Abdulrahman Al-Abassi,Hadis Karimipour,Ali Dehghantanha,Reza M. Parizi

DOI: https://doi.org/10.48550/arXiv.2005.00936

IF: 4.729

2020-05-02

Signal Processing

Abstract:The integration of communication networks and the Internet of Things (IoT) in Industrial Control Systems (ICSs) increases their vulnerability towards cyber-attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDSs), which are mainly developed to support Information Technology (IT) systems, count vastly on predefined models and are trained mostly on specific cyber-attacks. Besides, most IDSs do not consider the imbalanced nature of ICS datasets, thereby suffering from low accuracy and high false positive on real datasets. In this paper, we propose a deep representation learning model to construct new balanced representations of the imbalanced dataset. The new representations are fed into an ensemble deep learning attack detection model specifically designed for an ICS environment. The proposed attack detection model leverages Deep Neural Network (DNN) and Decision Tree (DT) classifiers to detect cyber-attacks from the new representations. The performance of the proposed model is evaluated based on 10-fold cross-validation on two real ICS datasets. The results show that the proposed method outperforms conventional classifiers, including Random Forest (RF), DNN, and AdaBoost, as well as recent existing models in the literature. The proposed approach is a generalized technique, which can be implemented in existing ICS infrastructures with minimum changes.

Ahmed Hasham Ibn E. Tariq,Moazan Basoud Ibn E. Tariq,Songfeng Lu

DOI: https://doi.org/10.1109/aiotc63215.2024.10748333

2024-01-01

Abstract:Zero-day exploits present significant risks to cybersecurity by exploiting unknown vulnerabilities, making their identification and mitigation a key problem. Conventional Intrusion Detection Systems (IDS) frequently depend on signature-based or anomaly-based methodologies, which are ineffective in identifying new and sophisticated incidents of assault. This paper provides a new hybrid AI-driven strategy to boost zeroday exploit detection by the combination of deep learning and ensemble learning approaches. We have taken the UNSW-NB15 dataset, a complete and diversified reference for network intrusion models, to train and analyze our model. The suggested system leverages a hybrid architecture integrating Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks to capture both spatial and sequential features of network traffic efficiently. To further increase detection accuracy and resilience, we add ensemble approaches by combining random forest, gradient boosting, and Support Vector Machine (SVM) classifiers through a weighted voting mechanism. Our ensemble model achieves a detection accuracy of 97.8%, outperforming standard anomaly-based (IDS), vision transformer (ViT) and bidirectional encoder representations from transformers (BERT) by a wide margin. The model also demonstrates a low false-positive rate of 0.022 and high detection rates across multiple types of attacks, including previously undiscovered zero-day flaws. Performance studies employing criteria like accuracy, recall, F1score, AUC-ROC, false-positive rate, and detection rate indicate the importance and reliability of our methodology.

A. Chavez,N. Jacobs,C. B. Jones,J. Johnson,A. Summers,S. Hossain‐McKenzie,C. Lai

DOI: https://doi.org/10.1109/CyberPELS.2019.8925064

2019-04-01

Abstract:The integration of communication-enabled grid-support functions in distributed energy resources (DER) and other smart grid features will increase the U.S. power grid's exposure to cyber-physical attacks. Unwanted changes in DER system data and control signals can damage electrical infrastructure and lead to outages. To protect against these threats, intrusion detection systems (IDSs) can be deployed, but their implementation presents a unique set of challenges in industrial control systems (ICSs), New approaches need to be developed that not only sense cyber anomalies, but also detect undesired physical system behaviors. For DER systems, a combination of cyber security data and power system and control information should be collected by the IDS to provide insight into the nature of an anomalous event. This allows joint forensic analysis to be conducted to reveal any relationships between the observed cyber and physical events. In this paper, we propose a hybrid IDS approach that monitors and evaluates both physical and cyber network data in DER systems, and present a series of scenarios to demonstrate how our approach enables the cyber-physical IDS to achieve more robust identification and mitigation of malicious events on the DER system.

Environmental Science,Engineering,Computer Science

Zain ul Abdeen,Padmaksha Roy,Ahmad Al-Tawaha,Rouxi Jia,Laura Freeman,Peter Beling,Chen-Ching Liu,Alberto Sangiovanni-Vincentelli,Ming Jin

2024-05-06

Abstract:There is an upward trend of deploying distributed energy resource management systems (DERMS) to control modern power grids. However, DERMS controller communication lines are vulnerable to cyberattacks that could potentially impact operational reliability. While a data-driven intrusion detection system (IDS) can potentially thwart attacks during deployment, also known as the evasion attack, the training of the detection algorithm may be corrupted by adversarial data injected into the database, also known as the poisoning attack. In this paper, we propose the first framework of IDS that is robust against joint poisoning and evasion attacks. We formulate the defense mechanism as a bilevel optimization, where the inner and outer levels deal with attacks that occur during training time and testing time, respectively. We verify the robustness of our method on the IEEE-13 bus feeder model against a diverse set of poisoning and evasion attack scenarios. The results indicate that our proposed method outperforms the baseline technique in terms of accuracy, precision, and recall for intrusion detection.

Cryptography and Security,Systems and Control

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

Easa Alalwany,Imad Mahgoub

DOI: https://doi.org/10.3390/electronics13050919

IF: 2.9

2024-02-29

Electronics

Abstract:The emergence of connected and autonomous vehicles has led to complex network architectures for electronic control unit (ECU) communication. The controller area network (CAN) enables the transmission of data inside vehicle networks. However, although it has low latency and enjoys data broadcast capability, it is vulnerable to attacks on security. The lack of effectiveness of conventional security mechanisms in addressing these vulnerabilities poses a danger to vehicle safety. This study presents an intrusion detection system (IDS) that accurately detects and classifies CAN bus attacks in real-time using ensemble techniques and the Kappa Architecture. The Kappa Architecture enables real-time attack detection, while ensemble learning combines multiple machine learning classifiers to enhance the accuracy of attack detection. The scheme utilizes ensemble methods with Kappa Architecture's real-time data analysis to detect common CAN bus attacks. This study entails the development and evaluation of supervised models, which are further enhanced using ensemble techniques. The accuracy, precision, recall, and F1 score are used to measure the scheme's effectiveness. The stacking ensemble technique outperformed individual supervised models and other ensembles with accuracy, precision, recall, and F1 of 0.985, 0.987, and 0.985, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ansam Khraisat,Iqbal Gondal,Peter Vamplew,Joarder Kamruzzaman,Ammar Alazab

DOI: https://doi.org/10.3390/electronics9010173

IF: 2.9

2020-01-17

Electronics

Abstract:Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.

engineering, electrical & electronic,computer science, information systems,physics, applied

DOI: https://doi.org/10.52866/ijcsm.2022.02.01.008

2022-03-18

Iraqi Journal for Computer Science and Mathematics

Abstract:The need for network intrusion detection systems (NIDS) to protect against different attacks grows as the scale of cyber attacks increases. The main areas of cyber attack research are its detection and prevention. Traditional machine learning (ML) algorithms with low accuracy are used by the current NIDS, but it is not suitable for newer anonymous cyber attacks. In this paper, an NIDS model with ensemble ML methods, which can detect and prevent different types of attacks compared with traditional ML methods, is proposed. Our specific system detects known attacks and blocks unknown attacks. The selected system uses four different machine learning methods, including data processing techniques for data preprocessing and data labeling. The entire NSL-KDD database is used to evaluate the performance of various ML classifiers based on different parameters. The simulation analysis shows that the developed NIDS system is better than the existing single ML methods. The detection accuracy rate of intrusion detection system (IDS) is increased by the model, which is essential for NIDS.

Jeyavim Sherin R. C.,Parkavi K.

DOI: https://doi.org/10.1049/cmu2.12831

IF: 1.345

2024-09-14

IET Communications

Abstract:Intrusion detection systems (IDS) monitor network activity to detect unusual patterns indicative of security breaches. However, many existing IDS solutions struggle with accurately identifying attacks within packet capture (PCAP) files. To address this limitation, a deep learning‐based dual IDS model is proposed. Utilizing the Cyber Intelligence Centre‐Distributed Denial of Service Attack 2019 dataset, this model begins by extracting features and attributes from PCAP files. Experimental results demonstrate that this model achieves 98.18% accuracy and 98.73% precision in classification tasks, significantly outperforming existing approaches. These findings highlight the effectiveness of the proposed system in enhancing intrusion detection capabilities. The rise of suspicious activities in network communication, driven by increased internet accessibility, necessitates the development of advanced intrusion detection systems (IDS). Existing IDS solutions often exhibit poor performance in detecting suspicious activity and fail to identify various attack types within packet capture (PCAP) files, which monitor network traffic. This paper proposes a deep learning‐based dual IDS model designed to address these issues. The process begins with utilizing the CSE‐CIC‐IDS2019 dataset to extract features from PCAP files. Suspicious activities are detected using the Exponential Geometric‐Gaussian Error Linear Units‐Gated Recurrent Unit (EG‐GELU‐GRU) method. Normal data undergoes further feature extraction and preprocessing through Log ZScore‐Jacosine Density‐Based Spatial Clustering of Applications with Noise (LZ‐JC‐DBSCAN). Feature selection is optimized using the Entropy Pearson R Correlation‐Red Panda optimization algorithm. Suspicious files are flagged, while load balancing is performed on normal data. Attack detection is achieved through word embedding with the Glorot Kaufman‐bidirectional encoder representations from transformers technique and classification via the EG‐GELU‐GRU model. Attacked packets are blocked, and the method is reapplied for attack‐type classification. Experimental results using Python demonstrate the model's superior performance, achieving 98.18% accuracy and 98.73% precision, surpassing existing approaches and significantly enhancing intrusion detection capabilities.

engineering, electrical & electronic

Sura Emanet,Gozde Karatas Baydogmus,Onder Demir

DOI: https://doi.org/10.7717/peerj-cs.1553

2023-09-29

Abstract:Intrusion detection systems (IDSs) analyze internet activities and traffic to detect potential attacks, thereby safeguarding computer systems. In this study, researchers focused on developing an advanced IDS that achieves high accuracy through the application of feature selection and ensemble learning methods. The utilization of the CIC-CSE-IDS2018 dataset for training and testing purposes adds relevance to the study. The study comprised two key stages, each contributing to its significance. In the first stage, the researchers reduced the dataset through strategic feature selection and carefully selected algorithms for ensemble learning. This process optimizes the IDS's performance by selecting the most informative features and leveraging the strengths of different classifiers. In the second stage, the ensemble learning approach was implemented, resulting in a powerful model that combines the benefits of multiple algorithms. The results of the study demonstrate its impact on improving attack detection and reducing detection time. By applying techniques such as Spearman's correlation analysis, recursive feature elimination (RFE), and chi-square test methods, the researchers identified key features that enhance the IDS's performance. Furthermore, the comparison of different classifiers showcased the effectiveness of models such as extra trees, decision trees, and logistic regression. These models not only achieved high accuracy rates but also considered the practical aspect of execution time. The study's overall significance lies in its contribution to advancing IDS capabilities and improving computer security. By adopting an ensemble learning approach and carefully selecting features and classifiers, the researchers created a model that outperforms individual classifier approaches. This model, with its high accuracy rate, further validates the effectiveness of ensemble learning in enhancing IDS performance. The findings of this study have the potential to drive future developments in intrusion detection systems and have a tangible impact on ensuring robust computer security in various domains.

Sepideh Bahadoripour,Ethan MacDonald,Hadis Karimipour

2023-04-04

Abstract:The growing number of cyber-attacks against Industrial Control Systems (ICS) in recent years has elevated security concerns due to the potential catastrophic impact. Considering the complex nature of ICS, detecting a cyber-attack in them is extremely challenging and requires advanced methods that can harness multiple data modalities. This research utilizes network and sensor modality data from ICS processed with a deep multi-modal cyber-attack detection model for ICS. Results using the Secure Water Treatment (SWaT) system show that the proposed model can outperform existing single modality models and recent works in the literature by achieving 0.99 precision, 0.98 recall, and 0.98 f-measure, which shows the effectiveness of using both modalities in a combined model for detecting cyber-attacks.

Cryptography and Security,Machine Learning

Uakomba Mbasuva,Guy-Alain Lusilao Zodi

DOI: https://doi.org/10.1109/imcom53663.2022.9721785

2022-01-03

Abstract:Software Defined Networks (SDN) is gaining popularity in academia and the industry. This is due to SDNs ease of programmability, flexibility and centralized management. These networking features allow network administrators and programmers to easily monitor and control the entire network, at a limited cost. However, because of its centralized architecture, the controller becomes a single point of failure. This vulnerability makes it a target to cyber-attacks, but more specifically to Distributed Denial of Service (DDoS) attacks. The DDoS attack may target the SDN network controller in order to disrupt the entire network, causing network resources unavailable to legitimate users. Hence, in this work, we propose an ensemble Deep Learning (DL) Intrusion Detection System (IDS) to detect DDoS attack traffic in SDNs. Our proposed approach build an ensemble of Convolutional Neural Network (CNN), Deep Neural Network (DNN) and Recurrent Neural Network (RNN) model. To train the model, we use feature selection techniques from the literature and utilized the Canadian Institute for Cybersecurity Intrusion Detection System (CIC-IDS2017) as the evaluation dataset. The performance of the proposed model is compared with existing models, and from the results, it is observed that our proposed ensemble deep learning model performs better than ensemble CNN, ensemble RNN and ensemble voting.

Weicheng Qiu,Yinghua Ma,Xiuzhen Chen,Haiyang Yu,Lixing Chen

DOI: https://doi.org/10.1016/j.cose.2022.102709

IF: 5.105

2022-01-01

Computers & Security

Abstract:Cyber-attacks are becoming increasingly sophisticated, posing greater challenges in accurately detecting intrusions. Failure to prevent intrusions could degrade the credibility of security services. Intrusion Detection System (IDS) is one of the most effective paradigms to identify attack behaviors. This paper proposes a novel hybrid intrusion detection system called DST-IDS. The proposed method employs both packet-based and flow-based intrusion detection techniques and combines them with Dempster-Shafer Theory (DST). DST-IDS has an ensemble-like framework. It takes both traffic flows and their first N packets as inputs; flow-based IDS aims to predict traffic flows and packet-based IDS detects attacks in the corresponding packets; DST is then applied to fuse predictions of flow-based IDS and packet-based IDS to a final detection result. We also design a novel data collection/processing tool in DST-IDS to reduce the data volume required to perform intrusion detection and enable early detection. In addition, DST-IDS is designed to work with heterogeneous data distribution where the distribution of the training dataset can differ from the data distribution during implementation. This property drastically improves the practicality of DST-IDS. We run experiments on public datasets and real networks to evaluate the proposed method. The experimental results show that DST-IDS outperforms state-of-the-art benchmarks in terms of intrusion detection accuracy and detection speed. Particularly, DST-IDS provides real-time detection in real networks and handles well heterogeneous data distribution.

Faten Louati,Farah Barika Ktata,Ikram Amous

DOI: https://doi.org/10.1093/comjnl/bxae008

2024-02-11

The Computer Journal

Abstract:Abstract Ensuring the security of computer networks is of utmost importance, and intrusion detection plays a vital role in safeguarding these systems. Traditional intrusion detection systems (IDSs) often suffer from drawbacks like reliance on outdated rules and centralized architectures, limiting their performance in the face of evolving threats and large-scale data networks. To address these challenges, we present an advanced anomaly detection-based IDS that utilizes a decentralized communicative multi-agent reinforcement learning (MARL). In our approach, multiple reinforcement learning agents collaborate in intrusion detection, effectively mitigating the non-stationarity problem and introducing a specialized secure communication method. We further enhance the learning process by incorporating external knowledge. Our approach is evaluated through extensive experiments conducted on the benchmark NSL Knowledge Discovery and Data Mining dataset. These experiments encompass diverse scenarios, involving varying numbers of agents to prove scalability feature. The results underscore the effectiveness of our method, which surpasses the performance of existing state-of-the-art solutions based on MARL, achieving a high accuracy rate of 97.80%.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Shalvi Dave,Bhushan Trivedi,Jimit Mahadevia

DOI: https://doi.org/10.5121/ijnsa.2013.5208

2013-04-18

Abstract:Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks. In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.

Cryptography and Security

S. Krishnaveni,Thomas M. Chen,Mithileysh Sathiyanarayanan,B. Amutha

DOI: https://doi.org/10.1007/s10586-024-04320-x

2024-03-21

Cluster Computing

Abstract:The rise of digital twin-based operational improvements poses a challenge to protecting industrial cyber-physical systems. It is crucial to safeguard digital twins while disclosing internals, which can create an increased attack surface. However, leveraging digital twins to simulate attacks on physical infrastructure becomes essential for enhancing ICPS cybersecurity resilience. This paper introduces an integrated intelligent defense framework called CyberDefender to study various attacks on digital twin-based ICPS from a four-layer perspective (i.e., digital twin-based industrial cyber-physical systems infrastructure layer, honeynet and software-defined industrial network layer, intelligent security platform layer, and smart industrial application layer). To demonstrate its feasibility, we implemented a proof-of-concept (PoC) solution using open-source tools, including AWS for cloud infrastructure, T-Pot for Honeynet, Mininet for SDN support, ELK tools for data management, and Docker for containerization. This framework utilizes an integrated intelligent approach to enhance intrusion detection and classification capabilities for digital twin-based industrial cyber-physical systems (DT-ICPS). The proposed intrusion detection system (IDS) combines two strategies to improve security. First, we present an innovative approach to identifying essential features using explainable AI and ensemble-based filter feature selection (XAI-EFFS). By using Shapley Additive Explanations (SHAP), we analyze the impact of different variables on predictive outcomes. Secondly, we propose a hybrid GRU-LSTM deep-learning model for detecting and classifying intrusions. We optimize the hyperparameters of the GRU-LSTM model by using a Bayesian optimization algorithm. The proposed method demonstrates excellent performance, outperforming conventional state-of-the-art techniques with an accuracy rate of 98.96%, which is a remarkable improvement. Additionally, it effectively detects zero-day attacks, contributing to digital twin-based ICPS cybersecurity resilience.

computer science, information systems, theory & methods

Saadin Oyucu,Onur Polat,Muammer Türkoğlu,Hüseyin Polat,Ahmet Aksöz,Mehmet Tevfik Ağdaş

DOI: https://doi.org/10.3390/s24010155

2023-12-27

Abstract:Supervisory Control and Data Acquisition (SCADA) systems play a crucial role in overseeing and controlling renewable energy sources like solar, wind, hydro, and geothermal resources. Nevertheless, with the expansion of conventional SCADA network infrastructures, there arise significant challenges in managing and scaling due to increased size, complexity, and device diversity. Using Software Defined Networking (SDN) technology in traditional SCADA network infrastructure offers management, scaling and flexibility benefits. However, as the integration of SDN-based SCADA systems with modern technologies such as the Internet of Things, cloud computing, and big data analytics increases, cybersecurity becomes a major concern for these systems. Therefore, cyber-physical energy systems (CPES) should be considered together with all energy systems. One of the most dangerous types of cyber-attacks against SDN-based SCADA systems is Distributed Denial of Service (DDoS) attacks. DDoS attacks disrupt the management of energy resources, causing service interruptions and increasing operational costs. Therefore, the first step to protect against DDoS attacks in SDN-based SCADA systems is to develop an effective intrusion detection system. This paper proposes a Decision Tree-based Ensemble Learning technique to detect DDoS attacks in SDN-based SCADA systems by accurately distinguishing between normal and DDoS attack traffic. For training and testing the ensemble learning models, normal and DDoS attack traffic data are obtained over a specific simulated experimental network topology. Techniques based on feature selection and hyperparameter tuning are used to optimize the performance of the decision tree ensemble models. Experimental results show that feature selection, combination of different decision tree ensemble models, and hyperparameter tuning can lead to a more accurate machine learning model with better performance detecting DDoS attacks against SDN-based SCADA systems.

Ansam Khraisat,Iqbal Gondal,Peter Vamplew,Joarder Kamruzzaman

DOI: https://doi.org/10.1186/s42400-019-0038-7

2019-07-17

Abstract:Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.

computer science, information systems, interdisciplinary applications, software engineering

Celestine Iwendi,Suleman Khan,Joseph Henry Anajemba,Mohit Mittal,Mamdouh Alenezi,Mamoun Alazab

DOI: https://doi.org/10.3390/s20092559

IF: 3.9

2020-04-30

Sensors

Abstract:The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yi Yang,Hai-Qing Xu,Lei Gao,Y.B. Yuan,Kieran McLaughlin,Sakir Sezer

DOI: https://doi.org/10.1109/TPWRD.2016.2603339

IF: 4.825

2017-01-01

IEEE Transactions on Power Delivery

Abstract:Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications, and logical behaviors to provide a comprehens...