Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

Shishir Kumar,Durgesh Pant

DOI: https://doi.org/10.48550/arXiv.0912.2293

2009-12-12

Abstract:Security has become ubiquitous in every domain today as newly emerging malware pose an ever-increasing perilous threat to systems. Consequently, honeypots are fast emerging as an indispensible forensic tool for the analysis of malicious network traffic. Honeypots can be considered to be traps for hackers and intruders and are generally deployed complimentary to Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) in a network. They help system administrators perform a rigorous analysis of external and internal attacks on their networks. They are also used by security firms and research labs to capture the latest variants of malware. However, honeypots would serve a slightly different purpose in our proposed system. We intend to use honeypots for generating and broadcasting instant cures for new and unknown malware in a network. The cures which will be in the form of on-the-fly anti-malware signatures would spread in a fashion that is similar to the way malware spreads across networks. The most striking advantage of implementing this technology is that an effective initial control can be exercised on malware. Proposed system would be capable of providing cures for new fatal viruses which have not yet been discovered by prime security firms of the world.

Networking and Internet Architecture,Cryptography and Security

Mariam Ibrahim,Abdallah Al-Wadi,Ruba Elhafiz

DOI: https://doi.org/10.3390/s24113375

IF: 3.9

2024-05-25

Sensors

Abstract:The healthcare industry went through reformation by integrating the Internet of Medical Things (IoMT) to enable data harnessing by transmission mediums from different devices, about patients to healthcare staff devices, for further analysis through cloud-based servers for proper diagnosis of patients, yielding efficient and accurate results. However, IoMT technology is accompanied by a set of drawbacks in terms of security risks and vulnerabilities, such as violating and exposing patients' sensitive and confidential data. Further, the network traffic data is prone to interception attacks caused by a wireless type of communication and alteration of data, which could cause unwanted outcomes. The advocated scheme provides insight into a robust Intrusion Detection System (IDS) for IoMT networks. It leverages a honeypot to divert attackers away from critical systems, reducing the attack surface. Additionally, the IDS employs an ensemble method combining Logistic Regression and K-Nearest Neighbor algorithms. This approach harnesses the strengths of both algorithms to improve attack detection accuracy and robustness. This work analyzes the impact, performance, accuracy, and precision outcomes of the used model on two IoMT-related datasets which contain multiple attack types such as Man-In-The-Middle (MITM), Data Injection, and Distributed Denial of Services (DDOS). The yielded results showed that the proposed ensemble method was effective in detecting intrusion attempts and classifying them as attacks or normal network traffic, with a high accuracy of 92.5% for the first dataset and 99.54% for the second dataset and a precision of 96.74% for the first dataset and 99.228% for the second dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Amal M.R.,Venkadesh P.

DOI: https://doi.org/10.14704/web/v19i1/web19370

2022-01-20

Webology

Abstract:The number of connected devices in the network is growing day by day, and as the number of linked devices grows, so will the number of cyberattacks. All devices connected to the Internet has become a target of cyberattacks as network attack methods have developed. As a result, the security of network data cannot be neglected. To handle the future threats in this way, we employ honeypots, which are conceptual framework traps designed to block unauthorized access to both PCs and data. Every day, a large number of people access the internet throughout the world. Honeypot, also known as Intrusion Detection Technology, is a type of security technology that screens devices to prevent unwanted activities. This article will provide an overview of cyber security as well as a discussion of machine learning, cyber threats, and honeypot system-based techniques. This review paper was the result of a lot of research, and in assessing honeypots, the researchers found that they are becoming more of a concern for experts as an important security tool that can halt or limit system attacks and provide analysts with insights into the origins and behaviours of such attacks.

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

R Swathi

DOI: https://doi.org/10.52783/cana.v31.994

2024-07-17

Abstract:User credentials are vulnerable to exposure in demilitarized zones due to software vulnerabilities and hardware threats. This research aims to mitigate these risks by proposing a sophisticated trust-based malware detection (T-MALWARE DETECTION) method that can accurately classify data. The proposed system utilizes an enhanced Glow-Worm Swarm Optimization (IGWSO) technique to efficiently cluster datasets. To classify potential intrusions and assign trust levels to cloud data after clustering, a Recurrent Neural Network (RNN) approach is employed. The effectiveness of the Trust-oriented Malware Detection System (T-MALWARE DETECTIONS) is evaluated using metrics such as detection rate, precision, recall, and F-measure. This system is developed using Java and the CloudSimulator (CloudSim) tool, allowing for a thorough evaluation of its performance in comparison to contemporary state-of-the-art systems.

M. Wasim Abbas Ashraf,Arvind R. Singh,A. Pandian,Rajkumar Singh Rathore,Mohit Bajaj,Ievgen Zaitsev

DOI: https://doi.org/10.1038/s41598-024-78976-1

IF: 4.6

2024-11-09

Scientific Reports

Abstract:While the proliferation of the Internet of Things (IoT) has revolutionized several industries, it has also created severe data security concerns. The security of these network devices and the dependability of IoT networks depend on efficient threat detection. Device heterogeneity, computing resource constraints, and the ever-changing nature of cyber threats are a few of the obstacles that make detecting cyber threats in IoT systems difficult. Complex threats often go undetected by conventional security measures, requiring more sophisticated, adaptive detection methods. Therefore, this study presents the Hybrid approach based on the Support Vector Machines Rule-Based Detection (HSVMR-D) method for an all-encompassing approach to identifying cyber threats to the IoT. The HSVMR-D employs SVM to categorize known and unknown threats using attributes acquired from IoT data. Identifying known attack signatures and patterns using rule-based approaches improves detection efficiency without retraining by adapting pre-trained models to new IoT contexts. Moreover, protecting vital infrastructure and sensitive data, HSVMR-D provides a thorough and adaptable solution to improve the security posture of IoT deployments. Comprehensive experiment analysis and simulation results compared to the baseline study have confirmed the efficiency of the proposed HSVMR-D. Furthermore, increased resilience to completely novel changing threats, fewer false positives, and improved accuracy in threat detection are all outcomes that show the proposed work outperforms others. The HSVMR-D approach is helpful where the primary objective is a secure environment in the Internet of Things (IoT) when resources are limited.

multidisciplinary sciences

Phani Lanka,Khushi Gupta,Cihan Varol

DOI: https://doi.org/10.3390/electronics13132465

IF: 2.9

2024-06-25

Electronics

Abstract:Security adversaries are rampant on the Internet, constantly seeking vulnerabilities to exploit. The sheer proliferation of these sophisticated threats necessitates innovative and swift defensive measures to protect the vulnerable infrastructure. Tools such as honeypots effectively determine adversary behavior and safeguard critical organizational systems. However, it takes a significant amount of time to analyze these attacks on the honeypots, and by the time actionable intelligence is gathered from the attacker's tactics, techniques, and procedures (TTPs), it is often too late to prevent potential damage to the organization's critical systems. This paper contributes to the advancement of cybersecurity practices by presenting a cutting-edge methodology, capitalizing on the synergy between artificial intelligence and threat analysis to combat evolving cyber threats. The current research articulates a novel strategy, outlining a method to analyze large volumes of attacker data from honeypots utilizing large language models (LLMs) to assimilate TTPs and apply this knowledge to identify real-time anomalies in regular user activity. The effectiveness of this model is tested in real-world scenarios, demonstrating a notable reduction in response time for detecting malicious activities in critical infrastructure. Moreover, we delve into the proposed framework's practical implementation considerations and scalability, underscoring its adaptability in diverse organizational contexts.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dr. S. Smys,Dr. Haoxiang Wang,Dr. Abul Basar

DOI: https://doi.org/10.36548/JISMAC.2020.4.002

2020-09-30

DECEMBER

Abstract:Internet of things (IoT) is a promising solution to connect and access every device through internet. Every day the device count increases with large diversity in shape, size, usage and complexity. Since IoT drive the world and changes people lives with its wide range of services and applications. However, IoT provides numerous services through applications, it faces severe security issues and vulnerable to attacks such as sinkhole attack, eaves dropping, denial of service attacks, etc., Intrusion detection system is used to detect such attacks when the network security is breached. This research work proposed an intrusion detection system for IoT network and detect different types of attacks based on hybrid convolutional neural network model. Proposed model is suitable for wide range of IoT applications. Proposed research work is validated and compared with conventional machine learning and deep learning model. Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network.

Computer Science,Engineering

V. S. Devi Priya,S. Sibi Chakkaravarthy

DOI: https://doi.org/10.1038/s41598-023-28613-0

IF: 4.6

2023-01-26

Scientific Reports

Abstract:Discovering malicious packets amid a cloud of normal activity, whether you use an IDS or gather and analyze machine and device log files on company infrastructure, may be challenging and time consuming. The vulnerability landscape is rapidly evolving, and it will only become worse as more and more developing technologies, such as IoT, Industrial Automation, CPS, Digital Twins, etc are digitally connected. A honey trap aids in identifying malicious packets easily as, after a few rapid calibrations to eliminate false positives. Besides analyzing and reporting particular invasion patterns or toolkits exploited, it also assists in preventing access to actual devices by simulating the genuine systems and applications functioning in the network thus delaying as well as baffling the invader. In order to analyze and evaluate the hackers' behavior, an ensemble of research honeypot detectors has been deployed in our work. This paper delivers a robust outline of the deployment of containerized honeypot deployment, as a direct consequence, these are portable, durable, and simple to deploy and administer. The instrumented approach was monitored and generated countless data points on which significant judgments about the malevolent users' activities and purpose could be inferred.

multidisciplinary sciences

Sanjeev Kumar,Anil Kumar

DOI: https://doi.org/10.1016/j.engappai.2024.108374

IF: 8

2024-04-13

Engineering Applications of Artificial Intelligence

Abstract:Technology-enabled intelligent automation has ushered in a new era of Industry 4.0. At the core of this revolution are many interconnected devices, commonly referred to as the Industrial Internet of Things (IIoT). On the one hand, these sensors have resulted in productivity improvements, but at the same time, they have created a new attack surface for the threat actors. This research presents a novel image-based malware detection system leveraging software-defined networking (SDN) honeypot, convolution neural networks (CNN), and a two-level autoencoder. The proposed system transforms binary programs into gray-scale images and extracts textural features using deep CNN architectures via transfer learning. The dimensions of extracted features are then reduced using a custom two-level autoencoder. Finally, these reduced features are fed to six algorithms, including deep learning (DL) and machine learning (ML) classifiers. This study performs hyper-parameter optimization of each classifier using automated grid-search and random-search algorithms. The experimental results performed using the public benchmarked MalImg dataset show that the proposed method outperforms existing approaches, achieving high test accuracy of 98.50% and weighted precision, recall, and f1-score of 98.60%, 98.60%, and 98.60%, respectively. Furthermore, the mean response time is reported as 0.006 s, indicating the fast detection capabilities of the proposed approach. One of the advantages of the proposed methodology is that it reduces the dependence on intensive feature engineering and minimizes the need for domain expertise. The proposed method offers a scalable and industry-suitable solution for detecting malware in IIoT environments without relying on computationally intensive techniques.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Pokkuluri Kiran Sree,Inampudi Ramesh Babu

DOI: https://doi.org/10.48550/arXiv.1312.2052

2013-12-07

Networking and Internet Architecture

Abstract:Adhoc wireless network with their changing topology and distributed nature are more prone to intruders. The network monitoring functionality should be in operation as long as the network exists with nil constraints. The efficiency of an Intrusion detection system in the case of an adhoc network is not only determined by its dynamicity in monitoring but also in its flexibility in utilizing the available power in each of its nodes. In this paper we propose a hybrid intrusion detection system, based on a power level metric for potential adhoc hosts, which is used to determine the duration for which a particular node can support a network monitoring node. Power aware hybrid intrusion detection system focuses on the available power level in each of the nodes and determines the network monitors. Power awareness in the network results in maintaining power for network monitoring, with monitors changing often, since it is an iterative power optimal solution to identify nodes for distributed agent based intrusion detection. The advantage that this approach entails is the inherent flexibility it provides, by means of considering only fewer nodes for reestablishing network monitors. The detection of intrusions in the network is done with the help of Cellular Automat CA. The CAs classify a packet routed through the network either as normal or an intrusion. The use of CAs enable in the identification of already occurred intrusions as well as new intrusions.

Amani K. Samha,Ghalib H. Alshammri,Sasidhar Attuluri,Preetam Suman,Arvind Yadav

DOI: https://doi.org/10.1142/s0218843024500035

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. The prevalence of distributed denial of service (DDoS) flooding assaults is one of the most serious risks to cloud computing security. These types of assaults have as their primary objective the exhaustion of the system's available resources, that is, the target of the attack, in order to make the system in question unavailable to authorized users. Internet thieves often conduct flooding assaults of the kind known as DDoS, focusing primarily on the application and network levels. When the computer infrastructure is multi-mesh-geo distributed, includes multi-parallel services, and a high number of domains, it may be difficult to detect assaults. This is particularly true when a substantial number of domains are present. When there are a big number of independent administrative users using the services, the situation gets more complicated. The purpose of this body of research is to identify signs that may be utilized to detect DDoS flooding assaults; this is its main objective. As a result, throughout the course of our study, we established a composite metric that considers application, system, network, and infrastructure elements as possible indicators of the incidence of DDoS assaults. According to our research, DDoS assaults may be triggered by a combination of variables. Investigations of simulated traffic are being conducted in the cloud. High traffic may be the result of flooding assaults. The composite metric-based intrusion detection system will be the name of a one-of-a-kind intrusion detection system (IDS) that has been agreed upon ICMIDS. This system will use [math]-Means clustering and the Genetic Algorithm (GA) to detect whether an effort has been made to flood the cloud environment. CMIDS employs a multi-threshold algorithmic strategy in order to identify malicious traffic occurring on a cloud-based network. Cisco has created this technology. This strategy necessitates a comprehensive investigation of all factors, which is crucial for assuring the continuation of cloud-based computing-based activities. This monitoring system involves the development, administration, and storage of a profile database, denoted as Profile DB. This database is used for recording and using the composite metric for each virtual machine. The results of a series of tests are compared to the ISCX benchmark dataset and statistical settings. The results indicate that ICMIDS has a reasonably high detection rate and the lowest false alarm rate in the majority of situations examined during the series of tests done to validate and verify its efficacy. This was shown by the fact that ICMIDS had the lowest false alarm rate among all examined conditions.

computer science, information systems

Sulaiman Alhaidari,Mohamed Zohdy

DOI: https://doi.org/10.1145/3325917.3325939

2019-01-01

Abstract:Internet of Things (IoT) is a global network that connects various types of objects "things" via internet. It becomes a core technology for various applications and more and more embedded within our daily lives and businesses. As the technology grows and evolves a number of issues will arise and be focused on in IoT, Security is one of the central issues in IoT in the last decade. However, most of today's IoT intrusion detection systems suffer from high false alarms rate with moderate accuracy and detection rates when it's not able to detect all types of IoT intrusions correctly. To overcome this problem, hybrid techniques are used. In this paper, hybrid learning approach combining partitioning clustering techniques with Hidden Markov Model (HMM) is proposed. Experimental results show that the proposed approach using K-Medoids has improved the detection rate as well as decreased the false positive rate.

Richa Singh,R L Ujjwal

DOI: https://doi.org/10.3389/fdata.2023.1081466

2023-02-01

Abstract:The Internet of Things (IoT) consists of several smart devices equipped with computing, sensing, and network capabilities, which enable them to collect and exchange heterogeneous data wirelessly. The increasing usage of IoT devices in daily activities increases the security needs of IoT systems. These IoT devices are an easy target for intruders to perform malicious activities and make the underlying network corrupt. Hence, this paper proposes a hybridized bio-inspired-based intrusion detection system (IDS) for the IoT framework. The hybridized sine-cosine algorithm (SCA) and salp swarm algorithm (SSA) determines the essential features of the network traffic. Selected features are passed to a machine learning (ML) classifier for the detection and classification of intrusive traffic. The IoT network intrusion dataset determines the performance of the proposed system in a python environment. The proposed hybridized system achieves maximum accuracy of 84.75% with minimum selected features i.e., 8 and takes minimum time of 96.42 s in detecting intrusion for the IoT network. The proposed system's effectiveness is shown by comparing it with other similar approaches for performing multiclass classification.

DIVYA SHARMA -,JASVIR SINGH -

DOI: https://doi.org/10.36948/ijfmr.2024.v06i03.20891

2024-05-22

International Journal For Multidisciplinary Research

Abstract:Mobile devices have end up integral elements of our each day lives, storing great quantities of private and sensitive data. However, this convenience comes with inherent dangers, as cybercriminals increasingly more goal cellular devices for malicious sports consisting of stealing personal statistics, disrupting operations, and compromising the working machine. Various sorts of cellular malware, together with Remote Access Tools (RATs), Bank Trojans, Ransomware, Cryptomining Malware, and Advertising Click Fraud, pose sizable threats to users' privateness and protection. Detecting and mitigating cell malware is essential in safeguarding customers' gadgets and statistics. This paper systematically examines and surveys cellular malware detection strategies, specializing in traditional and superior strategies. Traditional detection methods encompass signature-based detection, conduct-primarily based detection, and permission analysis, while superior techniques embody gadget studying-based detection and anomaly detection. Each approach has its strengths and obstacles, emphasizing the significance of using a mixture of strategies for complete safety. The paper reviews relevant literature to research the effectiveness of different detection techniques and their packages in actual-global situations. It discusses the evolution of malware detection methodologies, highlighting advancements which include mobile botnet type, dynamic anomaly-based totally detection, and characteristic-based adverse attacks on device getting to know classifiers. Additionally, the paper explores the demanding situations confronted via cutting-edge detection techniques and proposes avenues for future research to address those obstacles. By presenting a comprehensive evaluation of cell malware detection strategies, this thesis contributes to the advancement of studies in cybersecurity and aids in the improvement of greater strong and green detection mechanisms to combat evolving threats in the cellular surroundings.

Sugata Sanyal,Manoj Rameshchandra Thakur

DOI: https://doi.org/10.48550/arXiv.1205.4457

2012-05-20

Cryptography and Security

Abstract:A number of works in the field of intrusion detection have been based on Artificial Immune System and Soft Computing. Artificial Immune System based approaches attempt to leverage the adaptability, error tolerance, self- monitoring and distributed nature of Human Immune Systems. Whereas Soft Computing based approaches are instrumental in developing fuzzy rule based systems for detecting intrusions. They are computationally intensive and apply machine learning (both supervised and unsupervised) techniques to detect intrusions in a given system. A combination of these two approaches could provide significant advantages for intrusion detection. In this paper we attempt to leverage the adaptability of Artificial Immune System and the computation intensive nature of Soft Computing to develop a system that can effectively detect intrusions in a given network.

D. Praveena,P. Rangarajan

DOI: https://doi.org/10.1007/s11042-018-6339-0

IF: 2.577

2018-07-04

Multimedia Tools and Applications

Abstract:Cloud computing facilitates the enormous support of the public, business and emerging applications such as healthcare and nature disasters. Based on their services and characteristics, it can be classified as private cloud and public cloud. In this scenario, we need these two kinds of cloud services for an organization to provide the better service to the society. For that purpose, introduced a new cloud service called hybrid cloud service which is the combination of both private and public cloud. Security to the cloud environment is a challenging issue today especially for the hybrid cloud due to the combination of both. Many security mechanisms available in the literature but these are not achieved the sufficient level of security. For this purpose, we propose a new machine learning application for providing security to the hybrid cloud networks while storing the data and retrieving or accessing the data from the cloud. This proposed algorithm combines an existing Enhanced C4.5, newly proposed deduplication processing algorithm and the newly proposed dynamic access control mechanism. Moreover, we introduce a new deduplication processing algorithm for secure storage and retrieval without duplication or redundancy. In addition, a newly proposed dynamic access control mechanism called Dynamic Spatial Role Based Access Control Algorithm is also used in the proposed security framework. The proposed security framework has been implemented and also evaluated that the security level of the hybrid cloud while storing, retrieving and accessing the data from the cloud database.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Keke Gai,Meikang Qiu,Lixin Tao,Yongxin Zhu

DOI: https://doi.org/10.1002/sec.1224

IF: 1.968

2015-02-11

Security and Communication Networks

Abstract:Mobile cloud computing is applied in multiple industries to obtain cloud‐based services by leveraging mobile technologies. With the development of the wireless networks, defending threats from wireless communications have been playing a remarkable role in the Web security domain. Intrusion detection system (IDS) is an efficient approach for protecting wireless communications in the Fifth Generation (5G) context. In this paper, we identify and summarize the main techniques being implemented in IDSs and mobile cloud computing with an analysis of the challenges for each technique. Addressing the security issue, we propose a higher level framework of implementing secure mobile cloud computing by adopting IDS techniques for applying mobile cloud‐based solutions in 5G networks. On the basis of the reviews and synthesis, we conclude that the implementation of mobile cloud computing can be secured by the proposed framework because it will provide well‐protected Web services and adaptable IDSs in the complicated heterogeneous 5G environment. Copyright © 2015 John Wiley & Sons, Ltd. This paper proposes a high level framework of using mobile cloud‐computing‐based Intrusion Detection Systems (IDSs) on mobile applications. The types of IDS are reviewed and synthesized by this paper. Connecting mobile cloud computing platform with IDS techniques is an efficient approach for securing mobile apps in 4G/5G.

computer science, information systems,telecommunications

Haipeng Yao,Qiyi Wang,Luyao Wang,Peiying Zhang,Maozhen Li,Yunjie Liu

DOI: https://doi.org/10.1007/s10766-017-0537-7

2017-01-01

International Journal of Parallel Programming

Abstract:With the dramatic opening-up of network, network security becomes a severe social problem with the rapid development of network technology. Intrusion Detection System (IDS) is an innovative and proactive network security technology, which becomes a hot topic in both industry and academia in recent years. There are four main characteristics of intrusion data that affect the performance of IDS including multicomponent, data imbalance, time-varying and unknown attacks. We propose a novel IDS framework called HMLD to address these issues, which is an exquisite designed framework based on Hybrid Multi-Level Data Mining. In this paper, we use KDDCUP99 dataset to evaluate the performance of HMLD. The experimental results show that HMLD can reach 96.70% accuracy which is nearly 1% higher than the recent proposed optimal algorithm SVM+ELM+Modified K-Means. In details, HMLD greatly increased the detection accuracy of DoS attacks and R2L attacks.