power, new energy technologies and smart grid design are implemented in the sensor layer. Every fog node has an embedded deep learning intrusion detection system. To perform analysis and machine learning algorithms, the IoT data is sent from the agricultural sensors layer to the fog computing layer, while cloud computing nodes offer storage and end-to-end services. Typically, intrusion detection systems that rely on deep learning to process alerts send their processing to fog nodes. We assume that there is a malicious party intent on disrupting the network's operations in order to compromise food security, the effectiveness of the agri-food supply chain, and output.

There are a total of 50,063,112 records in the CIC-DDoS2019 dataset29, consisting of 50,06,249 rows related to DDoS assaults and 56,863 rows related to normal traffic. with 86 characteristics in each row. Table 1 presents a summary of the dataset's attack statistics throughout both training and testing. SNMP and SSDP are used in the attacks.

In a reflection-based DDoS assault known as an "NTP-based attack," an adversary hijacks a server running the Network Time Protocol (NTP) protocol to send an overwhelming amount of traffic across the User Datagram Protocol (UDP) to a single target. The target and its supporting network infrastructure may become inaccessible to legitimate traffic as a result of this attack.

An attack that leverages the Domain Name System (DNS) to flood a target IP address with resolution requests is called a reflection-based DDoS assault.

By sending queries to a publicly accessible vulnerable LDAP server, an attacker can generate massive (amplified) responses, which are then reflected to a target server, resulting in a DDoS attack.

Reflection-based (DDoS) attacks, or "MSSQL-based attacks," include the attacker forging an IP address to make programmed requests seem to originate from the targeted server while really exploiting.

NetBIOS-based attacks are a kind of reflection-based denial-of-service attack in which the attacker delivers forged "Name Release" or "Name Conflict" signals to the target system, causing it to reject any and all incoming NetBIOS packets.

To jam the target's network pipes, an SNMP-based assault will produce attack volumes in the hundreds of gigabits per second using the Simple Network Management Protocol (SNMP).

The reflection-based SSDP attack is a DDoS attack in which the attacker uses UPnP protocols to deliver a flood of traffic to the intended victim.

This kind of attack uses IP packets carrying UDP datagrams to deliberately saturate the network connection of the victim host and cause it to crash.

To compromise a Web server or application, a WebDDoS-based attack will use seemingly innocuous HTTP GET or POST requests as a backdoor.

Syn-based attacks use the standard TCP three-way handshake and respond with an ACK to exhaust the victim server's network resources and render it unusable.

As its name suggests, an attack based on the TFTP protocol uses online TFTP servers to get access to sensitive information. An attacker makes a default request for a file, and the victim TFTP server delivers the information to the attacker's target host.

An example of this is the PortScan-based attack, which is similar to a network security audit in that it scans the open ports of a target computer or the whole network. Scanning is performed by sending queries to a distant site in an effort to learn what services are available there.

We generate three datasets, respectively titled "Dataset 13 class," to examine the efficacy of learning approaches in binary and multi-class classification. Tables 2 and 3 describe the statistics for each dataset regarding attacks during training and testing, respectively. Table 4 describes the attack categories in Dataset 7 class.

A novel testbed for an IIoT network, the TON IoT dataset30 includes information on the network, the operating system, and telemetry. Seven files containing telemetry data from Internet of Things and industrial Internet of Things sensors are given in Table 5. Here's what you may expect to find within these files:

File 1: Train Test IoT Weather includes the following conditions: Normal (35,000 rows), DDoS (5000 rows), injection (50,000 rows), Password (50,000 rows), and backdoor IoT data from a networked weather sensor, including temperature, pressure, and humidity values, are shown in the file.

There are Normal (35,000 rows), DDoS, and Injection (2902 rows) in File 2 "Train Test IoT Fridge" (2942 rows). The file contains information on the sensor's temperature readings and environmental circumstances as they pertain to the Internet of Things.

Train Test IoT Garage Door.txt has the following categories: normal (10,000 rows), ransomware (5804 rows). If you have a networked door sensor, this file will show you whether or not the door is open or closed.

File 4 "Train Test IoT GPS Tracker" has the following categories and numbers of rows: Normal (35,000), DDoS (5,000), Injection (5,000), Password (5,000), Backdoor (5,000), Ransomware (2,833 rows), XSS (577 rows), and Scanning (550 rows). Data from a networked GPS tracker sensor is shown in the file, including its latitude and longitude readings, as an example of Internet of Things (IoT) data.

You'll find the following data types in File 5: "Train Test IoT Modbus: Normal (35,000 rows), Injection (5,000 rows), Password (5,000 rows), Backdoor. IoT data file containing Modbus function code for reading an input register.

There are 70,000 rows of normal data, 10,000 rows of DDoS data, 10,000 rows of injection data, 10,000 rows of password data, 10,000 rows of backdoor data, 4528 rows of ransomware data, 898 rows of XSS data, and 70,000 rows of scanning data in File 6 "Train Test IoT Motion Light" (3550 rows). In the file, we can see the Internet of Things data for a switch that may either be on or off.

Included in File 7 "Train Test IoT Thermostat" are the following categories of data: Normal (35,000 rows), Injection (5,000 rows), Password (5,000 rows), Backdoor The file contains data from the Internet of Things that represents the temperature as it is right now according to a networked thermostat sensor.

The current concept took some cues from CNN's practical uses. However, this model just needs a single raw input, and its reduced number of layers helps save time during training.

The current concept takes some cues from CNN's practical uses. However, this model only needs a single raw input, and its reduced number of layers helps save time during training. Figure1 depicts the design process as it was carried out. The first step was to fine-tune the training and optimization methods as well as the layer count, filter size, and filter amount. It was also necessary to tweak the network's hyper settings. These included the training lot size, learning rate, number of training cycles (epochs), and number of training signals (batch size). Table 6 provides the suggested values. And second, a CNN structure was built, and it's laid out in Table 6. The number of layers in the model network determines the number and size of filters available in each convolutional layer. In this situation, the network layout shown by the bold fonts in the table below performed the best after being optimised by altering a few stated choices in the literature. Figure1 depicts the filter setup and internal structure of the kernel.

Internal structure of IDSNet.

The network employs algorithms to discover and prioritise the most relevant aspects of raw data for mining purposes. To achieve this goal, we apply a convolution process (convolutive layer) to the input data, resulting in a longer vector from which we use a maximum clustering criterion (max-pooling layer) to extract the most representative features. Table 6 shows that the same steps are performed four times with a different number of kernels added to each Convolutive plus Max-Pooling set. This adjustment is made so that feature maps may be generated that accurately depict the signals' non-linearity. Using a filter with a duration of three samples and a sliding pass of one sample, the first three values of a feature map are generated in sequence. The procedure is performed on each convolutional layer. It is possible to fine-tune this procedure by adjusting the number and size of filters (u), as well as the window's sliding factor (stride). Since the output vector of the final convolutional layer is the input vector of the fully connected layer, only its map length needs to be calculated during network design. The PDO method is used to fine-tune the IDSNet's hyper-parameters like momentum, learning rate, and epochs, as shown below.

The following were assumed to facilitate the development of models for the proposed PDO:

Each prairie dog belongs to one of the m coteries in the colony, and there are n prairie dogs in each coterie. (i) Prairie dogs are all the same and can be classified into m subgroups, (ii) Each coterie has its own ward inside the colony, which represents the search area for the corresponding issue.

Nesting activities generate an increase from ten burrow openings per ward to as many as one hundred. Both an antipredator call and a new food supply (burrow construction) call are used. It's only individuals of the same coterie that engage in foraging and burrow construction activities (exploration), communication, and anti-predator (exploitation) actions. Exploration and exploitation are repeated m (the number of coteries) times since other coteries in the colony undertake the same tasks at the same time and the whole colony or problem space has been partitioned into wards (coteries).

Like other population-based algorithms, the prairie dog optimization (PDO) relies on a random initialization of the placement of the prairie dogs. The search agents are the prairie dog populations themselves, and each prairie dog's position is represented by a vector in d-dimensional space.

Each prairie dog (PD) is a member of one of m coteries, where n is the total number of PDs. Because prairie dogs live and work together in groups called "coteries," each prairie dog's position within a given coterie may be uniquely determined by a vector. Positions of all coteries (CT) in a colony are shown by the matrix in Eq.(1):

$$CT = left[ {begin{array}{*{20}c} {CT_{1,1} } & {CT_{1,2} } & {begin{array}{*{20}c} cdots & {CT_{1,d - 1} } & {CT_{1,d} } \ end{array} } \ {CT_{2,1} } & {CT_{2,2} } & {begin{array}{*{20}c} cdots & {CT_{2,d - 1} } & {CT_{2,d} } \ end{array} } \ {begin{array}{*{20}c} vdots \ {CT_{m,1} } \ end{array} } & {begin{array}{*{20}c} vdots \ {CT_{m,2} } \ end{array} } & {begin{array}{*{20}c} {begin{array}{*{20}c} {CT_{i,j} } \ cdots \ end{array} } & {begin{array}{*{20}c} vdots \ {CT_{m,d - 1} } \ end{array} } & {begin{array}{*{20}c} vdots \ {CT_{m,d} } \ end{array} } \ end{array} } \ end{array} } right]$$

(1)

When talking about a colony, the jth dimension of the ith coterie is denoted as CT (i,j). All of the prairie dogs in a coterie may be found at the coordinates given by Eq.(2):

$$PD = left[ {begin{array}{*{20}c} {PD_{1,1} } & {PD_{1,2} } & {begin{array}{*{20}c} cdots & {PD_{1,d - 1} } & {PD_{1,d} } \ end{array} } \ {PD_{2,1} } & {PD_{2,2} } & {begin{array}{*{20}c} cdots & {PD_{2,d - 1} } & {PD_{2,d} } \ end{array} } \ {begin{array}{*{20}c} vdots \ {PD_{n,1} } \ end{array} } & {begin{array}{*{20}c} vdots \ {PD_{n,2} } \ end{array} } & {begin{array}{*{20}c} {begin{array}{*{20}c} {PD_{i,j} } \ cdots \ end{array} } & {begin{array}{*{20}c} vdots \ {PD_{n,d - 1} } \ end{array} } & {begin{array}{*{20}c} vdots \ {PD_{n,d} } \ end{array} } \ end{array} } \ end{array} } right]$$

(2)

where (PD left( {i,j} right)) stands for the jth dimension of the ith prairie dog in a pack and nm is the total number of dogs in the pack. Equations3 and 4 depict the uniform distribution used to assign each prairie dog to its coterie.

$$CT_{i,j} = Uleft( {0,1} right) times left( {UB_{j} - LB_{j} } right) + LB_{j}$$

(3)

$$PD_{i,j} = Uleft( {0,1} right) times left( {ub_{j} - lb_{j} } right) + lb_{j}$$

(4)

where (UB_{j}) and (LB_{j}) of the optimization problem, (ub_{j} = frac{{UB_{j} }}{m}) and (lb_{j} = frac{{LB_{j} }}{m}), and U(0,1) is a random sum with a uniform distribution among 0 and 1.

By plugging the solution vector into the predefined fitness function, we can get the fitness value for each prairie dog site. To keep track of the results, we may use the array defined by Eq.(5).

$$PD = left[ {begin{array}{*{20}c} {f_{1} ([PD_{1,1} } & {PD_{1,2} } & {begin{array}{*{20}c} cdots & {PD_{1,d - 1} } & {PD_{1,d} ])} \ end{array} } \ {f_{2} ([PD_{2,1} } & {PD_{2,2} } & {begin{array}{*{20}c} cdots & {PD_{2,d - 1} } & {PD_{2,d} ])} \ end{array} } \ {begin{array}{*{20}c} vdots \ {f_{1} ([PD_{n,1} } \ end{array} } & {begin{array}{*{20}c} vdots \ {PD_{n,2} } \ end{array} } & {begin{array}{*{20}c} {begin{array}{*{20}c} cdots \ cdots \ end{array} } & {begin{array}{*{20}c} vdots \ {PD_{n,d - 1} } \ end{array} } & {begin{array}{*{20}c} vdots \ {PD_{n,d} ])} \ end{array} } \ end{array} } \ end{array} } right]$$

(5)

An individual prairie dog's fitness function value is a measure of the quality of food available at a given location, the likelihood of successfully excavating and populating new burrows, and the efficacy of its anti-predator alarm system. The fitness function values array is sorted, and the element with the lowest value is designated the optimal solution to the minimization issue. In addition to the following three, the greatest value is taken into account while designing burrows that help animals hide from predators.

The PDO has four parameters it uses to determine when to switch between exploration and exploitation. The total number of possible cycles is cut in half, with the first half going toward exploration and the second half toward exploitation. There is a causal relationship between the two investigation tactics. on (iter < frac{{max_{iter} }}{4}) and (iter le frac{{max_{iter} }}{4} < iter < frac{{max_{iter} }}{2}), while the two strategies for exploitation are conditioned on (frac{{max_{iter} }}{2} le iter < 2frac{{max_{iter} }}{4} le iter le max_{iter}).

Equation(6) describes how our algorithm updates its location throughout the foraging phase of its exploration phase. The second plan of action is to analyse the digging strength and the quality of the found food sources thus far. The digging power used to create new burrows is calibrated to decrease with time. This limitation aids in controlling the burrowing population. Position updates during tunnel construction are described by Eq.(7).

$$PD_{i + 1,j + 1} = GBest_{i,j} - eCBest_{i,j} times rho - CPD_{i,j} times Levyleft( n right)forall iter < frac{{max_{iter} }}{4}$$

(6)

$$PD_{i + 1,j + 1} = GBest_{i,j} times rPD times DS times Levyleft( n right)forall iter < frac{{max_{iter} }}{4} le iter < frac{{max_{iter} }}{2}$$

(7)

As demonstrated in Eq.(8), where (GBest_{i,j}) is the best global solution so far achieved, (eCBest_{i,j}) assesses the impact of the currently obtained best answer. In this experiment, q is the frequency of the specialised food source alert, which has been set at 0.1 kHz; rPD is the location of a random solution; and (CPD_{i,j}) is defined as the random cumulative impact of all prairie dogs in the colony. The digging strength of the coterie, denoted by DS, varies with the quality of the food supply and is determined at random by Eq.(10). The Levy(n) distribution is recognised to promote more effective and thorough investigation of the search space of a topic.

$$eCBest_{i,j} = GBest_{i,j} times Delta + frac{{PD_{i,j} times meanleft( {PD_{n,m} } right)}}{{GBest_{i,j} times left( {UB_{j} - LB_{j} } right) + Delta }}$$

(8)

$$CPD_{i,j} = frac{{GBest_{i,j} - rPD_{i,j} }}{{GBest_{i,j} + Delta }}$$

(9)

$$DS = 1.5 times r times left( {1 - frac{iter}{{max_{iter} }}} right)^{{left( {2frac{iter}{{max_{iter} }}} right)}}$$

(10)

where r adds the stochastic property to guarantee exploration by taking either1 or+1 as its value depending on whether the current iteration is odd or even, Despite the fact that the prairie dogs are considered to be identical in the PDO implementation, the small number represented by helps explain for these variances.

The point of PDO's exploitation mechanisms is to conduct extensive searches in the promising regions discovered during the exploration phase. Equations(11) and (12) model the two approaches used during this stage. Earlier, we discussed how the PDO toggles between these two tactics. to (frac{{max_{iter} }}{2} le iter < 2frac{{max_{iter} }}{4}) and (3frac{{max_{iter} }}{4} le iter le max_{iter}), respectively.

$$PD_{i + 1,j + 1} = GBest_{i,j} - eCBest_{i,j} times varepsilon - CPD_{i,j} times randforall frac{{max_{iter} }}{2} < iter < 3frac{{max_{iter} }}{4}$$

(11)

$$PD_{i + 1,j + 1} = GBest_{i,j} times PE times randforall 3frac{{max_{iter} }}{4} < iter < max_{iter}$$

(12)

As demonstrated in Eq.(8), where GBest (i,j) is the best global solution so far achieved, eCBest (i,j) assesses the impact of the currently obtained best answer. Equation(8) defines CPD (i,j) as the aggregate influence of all prairie dogs in the colony, where is a tiny integer representing the quality of the food supply. In Eq.(13), PE stands for the predator effect, and rand is a random integer between zero and one..

$$PE = 1.5 times left( {1 - frac{iter}{{Max_{iter} }}} right)^{{left( {2frac{iter}{{max_{iter} }}} right)}}$$

(13)

where (iter) is the current iteration and (Max_{iter}) is the supreme sum of iterations.

Continued here:
Prediction of DDoS attacks in agriculture 4.0 with the help of prairie ... - Nature.com