Mousa Alizadeh,Sadegh E Mousavi,Mohammad T H Beheshti,Ali Ostadi

DOI: https://doi.org/10.1109/icspis54653.2021.9729365

2021-12-29

Abstract:In terms of network topology, one of the extensively utilized technologies is the intrusion detection system (IDS). Despite applying numerous machine learning approaches (supervised and unsupervised) to enhance efficacy, reaching high-grade performance is still a challenging problem for existing intrusion detection algorithms. This study presents a new technique for IDS that focuses on various deep neural networks (DNNs) and their combination for data classification. The proposed model consists of three parts: (1) the feature selection is composed of an intersection of mutual information based on the transductive model (MIT-MIT), Anova F-value, and Genetic Algorithm (GA) methods, (2) the second section is a classifier network using a hybrid CNN-LSTM algorithm, and (3) the hyperparameter optimization module that puts to use Firefly, BAT, and Gray Wolf algorithms. In order to validate and verify the suggested model via accuracy, F1 score, recall, and precision criteria, a benchmark dataset, namely, NSL-KDD, is employed, which compares the proposed method with the highly developed classifiers. The comparison outcomes confirmed the surpassing of the presented strategy over contrast algorithms.

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Laith Abualigah,Saba Hussein Ahmed,Mohammad H. Almomani,Raed Abu Zitar,Anas Ratib Alsoud,Belal Abuhaija,Essam Said Hanandeh,Heming Jia,Diaa Salama Abd Elminaam,Mohamed Abd Elaziz

DOI: https://doi.org/10.1007/s11042-023-17886-2

IF: 2.577

2024-01-03

Multimedia Tools and Applications

Abstract:With the ever-expanding ubiquity of the Internet, wireless networks have permeated every facet of modern life, escalating concerns surrounding network security for users. Consequently, the demand for a robust Intrusion Detection System (IDS) has surged. The IDS serves as a critical bastion within the security framework, a significance further magnified in wireless networks where intrusions may stem from the deluge of sensor data. This influx of data, however, inevitably taxes the efficiency and computational speed of IDS. To address these limitations, numerous strategies for enhancing IDS performance have been posited by researchers. This paper introduces a novel feature selection method grounded in Support Vector Machine (SVM) and harnessing the innovative modified Aquila Optimizer (mAO) for Intrusion Detection Systems in Wireless Sensor Networks. To evaluate the efficacy of our approach, we employed the KDD'99 dataset for testing and benchmarking against established methods. Multiple performance metrics, including accuracy, detection rate, false alarm rate, feature count, and execution time, were utilized for assessment. Our comparative analysis reveals the superiority of the proposed method, with standout results in terms of feature reduction, detection accuracy, and false alarm mitigation, yielding significant improvements of 11%, 98.76%, and 0.02%, respectively.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Mohammed Sayeeduddin Habeeb,Tummala Ranga Babu

DOI: https://doi.org/10.1002/ett.4961

IF: 3.6

2024-03-19

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Network Intrusion Detection Systems (NIDSs) are important in safeguarding networks from known and unknown attacks. Many research efforts have recently been made to create NIDS systems based on Machine Learning (ML) methods, addressing a significant challenge in designing standard NIDS the lack of standardized feature sets in the dataset. Given the recent development of the Internet of Things (IoT) in wireless communication, our proposed method introduces a novel solution to enhance intrusion detection systems. This proposed solution feature selection is carried out in two stages, coarse and fine selection. In the first stage of the coarse selection process, we conduct correlation analysis to identify relationships within the feature set. The second stage employs fine selection using the Whale Optimization Algorithm (WOA) with Genetic Algorithm hybridization (CFWOAGA). The fitness of each selected feature is assessed using the K‐Nearest Neighbors (KNN) algorithm. In our proposed work we integrate WOA with hybrid GA to extend the search space and avoid local optima problems via crossover and mutation operations. These selected features are critical for detecting any intrusion, we use an ML classifier to identify whether there is an attack or normal in the network and we evaluate the performance of each classifier. We evaluate the performance of our classifier using the BoT‐IoT 2020 standard dataset while limiting the selected features to 32 for reduced computational complexity, these selected 32 features are based upon considerations of system optimization and efficiency, making a balance between computational efficiency and model performance. The experimental findings show better model accuracy compared to the WOA technique and a significant drop in the False Alarm Rate (FAR). In conclusion, our proposed CFWOA method achieved an accuracy of 98.9%, while an updated version with the genetic algorithm demonstrated further improvement at 99.5%. Notably, there was a substantial improvement in FAR with our proposed method.

telecommunications

Guezzaz, Azidine

DOI: https://doi.org/10.1007/s11042-023-14795-2

IF: 2.577

2023-02-19

Multimedia Tools and Applications

Abstract:The Internet of Things (IoT) interconnects billions of sensors and actuators to serve a meaningful purpose. However, it is always vulnerable to various menaces. Thus, IoT security represents a big concern in the research field. Various tools were developed to mitigate these security issues. So, Intrusion detection systems (IDS) have gained much attention in the research community due to their critical role in maintaining network security. In this work, we integrate a network IDS (NIDS) to enhance IoT security. This paper presents a network intrusion detection model for IoT environments using a K-Nearest Neighbors (K-NN) classifier and feature selection. We built the NIDS using the K-NN algorithm to improve the IDS accuracy (ACC) and detection rate (DR). Furthermore, the principal component analysis (PCA), univariate statistical test, and genetic algorithm (GA) are used for feature selection separately to improve the data quality and select the ten best performing features. The performance evaluation of our model is performed on the Bot-IoT dataset. After applying the feature selection, the models have shown promising results regarding ACC, DR, false alarm rate (FAR), and predicting time. Our proposed model provided 99.99% ACC and maintained its superior performance for the ten selected features. Furthermore, we calculated the prediction time, as we consider it critical in building IDS for IoT, and by applying feature selection, we reduced it significantly from 51,182.22 s to under a minute. This novel model presents many advantages and reliable performances compared with previous models relying on the same dataset.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chanchal Suman,Somanath Tripathy,Sriparna Saha

DOI: https://doi.org/10.48550/arXiv.1905.06562

2019-05-16

Neural and Evolutionary Computing

Abstract:Intrusion Detection Systems (IDS) are developed to protect the network by detecting the attack. The current paper proposes an unsupervised feature selection technique for analyzing the network data. The search capability of the non-dominated sorting genetic algorithm (NSGA-II) has been employed for optimizing three different objective functions utilizing different information theoretic measures including mutual information, standard deviation, and information gain to identify mutually exclusive and a high variant subset of features. Finally, the Pareto optimal front of the different optimal feature subsets are obtained and these feature subsets are utilized for developing classification systems using different popular machine learning models like support vector machines, decision trees and k-nearest neighbour (k=5) classifier etc. We have evaluated the results of the algorithm on KDD-99, NSL-KDD and Kyoto 2006+ datasets. The experimental results on KDD-99 dataset show that decision tree provides better results than other available classifiers. The proposed system obtains the best results of 99.78% accuracy, 99.27% detection rate and false alarm rate of 0.2%, which are better than all the previous results for KDD dataset. We achieved an accuracy of 99.83% for 20% testing data of NSL-KDD dataset and 99.65% accuracy for 10-fold cross-validation on Kyoto dataset. The most attractive characteristic of the proposed scheme is that during the selection of appropriate feature subset, no labeled information is utilized and different feature quality measures are optimized simultaneously using the multi-objective optimization framework.

Chetan Gupta,Amit Kumar,Neelesh Kumar Jain,Gupta, Chetan

DOI: https://doi.org/10.1007/s11277-024-10880-3

IF: 2.017

2024-02-29

Wireless Personal Communications

Abstract:The continuous advancement of computer networks has given rise to grave concerns regarding security and susceptibility. Network administrators utilize intrusion detection systems (IDS) to deliver essential network security. Current IDS devices produce false alarms in response to routine user activities rather than detecting novel assaults. Neural networks may be used to overcome this problem and increase detection accuracy. In this paper, we propose a hybrid approach based on neural networks and correlation-based feature selection to detect anomalies. Experimental research is done on the standard dataset NSL-KDD for intrusion detection using current attacks. We introduce a novel hybrid crowd search analysis optimization with an artificial neural network (HCSAOANN). The findings demonstrate that it outperforms in high accuracy, precision, F1-Score, and recall. In the proposed HCSAOANN algorithm, to explore the feature space, we merged the crow search optimization (CSO), which can converge into the overall best solution in the search function, with the upgraded version of the crow search analysis method. Some performance criteria were applied in the studies using an artificial neural network (ANN) as a classifier. The HCSAOANN methodology outperformed as compared to the previous fuzzy technique and achieved 98% accuracy and a 98% precision rate, which is 2.2% better than the previous CSO-ANFIS technique and 8.87% superior to the FC-ANN technique.

telecommunications

Moutaz Alazab,Ruba Abu Khurma,Pedro A. Castillo,Bilal Abu-Salih,Alejandro Martin,David Camacho

2024-02-21

Abstract:This paper proposes an Intrusion Detection System (IDS) employing the Harris Hawks Optimization algorithm (HHO) to optimize Multilayer Perceptron learning by optimizing bias and weight parameters. HHO-MLP aims to select optimal parameters in its learning process to minimize intrusion detection errors in networks. HHO-MLP has been implemented using EvoloPy NN framework, an open-source Python tool specialized for training MLPs using evolutionary algorithms. For purposes of comparing the HHO model against other evolutionary methodologies currently available, specificity and sensitivity measures, accuracy measures, and mse and rmse measures have been calculated using KDD datasets. Experiments have demonstrated the HHO MLP method is effective at identifying malicious patterns. HHO-MLP has been tested against evolutionary algorithms like Butterfly Optimization Algorithm (BOA), Grasshopper Optimization Algorithms (GOA), and Black Widow Optimizations (BOW), with validation by Random Forest (RF), XG-Boost. HHO-MLP showed superior performance by attaining top scores with accuracy rate of 93.17%, sensitivity level of 89.25%, and specificity percentage of 95.41%.

Artificial Intelligence,Neural and Evolutionary Computing

Xin Li,Peng Yi,Wei Wei,Yiming Jiang,Le Tian

DOI: https://doi.org/10.1155/2021/8830431

IF: 1.968

2021-01-06

Security and Communication Networks

Abstract:As an important part of intrusion detection, feature selection plays a significant role in improving the performance of intrusion detection. Krill herd (KH) algorithm is an efficient swarm intelligence algorithm with excellent performance in data mining. To solve the problem of low efficiency and high false positive rate in intrusion detection caused by increasing high-dimensional data, an improved krill swarm algorithm based on linear nearest neighbor lasso step (LNNLS-KH) is proposed for feature selection of network intrusion detection. The number of selected features and classification accuracy are introduced into fitness evaluation function of LNNLS-KH algorithm, and the physical diffusion motion of the krill individuals is transformed by a nonlinear method. Meanwhile, the linear nearest neighbor lasso step optimization is performed on the updated krill herd position in order to derive the global optimal solution. Experiments show that the LNNLS-KH algorithm retains 7 features in NSL-KDD dataset and 10.2 features in CICIDS2017 dataset on average, which effectively eliminates redundant features while ensuring high detection accuracy. Compared with the CMPSO, ACO, KH, and IKH algorithms, it reduces features by 44%, 42.86%, 34.88%, and 24.32% in NSL-KDD dataset, and 57.85%, 52.34%, 27.14%, and 25% in CICIDS2017 dataset, respectively. The classification accuracy increased by 10.03% and 5.39%, and the detection rate increased by 8.63% and 5.45%. Time of intrusion detection decreased by 12.41% and 4.03% on average. Furthermore, LNNLS-KH algorithm quickly jumps out of the local optimal solution and shows good performance in the optimal fitness iteration curve, convergence speed, and false positive rate of detection.

computer science, information systems,telecommunications

Muhammad Naveed,Fahim Arif,Syed Muhammad Usman,Aamir Anwar,Myriam Hadjouni,Hela Elmannai,Saddam Hussain,Syed Sajid Ullah,Fazlullah Umar

DOI: https://doi.org/10.1155/2022/2215852

2022-08-10

Wireless Communications and Mobile Computing

Abstract:An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as "the big three." On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

I. Sumaiya Thaseen,J. Saira Banu,K. Lavanya,Muhammad Rukunuddin Ghalib,Kumar Abhishek

DOI: https://doi.org/10.1002/ett.4014

IF: 3.6

2020-06-08

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Serious concerns regarding vulnerability and security have been raised as a result of the constant growth of computer networks. Intrusion detection systems (IDS) have been adopted by network administrators to provide essential network security. Commercial IDS in the market do not have the capability to identify novel attacks but generate false alarms for legitimate user activities. Neural networks can be applied for the solution of these issues and for providing improved accuracy. Correlation‐based attribute selection ranks the features according to the highest correlation between the attributes and class label. In this article, the authors propose a correlation‐based feature selection integrated with neural network for identifying anomalies. Experimental analysis performed on NSL‐KDD and UNSW‐NB datasets, which are benchmark datasets of intrusion detection with current attacks. The results show that the proposed model is superior in terms of accuracy, sensitivity, and specificity in comparison with some of the state‐of‐the‐art techniques. With the emergence of the Internet of Things Technology, such IDS can be deployed for securing the IoT servers in future. Wireless payment systems can be secured by building and deploying IDS. A secure integrated network management can be achieved which is error‐free and thereby improving performance.</p>

telecommunications

Karrar Alwan,Ahmed AbuEl-Atta,Hala Zayed,,,

DOI: https://doi.org/10.22266/ijies2021.0228.19

2021-02-28

International Journal of Intelligent Engineering and Systems

Abstract:Accurate intrusion detection is necessary to preserve network security. However, developing efficient intrusion detection system is a complex problem due to the nonlinear nature of the intrusion attempts, the unpredictable behaviour of network traffic, and the large number features in the problem space. Hence, selecting the most effective and discriminating feature is highly important. Additionally, eliminating irrelevant features can improve the detection accuracy as well as reduce the learning time of machine learning algorithms. However, feature reduction is an NPhard problem. Therefore, several metaheuristics have been employed to determine the most effective feature subset within reasonable time. In this paper, two intrusion detection models are built based on a modified version of the firefly algorithm to achieve the feature selection task. The first and, the second models have been used for binary and multiclass classification, respectively. The modified firefly algorithm employed a mutation operation to avoid trapping into local optima through enhancing the exploration capabilities of the original firefly. The significance of the selected features is evaluated using a Naïve Bayes classifier over a benchmark standard dataset, which contains different types of attacks. The obtained results revealed the superiority of the modified firefly algorithm against the original firefly algorithm in terms of the classification accuracy and the number of selected features under different scenarios. Additionally, the results assured the superiority of the proposed intrusion detection system against other recently proposed systems in both binary classification and multi-classification scenarios. The proposed system has 96.51% and 96.942% detection accuracy in binary classification and multi-classification, respectively. Moreover, the proposed system reduced the number of attributes from 41 to 9 for binary classification and to 10 for multi-classification.

English Else

Iftikhar Ahmad,Qazi Emad Ul Haq,Muhammad Imran,Madini O. Alassafi,Rayed A. AlGhamdi

DOI: https://doi.org/10.3390/math10030530

IF: 2.4

2022-02-08

Mathematics

Abstract:Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains.

mathematics

Ch.Kodanda Ramu,T. Srinivasa Rao,E. Uma Shankar Rao

DOI: https://doi.org/10.1007/s11042-024-18558-5

IF: 2.577

2024-02-20

Multimedia Tools and Applications

Abstract:In recent times, network-based applications have rapidly grown in the field of information and communication technology(ICT), which enables individuals and organizations to connect and share their sensitive information seamlessly. The security of these network-based applications is imperative to avoid cyber-attacks during the exchange of sensitive information. The identification of anomalies in network events can be highly challenging due to the complex nature of traffic flows. To solve the challenges, network intrusion detection system (NIDS) technology is used; any network can profit from this system because it can monitor traffic and detect any irregularities. The existing NIDS systems driven by machine learning models do not provide sufficient ability to handle heterogeneous data and realize performance degradation while detecting some types of attacks. Therefore, this paper proposes an innovative meta-heuristic optimization and deep learning-based methodology for improving the performance of NIDS systems. Initially, the raw captured traffic data is fed into the pre-processing phase to attain data standardization and data balancing. Further, an extended Pelican Optimization algorithm (Ex-Pel) is employed to select the set of features from the pre-processed data optimally. Finally, the Self-Attention Assisted Weighted Auto Encoder (SAttn_WAE) is executed to detect the attacks precisely through the set of optimal features. The execution of the proposed methodology is carried out in the Python platform, and performance evaluation is done using accuracy, precision, recall, FAR, and F1-score metrics. The proposed model achieved an accuracy of 99.23%, precision of 99.78%, FAR of 0.67%, recall of 99.13%, and F1-score of 99.32%, which is comparatively better than existing models.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

A S Talita,O S Nataza,Z Rustam

DOI: https://doi.org/10.1088/1742-6596/1752/1/012021

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract The security of a network might be threatened by an intrusion aim to steal classified data or to find weaknesses on the network. In general, network main security systems use a firewall to control and monitor both incoming and outgoing network traffic. Intrusion Detection System can be used to strengthen network security. Several data mining methods have been used to solve Intrusion Detection System (IDS) problem on a network. On this paper we will use Naïve Bayes Classifier along with Particle Swarm Optimization (PSO) as the feature selection method specifically on one of the benchmark dataset on IDS problem, KDD CUP’99. The dataset consists of more than 40 features with more than 400 thousands records. To solve IDS problem on the dataset, it needs a quite expensive cost either on time computation or memory usage hence the use of PSO as the feature selection method. The best classification result was reached when we use 38 features where the accuracy is 99.12%. Particle Swarm Optimization method has several parameters that may affect the classification performance. For future improvement, it is possible to use a parameter optimization method to ensure the best classifier performance.

M. Yuvaraja,S. Arunkumar,P. Vinodh Kumar,L. Mary Immaculate Sheela

DOI: https://doi.org/10.1155/2023/8478457

2023-02-03

Wireless Communications and Mobile Computing

Abstract:The goal of the network intrusion detection system (NIDS) is to spot malicious activity in a network. It seeks to do that by examining the behavior of the traffic network. To find abnormalities, the NIDS heavily use machine learning (ML) and data mining techniques. The performance of NIDSs is significantly impacted by feature selection. This is due to the numerous characteristics that are used in anomaly identification, which take a lot of time. The time required to analyze traffic behavior and raise the accuracy level is thus influenced by the feature selection strategy. In the current work, the researcher's goal was to provide a feature selection model for NIDSs. IGWO (improved grey wolf optimizations) for FSs (feature selections) was proposed to address these difficulties. The three primary processes in this proposed study are preprocessing, extractions and classifications of FSs, and evaluations of results. IGWOs are used to choose a subset of input variables by minimizing features to measure the accuracy in the search space and discover the best solution. A particular structure of HPNs (hierarchical progressive networks) is controlled by the MDAEs (multimodal deep autoencoders) and ABLSTMs (attention-based long short-term memories) for enhanced multimodal-sequential IDSs, i.e., AB-LSTMs. It is possible to understand relationships between neighboring network connections automatically and efficiently integrate information from many levels of characteristics inside a network connection using the EMS-DHPN technique simultaneously. This work's suggested hybrid IDSs called IGWO-EMS-DHPN technique were evaluated using two intrusion datasets: UNSW-NB15 and CICIDS-2017 which is compared with other existing classifiers in terms of relative accuracies, precisions, recalls, and F 1 -scores in categorizations. While several classifiers have been developed, the suggested IGWO-EMS-DHPN classifier obtains maximum accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Li Yuan,Xiongjun Tian,Jiacheng Yuan,Jingyu zhang,Xiaojing Dai,Ali Asghar Heidari,Huiling Chen,Sudan Yu

DOI: https://doi.org/10.1007/s10586-024-04544-x

2024-06-16

Cluster Computing

Abstract:Intrusion detection system (IDS) classify network traffic as either threatening or normal based on data features, aiming to identify malicious activities attempting to compromise computer systems. However, the volume of intrusion-related data is increasing daily, and the redundant features within this data hinder the improvement of IDS classification performance and efficiency. This study introduces a wrapper feature selection model, denoted as bICSRUN-KNN, with Runge–kutta optimization for information-guided communication (ICSRUN) to detect system intrusions. Comparative experiments on the IEEE CEC 2014 benchmark functions demonstrate ICSRUN's superiority over other algorithms. Subsequently, comparative experiments are conducted using 12 UCI datasets, NSL-KDD, ISCX-URL-2016, ISCX-Tor-NonTor-2017, and LUFlow Network, against competing algorithms. Experimental results demonstrate that the bICSRUN-KNN model achieved remarkable accuracy rates of 98.705% and 98.341% in the binary and multiclass contexts of NSL-KDD. For ISCX-URL-2016, ISCX-Tor-NonTor-2017, and LUFlow Network, accuracy rates of 96.107%, 99.772%, and 88.748% are respectively attained.

computer science, information systems, theory & methods

Bidyapati Thiyam,Shouvik Dey

DOI: https://doi.org/10.1080/1206212X.2023.2223795

2023-06-16

International Journal of Computers and Applications

Abstract:The ever-growing amount of data generated by modern networks poses significant challenges for intrusion detection systems (IDS) in effectively analyzing and classifying security risks. Therefore, it is crucial to identify the most biased characteristics for building efficient and effective IDS algorithms. However, not all features are equally informative or relevant for intrusion detection. In response to these problems, this study proposes a Hybrid approach that uses traditional and advanced statistical techniques. The proposed method effectively validates the features generated from the hybrid model and set-operation theorem to provide the best optimal subset of features for IDS. Various machine learning methods are used to test the proposed model on three popular IDS datasets: NSL-KDD, UNSW NB15, and CIC-DDoS2019. The experimental findings show that the suggested hybrid technique improves IDS performance effectively and efficiently, providing a viable answer to the issues that intrusion detection systems confront.

Anjum Nazir,Rizwan Ahmed Khan

DOI: https://doi.org/10.48550/arXiv.1906.04494

2021-01-19

Abstract:Advancements in computer networks and communication technologies like software defined networks (SDN), Internet of things (IoT), microservices architecture, cloud computing and network function virtualization (NFV) have opened new fronts and challenges for security experts to combat against modern cyberattacks. Relying on perimeter defense and signature-based network security solutions like Intrusion Detection and Prevention Systems (IDS/IPS) have failed to deliver adequate level of security against new attack vectors such as advance persistent threats, zero days, ransomware, botnets and other forms of targeted attacks. Recent developments in machine learning and cognitive computing have shown great potential to detect unknown and new intrusion events where legacy misuse and anomaly based intrusion detection systems usually fail. In this research study we applied state of the art machine learning algorithms on UNSW-NB15 dataset for potential applicability to detect new attacks. We also proposed a novel wrapper based feature selection technique TS-RF using metaheuristic Tabu Search (TS) algorithm and Random Forest (RF) ensemble classifier. Results obtained by applying proposed feature selection technique i.e. TS-RF on UNSW-NB15 dataset show improvement in overall intrusion detection accuracy while it reduces computation complexity as it removes more than 60% features.

Cryptography and Security,Networking and Internet Architecture