Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Muhammad Sajid,Kaleem Razzaq Malik,Ahmad Almogren,Tauqeer Safdar Malik,Ali Haider Khan,Jawad Tanveer,Ateeq Ur Rehman

DOI: https://doi.org/10.1186/s13677-024-00685-x

2024-07-18

Journal of Cloud Computing

Abstract:The volume of data transferred across communication infrastructures has recently increased due to technological advancements in cloud computing, the Internet of Things (IoT), and automobile networks. The network systems transmit diverse and heterogeneous data in dispersed environments as communication technology develops. The communications using these networks and daily interactions depend on network security systems to provide secure and reliable information. On the other hand, attackers have increased their efforts to render systems on networks susceptible. An efficient intrusion detection system is essential since technological advancements embark on new kinds of attacks and security limitations. This paper implements a hybrid model for Intrusion Detection (ID) with Machine Learning (ML) and Deep Learning (DL) techniques to tackle these limitations. The proposed model makes use of Extreme Gradient Boosting (XGBoost) and convolutional neural networks (CNN) for feature extraction and then combines each of these with long short-term memory networks (LSTM) for classification. Four benchmark datasets CIC IDS 2017, UNSW NB15, NSL KDD, and WSN DS were used to train the model for binary and multi-class classification. With the increase in feature dimensions, current intrusion detection systems have trouble identifying new threats due to low test accuracy scores. To narrow down each dataset's feature space, XGBoost, and CNN feature selection algorithms are used in this work for each separate model. The experimental findings demonstrate a high detection rate and good accuracy with a relatively low False Acceptance Rate (FAR) to prove the usefulness of the proposed hybrid model.

Seshu Bhavani Mallampati,Hari Seetha

DOI: https://doi.org/10.1142/s0219649223500661

2023-11-22

Journal of Information & Knowledge Management

Abstract:Journal of Information &Knowledge Management, Ahead of Print. With advances in computer network technology, the Internet has become an integral part of our daily lives. It goes without saying that providing security to network data is crucial. To this effect, the intrusion detection system (IDS) is vital for defending networks against cyberattacks. However, the high dimensionality of data is a significant issue that impacts categorisation accuracy. Therefore, we proposed a novel integrated feature extraction method called PC-UDAE that uses principal component analysis (PCA) and Unsupervised Deep Autoencoder (UDAE) to extract linear and nonlinear relationships. Also, to address the class imbalance, synthetic minority class samples are generated using the combination of Synthetic Minority Over Sampling Technique and Edited Nearest Neighbour (SMOTE-ENN). Finally, the extracted features are trained by using supervised machine learning models like Random Forest (RF), Extreme Gradient Boosting Machine (XGBM), Decision Tree (DT), Light Gradient Boosting Machine (LGBM), Extra Tree (ET), Support Vector Machine (SVM), AdaBoost (AB), and K-Nearest Neighbour (KNN) with the original imbalanced and balanced data. We analysed our suggested model using UNSW-NB 15, NSL-KDD, Ton-IoT data sets and obtained 98.85%, 99.59%, and 99.97% accuracy, respectively. Our experimental findings show that our proposed method outperformed all other competing methods.

Muhammad Naveed,Fahim Arif,Syed Muhammad Usman,Aamir Anwar,Myriam Hadjouni,Hela Elmannai,Saddam Hussain,Syed Sajid Ullah,Fazlullah Umar

DOI: https://doi.org/10.1155/2022/2215852

2022-08-10

Wireless Communications and Mobile Computing

Abstract:An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as "the big three." On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

Rula Abdulwahid Mohammed,Youssef A. Bazzi

DOI: https://doi.org/10.47001/irjiet/2024.802001

2024-01-01

International Research Journal of Innovations in Engineering and Technology

Abstract:The ever-evolving cybersecurity sector requires robust intrusion detection systems (IDS). Traditional rules-based measures are no longer sufficient due to the complexity of cyber threats, requiring new approaches. This study presents the architecture of an intrusion detection system combining machine learning and principal component analysis (PCA) to increase network security. A network traffic classification system was built and tested on the NSL-KDD dataset and used PCA for dimensionality reduction. The results were cross-validated to reduce overfitting and ensure generalizability of the model. Low-variance precision refers to the consistency of the cross-validation fold. The combination of PCA and machine learning models exceeds previous studies with an F1 score for the random forest model of over 99%. The study improves intrusion detection and network protection against cyber-attacks.

D'Jeff Kanda Nkashama,Arian Soltani,Jean-Charles Verdier,Marc Frappier,Pierre-Martin Tardif,Froduald Kabanza

2023-10-30

Abstract:Recently, advances in deep learning have been observed in various fields, including computer vision, natural language processing, and cybersecurity. Machine learning (ML) has demonstrated its ability as a potential tool for anomaly detection-based intrusion detection systems to build secure computer networks. Increasingly, ML approaches are widely adopted than heuristic approaches for cybersecurity because they learn directly from data. Data is critical for the development of ML systems, and becomes potential targets for attackers. Basically, data poisoning or contamination is one of the most common techniques used to fool ML models through data. This paper evaluates the robustness of six recent deep learning algorithms for intrusion detection on contaminated data. Our experiments suggest that the state-of-the-art algorithms used in this study are sensitive to data contamination and reveal the importance of self-defense against data perturbation when developing novel models, especially for intrusion detection systems.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Omar Al-Harbi,Ahmed Hamed

DOI: https://doi.org/10.1504/ijsnet.2024.138918

2024-06-04

International Journal of Sensor Networks

Abstract:In cybersecurity, intrusion detection systems (IDSs) play a crucial role in identifying potential vulnerability exploits, thus reinforcing the network's defense infrastructure. Integrating machine learning models into IDS development has improved detection of complex and evolving intrusion patterns. However, imbalanced training data hampers model effectiveness, leading to classification inaccuracies and false alarms. This study proposes an IDS model using a dual-stage deep learning approach to address class imbalance. Initially, a sparse autoencoder (SAE) detects anomalies and extracts features. The subsequent stage employs a layered deep learning model combining convolutional neural network (CNN) and bidirectional long short-term memory (Bi-LSTM) architectures for multiclass classification. The model uses a cross-entropy loss function with proportional class weights. Evaluation on the NSL-KDD dataset demonstrates significant enhancements in overall accuracy, recall rate, and false positive rate, particularly for minority classes, showcasing its competitiveness against baseline models and other approaches.

computer science, information systems,telecommunications

Fazila Malik,Qazi Waqas Waqas Khan,Atif Rizwan,Rana Alnashwan,Ghada Atteia

DOI: https://doi.org/10.3390/math12121799

IF: 2.4

2024-06-10

Mathematics

Abstract:Intrusion Detection Systems (IDSs) play a crucial role in safeguarding network infrastructures from cyber threats and ensuring the integrity of highly sensitive data. Conventional IDS technologies, although successful in achieving high levels of accuracy, frequently encounter substantial model bias. This bias is primarily caused by imbalances in the data and the lack of relevance of certain features. This study aims to tackle these challenges by proposing an advanced machine learning (ML) based IDS that minimizes misclassification errors and corrects model bias. As a result, the predictive accuracy and generalizability of the IDS are significantly improved. The proposed system employs advanced feature selection techniques, such as Recursive Feature Elimination (RFE), sequential feature selection (SFS), and statistical feature selection, to refine the input feature set and minimize the impact of non-predictive attributes. In addition, this work incorporates data resampling methods such as Synthetic Minority Oversampling Technique and Edited Nearest Neighbor (SMOTE_ENN), Adaptive Synthetic Sampling (ADASYN), and Synthetic Minority Oversampling Technique–Tomek Links (SMOTE_Tomek) to address class imbalance and improve the accuracy of the model. The experimental results indicate that our proposed model, especially when utilizing the random forest (RF) algorithm, surpasses existing models regarding accuracy, precision, recall, and F Score across different data resampling methods. Using the ADASYN resampling method, the RF model achieves an accuracy of 99.9985% for botnet attacks and 99.9777% for Man-in-the-Middle (MITM) attacks, demonstrating the effectiveness of our approach in dealing with imbalanced data distributions. This research not only improves the abilities of IDS to identify botnet and MITM attacks but also provides a scalable and efficient solution that can be used in other areas where data imbalance is a recurring problem. This work has implications beyond IDS, offering valuable insights into using ML techniques in complex real-world scenarios.

mathematics

Bayi Xu,Lei Sun,Xiuqing Mao,Chengwei Liu,Zhiyi Ding

DOI: https://doi.org/10.32604/cmc.2023.046478

2024-01-01

Abstract:In recent years, frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security. This paper presents a novel intrusion detection system consisting of a data preprocessing stage and a deep learning model for accurately identifying network attacks. We have proposed four deep neural network models, which are constructed using architectures such as Convolutional Neural Networks (CNN), Bi-directional Long Short-Term Memory (BiLSTM), Bidirectional Gate Recurrent Unit (BiGRU), and Attention mechanism. These models have been evaluated for their detection performance on the NSL-KDD dataset.To enhance the compatibility between the data and the models, we apply various preprocessing techniques and employ the particle swarm optimization algorithm to perform feature selection on the NSL-KDD dataset, resulting in an optimized feature subset. Moreover, we address class imbalance in the dataset using focal loss. Finally, we employ the BO-TPE algorithm to optimize the hyperparameters of the four models, maximizing their detection performance. The test results demonstrate that the proposed model is capable of extracting the spatiotemporal features of network traffic data effectively. In binary and multiclass experiments, it achieved accuracy rates of 0.999158 and 0.999091, respectively, surpassing other state-of-the-art methods.

computer science, information systems,materials science, multidisciplinary

Ameera S. Jaradat,Malek M. Barhoush,Rawan S. Bani Easa

DOI: https://doi.org/10.11591/ijeecs.v25.i2.pp1151-1158

2022-02-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The main goal of intrusion detection system (IDS) is to monitor the network performance and to investigate any signs of any abnormalities over the network. Recently, intrusion detection systems employ machine learning techniques, due to the fact that machine learning techniques proved to have the ability of learning and adapting in addition to allowing a prompt response. This work proposes a model for intrusion detection and classification using machine learning techniques. The model first acquires the data set and transforms it in the proper format, then performs feature selection to pick out a subset of attributes that worth being considered. After that, the refined data set was processed by the Konstanz information miner (KNIME). To gain better performance and a decent comparative analysis, three different classifiers were applied. The anticipated classifiers have been executed and assessed utilizing the KNIME analytics platform using (CICIDS2017) datasets. The experimental results showed an accuracy rate ranging between (98.6) as the highest obtained while the average was (90.59%), which was satisfying compared to other approaches. The gained statistics of this research inspires the researchers of this field to use machine learning in cyber security and data analysis and build intrusion detection systems with higher accuracy.

Mouhammd Alkasassbeh

DOI: https://doi.org/10.48550/arXiv.1712.09623

2017-12-28

Abstract:Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

Networking and Internet Architecture,Cryptography and Security,Machine Learning

Md. Alamin Talukder,Md. Manowarul Islam,Md Ashraf Uddin,Khondokar Fida Hasan,Selina Sharmin,Salem A. Alyami,Mohammad Ali Moni

2024-01-22

Abstract:Cybersecurity has emerged as a critical global concern. Intrusion Detection Systems (IDS) play a critical role in protecting interconnected networks by detecting malicious actors and activities. Machine Learning (ML)-based behavior analysis within the IDS has considerable potential for detecting dynamic cyber threats, identifying abnormalities, and identifying malicious conduct within the network. However, as the number of data grows, dimension reduction becomes an increasingly difficult task when training ML models. Addressing this, our paper introduces a novel ML-based network intrusion detection model that uses Random Oversampling (RO) to address data imbalance and Stacking Feature Embedding based on clustering results, as well as Principal Component Analysis (PCA) for dimension reduction and is specifically designed for large and imbalanced datasets. This model's performance is carefully evaluated using three cutting-edge benchmark datasets: UNSW-NB15, CIC-IDS-2017, and CIC-IDS-2018. On the UNSW-NB15 dataset, our trials show that the RF and ET models achieve accuracy rates of 99.59% and 99.95%, respectively. Furthermore, using the CIC-IDS2017 dataset, DT, RF, and ET models reach 99.99% accuracy, while DT and RF models obtain 99.94% accuracy on CIC-IDS2018. These performance results continuously outperform the state-of-art, indicating significant progress in the field of network intrusion detection. This achievement demonstrates the efficacy of the suggested methodology, which can be used practically to accurately monitor and identify network traffic intrusions, thereby blocking possible threats.

Cryptography and Security,Machine Learning

Arshad Hashmi,Omar M Barukab,Ahmad Hamza Osman

DOI: https://doi.org/10.1371/journal.pone.0302294

IF: 3.7

2024-05-23

PLoS ONE

Abstract:Due to the recent advances in the Internet and communication technologies, network systems and data have evolved rapidly. The emergence of new attacks jeopardizes network security and make it really challenging to detect intrusions. Multiple network attacks by an intruder are unavoidable. Our research targets the critical issue of class imbalance in intrusion detection, a reflection of the real-world scenario where legitimate network activities significantly out number malicious ones. This imbalance can adversely affect the learning process of predictive models, often resulting in high false-negative rates, a major concern in Intrusion Detection Systems (IDS). By focusing on datasets with this imbalance, we aim to develop and refine advanced algorithms and techniques, such as anomaly detection, cost-sensitive learning, and oversampling methods, to effectively handle such disparities. The primary goal is to create models that are highly sensitive to intrusions while minimizing false alarms, an essential aspect of effective IDS. This approach is not only practical for real-world applications but also enhances the theoretical understanding of managing class imbalance in machine learning. Our research, by addressing these significant challenges, is positioned to make substantial contributions to cybersecurity, providing valuable insights and applicable solutions in the fight against digital threats and ensuring robustness and relevance in IDS development. An intrusion detection system (IDS) checks network traffic for security, availability, and being non-shared. Despite the efforts of many researchers, contemporary IDSs still need to further improve detection accuracy, reduce false alarms, and detect new intrusions. The mean convolutional layer (MCL), feature-weighted attention (FWA) learning, a bidirectional long short-term memory (BILSTM) network, and the random forest algorithm are all parts of our unique hybrid model called MCL-FWA-BILSTM. The CNN-MCL layer for feature extraction receives data after preprocessing. After convolution, pooling, and flattening phases, feature vectors are obtained. The BI-LSTM and self-attention feature weights are used in the suggested method to mitigate the effects of class imbalance. The attention layer and the BI-LSTM features are concatenated to create mapped features before feeding them to the random forest algorithm for classification. Our methodology and model performance were validated using NSL-KDD and UNSW-NB-15, two widely available IDS datasets. The suggested model's accuracies on binary and multi-class classification tasks using the NSL-KDD dataset are 99.67% and 99.88%, respectively. The model's binary and multi-class classification accuracies on the UNSW-NB15 dataset are 99.56% and 99.45%, respectively. Further, we compared the suggested approach with other previous machine learning and deep learning models and found it to outperform them in detection rate, FPR, and F-score. For both binary and multiclass classifications, the proposed method reduces false positives while increasing the number of true positives. The model proficiently identifies diverse network intrusions on computer networks and accomplishes its intended purpose. The suggested model will be helpful in a variety of network security research fields and applications.

Maryam Yousefnezhad,Javad Hamidzadeh,Mohammad Aliannejadi

DOI: https://doi.org/10.1007/s00500-021-06067-8

IF: 3.732

2021-08-10

Soft Computing

Abstract:An intrusion detection system is a security system that aims to detect sabotage and intrusions on networks to inform experts of the attack and abuse of the network. Different classification methods have been used in the intrusion detection systems such as fuzzy, genetic algorithms, decision trees, artificial neural networks, and support vector machines. Moreover, ensemble classifiers have shown more robust and effective performance for various tasks in the field. In this paper, we adopt ensemble models in order to improve the performance of intrusion detection and, at the same time, decrease the false alarm rate. We use kNN for multi-class classification, as well as SVM to approach the classification problem in normal-based detection. In order to combine multiple outputs, we use the Dempster–Shafer method in which there is the possibility of explicit retrieval of uncertainty. Moreover, we utilize deep learning for extracting features to train the samples, selected by the sample selection algorithm based on ensemble margin. We compare our results with state-of-the-art methods on benchmarking datasets such as UNSW-NB15, CICIDS2017, and NSL-KDD. Our proposed method indicates the superiority in terms of prominent metrics Accuracy, Precision, Recall, and F-measure.

computer science, artificial intelligence, interdisciplinary applications

Amit Kumar Balyan,Sachin Ahuja,Umesh Kumar Lilhore,Sanjeev Kumar Sharma,Poongodi Manoharan,Abeer D Algarni,Hela Elmannai,Kaamran Raahemifar

DOI: https://doi.org/10.3390/s22165986

2022-08-10

Abstract:Due to the rapid growth in IT technology, digital data have increased availability, creating novel security threats that need immediate attention. An intrusion detection system (IDS) is the most promising solution for preventing malicious intrusions and tracing suspicious network behavioral patterns. Machine learning (ML) methods are widely used in IDS. Due to a limited training dataset, an ML-based IDS generates a higher false detection ratio and encounters data imbalance issues. To deal with the data-imbalance issue, this research develops an efficient hybrid network-based IDS model (HNIDS), which is utilized using the enhanced genetic algorithm and particle swarm optimization(EGA-PSO) and improved random forest (IRF) methods. In the initial phase, the proposed HNIDS utilizes hybrid EGA-PSO methods to enhance the minor data samples and thus produce a balanced data set to learn the sample attributes of small samples more accurately. In the proposed HNIDS, a PSO method improves the vector. GA is enhanced by adding a multi-objective function, which selects the best features and achieves improved fitness outcomes to explore the essential features and helps minimize dimensions, enhance the true positive rate (TPR), and lower the false positive rate (FPR). In the next phase, an IRF eliminates the less significant attributes, incorporates a list of decision trees across each iterative process, supervises the classifier's performance, and prevents overfitting issues. The performance of the proposed method and existing ML methods are tested using the benchmark datasets NSL-KDD. The experimental findings demonstrated that the proposed HNIDS method achieves an accuracy of 98.979% on BCC and 88.149% on MCC for the NSL-KDD dataset, which is far better than the other ML methods i.e., SVM, RF, LR, NB, LDA, and CART.

Jeyavim Sherin R. C.,Parkavi K.

DOI: https://doi.org/10.1049/cmu2.12831

IF: 1.345

2024-09-14

IET Communications

Abstract:Intrusion detection systems (IDS) monitor network activity to detect unusual patterns indicative of security breaches. However, many existing IDS solutions struggle with accurately identifying attacks within packet capture (PCAP) files. To address this limitation, a deep learning‐based dual IDS model is proposed. Utilizing the Cyber Intelligence Centre‐Distributed Denial of Service Attack 2019 dataset, this model begins by extracting features and attributes from PCAP files. Experimental results demonstrate that this model achieves 98.18% accuracy and 98.73% precision in classification tasks, significantly outperforming existing approaches. These findings highlight the effectiveness of the proposed system in enhancing intrusion detection capabilities. The rise of suspicious activities in network communication, driven by increased internet accessibility, necessitates the development of advanced intrusion detection systems (IDS). Existing IDS solutions often exhibit poor performance in detecting suspicious activity and fail to identify various attack types within packet capture (PCAP) files, which monitor network traffic. This paper proposes a deep learning‐based dual IDS model designed to address these issues. The process begins with utilizing the CSE‐CIC‐IDS2019 dataset to extract features from PCAP files. Suspicious activities are detected using the Exponential Geometric‐Gaussian Error Linear Units‐Gated Recurrent Unit (EG‐GELU‐GRU) method. Normal data undergoes further feature extraction and preprocessing through Log ZScore‐Jacosine Density‐Based Spatial Clustering of Applications with Noise (LZ‐JC‐DBSCAN). Feature selection is optimized using the Entropy Pearson R Correlation‐Red Panda optimization algorithm. Suspicious files are flagged, while load balancing is performed on normal data. Attack detection is achieved through word embedding with the Glorot Kaufman‐bidirectional encoder representations from transformers technique and classification via the EG‐GELU‐GRU model. Attacked packets are blocked, and the method is reapplied for attack‐type classification. Experimental results using Python demonstrate the model's superior performance, achieving 98.18% accuracy and 98.73% precision, surpassing existing approaches and significantly enhancing intrusion detection capabilities.

engineering, electrical & electronic

D.V. Jeyanthi,B. Indrani

DOI: https://doi.org/10.5121/ijcnc.2022.14107

2022-01-31

Abstract:An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.