IoT Traffic Analyzer Tool with Automated and Holistic Feature Extraction Capability.

The Internet of Things (IoT) is an emerging technology that attracted considerable attention in the last decade to become one of the most researched topics in computer science studies. This research aims to develop a benchmark framework for a public multi-task IoT traffic analyzer tool that holistically extracts network traffic features from an IoT device in a smart home environment that researchers in various IoT industries can implement to collect information about IoT network behavior. A custom testbed with four IoT devices is created to collect real-time network traffic data based on seventeen comprehensive scenarios of these devices' possible interactions. The output data is fed into the IoT traffic analyzer tool for both flow and packet levels analysis to extract all possible features. Such features are ultimately classified into five categories: IoT device type, IoT device behavior, Human interaction type, IoT behavior within the network, and Abnormal behavior. The tool is then evaluated by 20 users considering three variables: usefulness, accuracy of information being extracted, performance and usability. Users in three groups were highly satisfied with the interface and ease of use of the tool, with scores ranging from 90.5% to 93.8% and with an average score between 4.52 and 4.69 with a low standard deviation range, indicating that most of the data revolve around the mean.

Improving Turn Movement Count Using Cooperative Feedback.

In this paper, we propose a new cooperative method that improves the accuracy of Turn Movement Count (TMC) under challenging conditions by introducing contextual observations from the surrounding areas. The proposed method focuses on the correct identification of the movements in conditions where current methods have difficulties. Existing vision-based TMC systems are limited under heavy traffic conditions. The main problems for most existing methods are occlusions between vehicles that prevent the correct detection and tracking of the vehicles through the entire intersection and the assessment of the vehicle's entry and exit points, incorrectly assigning the movement. The proposed method intends to overcome this incapability by sharing information with other observation systems located at neighboring intersections. Shared information is used in a cooperative scheme to infer the missing data, thereby improving the assessment that would otherwise not be counted or miscounted. Experimental evaluation of the system shows a clear improvement over related reference methods.

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis.

Intrusion detection systems, also known as IDSs, are widely regarded as one of the most essential components of an organization's network security. This is because IDSs serve as the organization's first line of defense against several cyberattacks and are accountable for accurately detecting any possible network intrusions. Several implementations of IDSs accomplish the detection of potential threats throughout flow-based network traffic analysis. Traditional IDSs frequently struggle to provide accurate real-time intrusion detection while keeping up with the changing landscape of threat. Innovative methods used to improve IDSs' performance in network traffic analysis are urgently needed to overcome these drawbacks. In this study, we introduced a model called a deep neural decision forest (DNDF), which allows the enhancement of classification trees with the power of deep networks to learn data representations. We essentially utilized the CICIDS 2017 dataset for network traffic analysis and extended our experiments to evaluate the DNDF model's performance on two additional datasets: CICIDS 2018 and a custom network traffic dataset. Our findings showed that DNDF, a combination of deep neural networks and decision forests, outperformed reference approaches with a remarkable precision of 99.96% by using the CICIDS 2017 dataset while creating latent representations in deep layers. This success can be attributed to improved feature representation, model optimization, and resilience to noisy and unbalanced input data, emphasizing DNDF's capabilities in intrusion detection and network security solutions.

Wireless Local Area Networks Threat Detection Using 1D-CNN.

Wireless Local Area Networks (WLANs) have revolutionized modern communication by providing a user-friendly and cost-efficient solution for Internet access and network resources. However, the increasing popularity of WLANs has also led to a rise in security threats, including jamming, flooding attacks, unfair radio channel access, user disconnection from access points, and injection attacks, among others. In this paper, we propose a machine learning algorithm to detect Layer 2 threats in WLANs through network traffic analysis. Our approach uses a deep neural network to identify malicious activity patterns. We detail the dataset used, including data preparation steps, such as preprocessing and division. We demonstrate the effectiveness of our solution through series of experiments and show that it outperforms other methods in terms of precision. The proposed algorithm can be successfully applied in Wireless Intrusion Detection Systems (WIDS) to enhance the security of WLANs and protect against potential attacks.

Traffic Management in IoT Backbone Networks Using GNN and MAB with SDN Orchestration.

Traffic management is a critical task in software-defined IoT networks (SDN-IoTs) to efficiently manage network resources and ensure Quality of Service (QoS) for end-users. However, traditional traffic management approaches based on queuing theory or static policies may not be effective due to the dynamic and unpredictable nature of network traffic. In this paper, we propose a novel approach that leverages Graph Neural Networks (GNNs) and multi-arm bandit algorithms to dynamically optimize traffic management policies based on real-time network traffic patterns. Specifically, our approach uses a GNN model to learn and predict network traffic patterns and a multi-arm bandit algorithm to optimize traffic management policies based on these predictions. We evaluate the proposed approach on three different datasets, including a simulated corporate network (KDD Cup 1999), a collection of network traffic traces (CAIDA), and a simulated network environment with both normal and malicious traffic (NSL-KDD). The results demonstrate that our approach outperforms other state-of-the-art traffic management methods, achieving higher throughput, lower packet loss, and lower delay, while effectively detecting anomalous traffic patterns. The proposed approach offers a promising solution to traffic management in SDNs, enabling efficient resource management and QoS assurance.

Lipid metabolism is dysregulated in a mouse model of diabetes.

Much evidence for diabetes mellitus being associated with dysregulated lipid metabolism has been accrued from studies using blood plasma. However, the systemic dysregulation these results point to is not understood. This study used Lipid Traffic Analysis on data from a mouse model of diabetes to test the hypothesis that the systemic control of lipid metabolism differed in a model of diabetes. This provided eidence for changes in the systemic control of both triglyceride and phospholipid metabolism that were not attributable to dietary intake. This supports the conclusion that diabetes is a systemic condition associated with dysregulated lipid metabolism through several pathways.

Paternal nutritional programming of lipid metabolism is propagated through sperm and seminal plasma.

BACKGROUND: The paternal diet affects lipid metabolism in offspring for at least two generations through nutritional programming. However, we do not know how this is propagated to the offspring. OBJECTIVES: We tested the hypothesis that the changes in lipid metabolism that are driven by paternal diet are propagated through spermatozoa and not seminal plasma. METHODS: We applied an updated, purpose-built computational network analysis tool to characterise control of lipid metabolism systemically (Lipid Traffic Analysis v2.3) on a known mouse model of paternal nutritional programming. RESULTS: The analysis showed that the two possible routes for programming effects, the sperm (genes) and seminal plasma (influence on the uterine environment), both have a distinct effect on the offspring's lipid metabolism. Further, the programming effects in offspring suggest that changes in lipid distribution are more important than alterations in lipid biosynthesis. CONCLUSIONS: These results show how the uterine environment and genes both affect lipid metabolism in offspring, enhancing our understanding of the link between parental diet and metabolism in offspring.

Detecting Reconnaissance and Discovery Tactics from the MITRE ATT&CK Framework in Zeek Conn Logs Using Spark's Machine Learning in the Big Data Framework.

While computer networks and the massive amount of communication taking place on these networks grow, the amount of damage that can be done by network intrusions grows in tandem. The need is for an effective and scalable intrusion detection system (IDS) to address these potential damages that come with the growth of these networks. A great deal of contemporary research on near real-time IDS focuses on applying machine learning classifiers to labeled network intrusion datasets, but these datasets need be relevant pertaining to the currency of the network intrusions. This paper focuses on a newly created dataset, UWF-ZeekData22, that analyzes data from Zeek's Connection Logs collected using Security Onion 2 network security monitor and labelled using the MITRE ATT&CK framework TTPs. Due to the volume of data, Spark, in the big data framework, was used to run many of the well-known classifiers (naïve Bayes, random forest, decision tree, support vector classifier, gradient boosted trees, and logistic regression) to classify the reconnaissance and discovery tactics from this dataset. In addition to looking at the performance of these classifiers using Spark, scalability and response time were also analyzed.

Analyzing repositories of OER using web analytics and accessibility tools.

Open Educational Resources (OER) provide learning opportunities for all. Usually, OER and links to OER are curated in Repositories of OER (ROER) for open access and use by anyone, including people with disabilities, at any place at any time. This study analyzes the reputation/ authoritativeness, usage, and accessibility of thirteen popular ROER for teaching and learning using three Web Analytics and five Web Accessibility tools. A high difference among the ROER was observed in almost every metric. Millions of users visit some of these ROER every month and on average stay 2-26 min per visit and view 1.1-8.5 pages per visit. Although in many ROER most of their visitors come from the country where the ROER hosting institute operates, other ROER (such as DOER, MIT OCW, and OpenLearn) have managed to attract visitors from all over the world. In some ROER, their visitors come directly to their website while in a few other ROER visitors are coming after visiting a search engine. Although most ROER are accessible by users with disabilities, the Web Accessibility tools revealed several errors in few ROER. In most ROER, less than one third of the traffic is coming from mobile devices although almost everyone has a mobile phone nowadays. Finally, the study makes suggestions to ROER administrators such as interconnecting their ROER, collaborating, exchanging good practices (such as Commons and MIT OCW), improving their website accessibility and mobile-optimized design, as well as promoting their ROER to libraries, educational institutes, and organizations.

Estimation of Average Speed of Road Vehicles by Sound Intensity Analysis.

Constant monitoring of road traffic is important part of modern smart city systems. The proposed method estimates average speed of road vehicles in the observation period, using a passive acoustic vector sensor. Speed estimation based on sound intensity analysis is a novel approach to the described problem. Sound intensity in two orthogonal axes is measured with a sensor placed alongside the road. Position of the apparent sound source when a vehicle passes by the sensor is estimated by means of sound intensity analysis in three frequency bands: 1 kHz, 2 kHz and 4 kHz. The position signals calculated for each vehicle are averaged in the analysis time frames, and the average speed estimate is calculated using a linear regression. The proposed method was validated in two experiments, one with controlled vehicle speed and another with real, unrestricted traffic. The calculated speed estimates were compared with the reference lidar and radar sensors. Average estimation error from all experiment was 1.4% and the maximum error was 3.2%. The results confirm that the proposed method allow for estimation of time-averaged road traffic speed with accuracy sufficient for gathering traffic statistics, e.g., in a smart city monitoring station.

Lipid Metabolism Is Dysregulated before, during and after Pregnancy in a Mouse Model of Gestational Diabetes.

The aim of the current study was to test the hypothesis that maternal lipid metabolism was modulated during normal pregnancy and that these modulations are altered in gestational diabetes mellitus (GDM). We tested this hypothesis using an established mouse model of diet-induced obesity with pregnancy-associated loss of glucose tolerance and a novel lipid analysis tool, Lipid Traffic Analysis, that uses the temporal distribution of lipids to identify differences in the control of lipid metabolism through a time course. Our results suggest that the start of pregnancy is associated with several changes in lipid metabolism, including fewer variables associated with de novo lipogenesis and fewer PUFA-containing lipids in the circulation. Several of the changes in lipid metabolism in healthy pregnancies were less apparent or occurred later in dams who developed GDM. Some changes in maternal lipid metabolism in the obese-GDM group were so late as to only occur as the control dams' systems began to switch back towards the non-pregnant state. These results demonstrate that lipid metabolism is modulated in healthy pregnancy and the timing of these changes is altered in GDM pregnancies. These findings raise important questions about how lipid metabolism contributes to changes in metabolism during healthy pregnancies. Furthermore, as alterations in the lipidome are present before the loss of glucose tolerance, they could contribute to the development of GDM mechanistically.

Hfinger: Malware HTTP Request Fingerprinting.

Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8-34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.

Managing Illicit Online Pharmacies: Web Analytics and Predictive Models Study.

BACKGROUND: Online pharmacies have grown significantly in recent years, from US $29.35 billion in 2014 to an expected US $128 billion in 2023 worldwide. Although legitimate online pharmacies (LOPs) provide a channel of convenience and potentially lower costs for patients, illicit online pharmacies (IOPs) open the doors to unfettered access to prescription drugs, controlled substances (eg, opioids), and potentially counterfeits, posing a dramatic risk to the drug supply chain and the health of the patient. Unfortunately, we know little about IOPs, and even identifying and monitoring IOPs is challenging because of the large number of online pharmacies (at least 30,000-35,000) and the dynamic nature of the online channel (online pharmacies open and shut down easily). OBJECTIVE: This study aims to increase our understanding of IOPs through web data traffic analysis and propose a novel framework using referral links to predict and identify IOPs, the first step in fighting IOPs. METHODS: We first collected web traffic and engagement data to study and compare how consumers access and engage with LOPs and IOPs. We then proposed a simple but novel framework for predicting the status of online pharmacies (legitimate or illicit) through the referral links between websites. Under this framework, we developed 2 prediction models, the reference rating prediction method (RRPM) and the reference-based K-nearest neighbor. RESULTS: We found that direct (typing URL), search, and referral are the 3 major traffic sources, representing more than 95% traffic to both LOPs and IOPs. It is alarming to see that direct represents the second-highest traffic source (34.32%) to IOPs. When tested on a data set with 763 online pharmacies, both RRPM and R2NN performed well, achieving an accuracy above 95% in their predictions of the status for the online pharmacies. R2NN outperformed RRPM in full performance metrics (accuracy, kappa, specificity, and sensitivity). On implementing the 2 models on Google search results for popular drugs (Xanax [alprazolam], OxyContin, and opioids), they produced an error rate of only 7.96% (R2NN) and 6.20% (RRPM). CONCLUSIONS: Our prediction models use what we know (referral links) to tackle the many unknown aspects of IOPs. They have many potential applications for patients, search engines, social media, payment companies, policy makers or government agencies, and drug manufacturers to help fight IOPs. With scarce work in this area, we hope to help address the current opioid crisis from this perspective and inspire future research in the critical area of drug safety.

Tracing Your Smart-Home Devices Conversations: A Real World IoT Traffic Data-Set.

Smart-home installations exponential growth has raised major security concerns. To this direction, the GHOST project, a European Union Horizon 2020 Research and Innovation funded project, aims to develop a reference architecture for securing smart-homes IoT ecosystem. It is required to have automated and user friendly security mechanisms embedded into smart-home environments, to protect the users' digital well being. GHOST project aims to fulfill this requirement and one of its main functionalities is the traffic monitoring for all IoT related network protocols. In this paper, the traffic capturing and monitoring mechanism of the GHOST system, called NDFA, is presented, as the first mechanism that is able to monitor smart-home activity in a holistic way. With the help of the NDFA, we compile the GHOST-IoT-data-set, an IoT network traffic data-set, captured in a real world smart-home installation. This data-set contains traffic from multiple network interfaces with both normal real life activity and simulated abnormal functioning of the devices. The GHOST-IoT-data-set is offered to the research community as a proof of concept to demonstrate the ability of the NDFA module to process the raw network traffic from a real world smart-home installation with multiple network interfaces and IoT devices.

Data Security and Trading Framework for Smart Grids in Neighborhood Area Networks.

Due to the drastic increase of electricity prosumers, i.e., energy consumers that are also producers, smart grids have become a key solution for electricity infrastructure. In smart grids, one of the most crucial requirements is the privacy of the final users. The vast majority of the literature addresses the privacy issue by providing ways of hiding user's electricity consumption. However, open issues in the literature related to the privacy of the electricity producers still remain. In this paper, we propose a framework that preserves the secrecy of prosumers' identities and provides protection against the traffic analysis attack in a competitive market for energy trade in a Neighborhood Area Network (NAN). In addition, the amount of bidders and of successful bids are hidden from malicious attackers by our framework. Due to the need for small data throughput for the bidders, the communication links of our framework are based on a proprietary communication system. Still, in terms of data security, we adopt the Advanced Encryption Standard (AES) 128 bit with Exclusive-OR (XOR) keys due to their reduced computational complexity, allowing fast processing. Our framework outperforms the state-of-the-art solutions in terms of privacy protection and trading flexibility in a prosumer-to-prosumer design.

Improved temporal IoT device identification using robust statistical features.

The Internet of Things (IoT) is becoming more prevalent in our daily lives. A recent industry report projected the global IoT market to be worth more than USD 4 trillion by 2032. To cope with the ever-increasing IoT devices in use, identifying and securing IoT devices has become highly crucial for network administrators. In that regard, network traffic classification offers a promising solution by precisely identifying IoT devices to enhance network visibility, allowing better network security. Currently, most IoT device identification solutions revolve around machine learning, outperforming prior solutions like port and behavioural-based. Although performant, these solutions often experience performance degradation over time due to statistical changes in the data. As a result, they require frequent retraining, which is computationally expensive. Therefore, this article aims to improve the model performance through a robust alternative feature set. The improved feature set leverages payload lengths to model the unique characteristics of IoT devices and remains stable over time. Besides that, this article utilizes the proposed feature set with Random Forest and OneVSRest to optimize the learning process, particularly concerning the easier addition of new IoT devices. On the other hand, this article introduces weekly dataset segmentation to ensure fair evaluation over different time frames. Evaluation on two datasets, a public dataset, IoT Traffic Traces, and a self-collected dataset, IoT-FSCIT, show that the proposed feature set maintained above 80% accuracy throughout all weeks on the IoT Traffic Traces dataset, outperforming selected benchmark studies while improving accuracy over time by +10.13% on the IoT-FSCIT dataset.

ITC-Net-blend-60: a comprehensive dataset for robust network traffic classification in diverse environments.

OBJECTIVES: Recognition of mobile applications within encrypted network traffic holds considerable effects across multiple domains, encompassing network administration, security, and digital marketing. The creation of network traffic classifiers capable of adjusting to dynamic and unforeseeable real-world settings presents a tremendous challenge. Presently available datasets exclusively encompass traffic data obtained from a singular network environment, thereby restricting their utility in evaluating the robustness and compatibility of a given model. DATA DESCRIPTION: This dataset was gathered from 60 popular Android applications in five different network scenarios, with the intention of overcoming the limitations of previous datasets. The scenarios were the same in the applications set but differed in terms of Internet service provider (ISP), geographic location, device, application version, and individual users. The traffic was generated through real human interactions on physical devices for 3-15 min. The method used to capture the traffic did not require root privileges on mobile phones and filtered out any background traffic. In total, the collected dataset comprises over 48 million packets, 450K bidirectional flows, and 36 GB of data.

Road crashes in Adelaide metropolitan region, the consequences of COVID-19.

Background: Many countries instituted lockdown rules as the COVID-19 pandemic progressed, however, the effects of COVID-19 on transportation safety vary widely across countries and regions. In several situations, it has been shown that although the COVID-19 closure has decreased average traffic flow, it has also led to an increase in speeding, which will indeed increase the severity of crashes and the number of fatalities and serious injuries. Methods: At the local level, Generalized linear Mixed (GLM) modelling is used to look at how often road crashes changed in the Adelaide metropolitan area before and after the COVID-19 pandemic. The Geographically Weighted Generalized Linear Model (GWGLM) is also used to explore how the association between the number of crashes and the factors that explain them varies across census blocks. Using both no-spatial and spatial models, the effects of urban structure elements like land use mix, road network design, distance to CBD, and proximity to public transit on the frequency of crashes at the local level were studied. Results: This research showed that lockdown orders led to a mild reduction (approximately 7%) in crash frequency. However, this decrease, which has occurred mostly during the first three months of the lockdown, has not systematically alleviated traffic safety risks in the Greater Adelaide Metropolitan Area. Crash hotspots shifted from areas adjacent to workplaces and education centres to green spaces and city fringes, while crash incidence periods switched from weekdays to weekends and winter to summer. Implications: The outcomes of this research provided insights into the impact of shifting driving behaviour on safety during disorderly catastrophes such as COVID-19.

Dietary PUFAs drive diverse system-level changes in lipid metabolism.

OBJECTIVE: Polyunsaturated fatty acid (PUFA) supplements have been trialled as a treatment for a number of conditions and produced a variety of results. This variety is ascribed to the supplements, that often comprise a mixture of fatty acids, and to different effects in different organs. In this study, we tested the hypothesis that the supplementation of individual PUFAs has system-level effects that are dependent on the molecular structure of the PUFA. METHODS: We undertook a network analysis using Lipid Traffic Analysis to identify both local and system-level changes in lipid metabolism using publicly available lipidomics data from a mouse model of supplementation with FA(20:4n-6), FA(20:5n-3), and FA(22:6n-3); arachidonic acid, eicosapentaenoic acid, and docosahexaenoic acid, respectively. Lipid Traffic Analysis is a new computational/bioinformatics tool that uses the spatial distribution of lipids to pinpoint changes or differences in control of metabolism, thereby suggesting mechanistic reasons for differences in observed lipid metabolism. RESULTS: There was strong evidence for changes to lipid metabolism driven by and dependent on the structure of the supplemented PUFA. Phosphatidylcholine and triglycerides showed a change in the variety more than the total number of variables, whereas phosphatidylethanolamine and phosphatidylinositol showed considerable change in both which variables and the number of them, in a highly PUFA-dependent manner. There was also evidence for changes to the endogenous biosynthesis of fatty acids and to both the elongation and desaturation of fatty acids. CONCLUSIONS: These results show that the full biological impact of PUFA supplementation is far wider than any single-organ effect and implies that supplementation and dosing with PUFAs require a system-level assessment.

The influence of traffic-infrastructure factors on pedestrian accidents at the macro-level: The geographically weighted regression approach.

INTRODUCTION: Walking is an active way of moving the population, but in recent years there have been more pedestrian casualties in traffic, especially in developing countries such as Serbia. Macro-level road safety studies enable the identification of influential factors that play an important role in creating pedestrian safety policies. METHOD: This study analyzes the impact of traffic and infrastructure characteristics on pedestrian accidents at the level of traffic analysis zones. The study applied a geographically weighted regression approach to identify and localize all factors that contribute to the occurrence of pedestrian accidents. Taking into account the spatial correlations between the zones and the frequency distribution of accidents, the geographically Poisson weighted model showed the best predictive performance. RESULTS: This model showed 10 statistically significant factors influencing pedestrian accidents. In addition to exposure measures, a positive relationship with pedestrian accidents was identified in the length of state roads (class I), the length of unclassified streets, as well as the number of bus stops, parking spaces, and object units. However, a negative relationship was recorded with the total length of the street network and the total length of state roads passing through the analyzed area. CONCLUSION: These results indicate the importance of determining the categorization and function of roads in places where pedestrian flows are pronounced, as well as the perception of pedestrian safety near bus stops and parking spaces. PRACTICAL APPLICATIONS: The results of this study can help traffic safety engineers and managers plan infrastructure measures for future pedestrian safety planning and management in order to reduce pedestrian casualties and increase their physical activity.