Go to the Students section
Go to the Staff section
Go to the Alumni section
Go to the Study here section
Go to the International section
Go to the About section
Go to the Research section
Go to the Business and Employers section
Go to the Support us section
BSc, MSc, PhD
School of Engineering, Computing and Mathematics
Faculty of Technology, Design and Environment
Phone number: +44(0)1865484321
Location: Wheatley, Oxford
Muhammad Hilmi Kamarudin received the B.Sc. degree in Computer Network from the Universiti Putra Malaysia, Selangor, Malaysia, in 2007, the M.Sc. degree in Computer Network from the Universiti Teknologi Mara, Selangor, Malaysia, in 2010, and the PhD degree in Network Security from the University of Warwick, Coventry, UK in 2018.
He is currently working as a lecturer in Cyber Security under the School of Engineering, Computing and Mathematics at the Faculty of Technology, Design and Environment, Oxford Brookes University, UK.
His previous six-years’ experience in industrial experience include operation and maintenance of multi-vendor network security equipment.
Secure System Architecture
Foundation of Security
Martin Mclean (Cyber Threat Intelligence)- Finished
Sachin Kumar (Feature optimization to improve Malware Identification)- On going
High dimensionality's problems have make feature selection as one of the most important criteria in determining the efficiency of intrusion detection systems. In this study we have selected a hybrid feature selection model that potentially combines the strengths of both the filter and the wrapper selection procedure. The potential hybrid solution is expected to effectively select the optimal set of features in detecting intrusion. The proposed hybrid model was carried out using correlation feature selection (CFS) together with three different search techniques known as best-first, greedy stepwise and genetic algorithm. The wrapper-based subset evaluation uses a random forest (RF) classifier to evaluate each of the features that were first selected by the filter method. The reduced feature selection on both KDD99 and DARPA 1999 dataset was tested using RF algorithm with ten-fold cross-validation in a supervised environment. The experimental result shows that the hybrid feature selections had produced satisfactory outcome.
The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS) in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD) approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification). Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR) coupled with Euclidean Distance Analysis (EDA) and the Chebyshev Inequality Theorem (CIT) to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB) is employed alongside Random Forest (RF) as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.
With the rapid growth of the Internet, there are an increasing number of computer threats and attacks. The prevalence of zero-day attack activities has given rise to the need to prevent these attack activities from spreading and damaging the computer system. As such, intrusion detection system (IDS) should satisfy complex requirements and must be durable, manageable and reliable. In this paper, we developed an anomaly-based detection model using a statistical method combined with a binary logistic regression approach. The model, Layer based Anomaly Detection (LbAD) is designed to detect remote to user (R2L) and user to root (U2R) attacks by statistically examining the degree of normal field values within three layer (data link, network, transport) of OSI Seven Layer. The results of the new method outperform the leading existing methods.
Organization has come to realize that network security technology has become very important in protecting its information. With tremendous growth of internet, attack cases are increasing each day along with the modern attack method. One of the solutions to this problem is by using Intrusion Detection System (IDS). Machine Learning is one of the methods used in the IDS. In recent years, Machine Learning Intrusion Detection system has been giving high accuracy and good detection on novel attacks. In this paper the performance of a Machine Learning algorithm called Decision Tree (J48) is evaluated and compared with two other Machine Learning algorithms namely Neural Network and Support Vector Machines which has been conducted by A. Osareh  for detecting intrusion. The algorithms were tested based on accuracy, detection rate, false alarm rate and accuracy of four categories of attacks. From the experiments conducted, it was found that the Decision tree (J48) algorithm outperformed the other two algorithms.
The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However used in isolation, this can limit the capability of the system as it is only able to recognize known attacks. To overcome the problem, we propose an anomaly-based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost is then employed together with random forests as a weak classifier. The proposed ensemble technique was evaluated with some artificial data sets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 data set. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.
Comparison of Machine Learning algorithms performance in detecting network intrusion. Networking and Information Technology ICNIT 2010 International Conference on, pp.221–226.
Packet Header Intrusion Detection with Binary Logistic Regression Approach in Detecting R2L and U2R Attacks. Proceedings - 4th International Conference on Cyber Security, Cyber Warfare, and Digital Forensics, CyberSec 2015, pp.101–106.
LogitBoost-based Algorithm in Detecting Known and Unknown Web Attacks, IEEE Access 2017, DOI 10.1109/ACCESS.2017.2766844.
A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks, Security and Communication Networks, 2017, DOI
Hybrid Feature Selection Technique for Intrusion Detection system. Int. J. High Performance Computing and Networking, Vol13, No2, 2019.