Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Brunel Elvire Bouya-Moko,Edward Kwadwo Boahen,Changda Wang

DOI: https://doi.org/10.3390/electronics11111675

IF: 2.9

2022-05-25

Electronics

Abstract:Strong network connections make the risk of malicious activities emerge faster while dealing with big data. An intrusion detection system (IDS) can be utilized for alerting suitable entities when hazardous actions are occurring. Most of the techniques used to classify intrusions lack the techniques executed with big data. This paper devised an optimization-driven deep learning technique for detecting the intrusion using the Spark model. The input data is fed to the data partitioning phase wherein the partitioning of data is done using the proposed fuzzy local information and Bhattacharya-based C-means (FLIBCM). The proposed FLIBCM was devised by combining Bhattacharya distance and fuzzy local information C-Means (FLICM). The feature selection was achieved with classwise info gained to select imperative features. The data augmentation was done with oversampling to make it apposite for further processing. The detection of intrusion was done using a deep Maxout network (DMN), which was trained using the proposed student psychology water cycle caviar (SPWCC) obtained by combining the water cycle algorithm (WCA), the conditional autoregressive value at risk by regression quantiles (CAViaR), and the student psychology-based optimization algorithm (SPBO). The proposed SPWCC-based DMN offered enhanced performance with the highest accuracy of 97.6%, sensitivity of 98%, and specificity of 97%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Mohd. Rehan Ghazi,N. S. Raghava

DOI: https://doi.org/10.3934/era.2024060

2024-01-01

Electronic Research Archive

Abstract:With the use of cloud computing, which provides the infrastructure necessary for the efficient delivery of smart city services to every citizen over the internet, intelligent systems may be readily integrated into smart cities and communicate with one another. Any smart system at home, in a car, or in the workplace can be remotely controlled and directed by the individual at any time. Continuous cloud service availability is becoming a critical subscriber requirement within smart cities. However, these cost-cutting measures and service improvements will make smart city cloud networks more vulnerable and at risk. The primary function of Intrusion Detection Systems (IDS) has gotten increasingly challenging due to the enormous proliferation of data created in cloud networks of smart cities. To alleviate these concerns, we provide a framework for automatic, reliable, and uninterrupted cloud availability of services for the network data security of intelligent connected devices. This framework enables IDS to defend against security threats and to provide services that meet the users' Quality of Service (QoS) expectations. This study's intrusion detection solution for cloud network data from smart cities employed Spark and Waikato Environment for Knowledge Analysis (WEKA). WEKA and Spark are linked and made scalable and distributed. The Hadoop Distributed File System (HDFS) storage advantages are combined with WEKA's Knowledge flow for processing cloud network data for smart cities. Utilizing HDFS components, WEKA's machine learning algorithms receive cloud network data from smart cities. This research utilizes the wrapper-based Feature Selection (FS) approach for IDS, employing both the Pigeon Inspired Optimizer (PIO) and the Particle Swarm Optimization (PSO). For classifying the cloud network traffic of smart cities, the tree-based Stacking Ensemble Method (SEM) of J48, Random Forest (RF), and eXtreme Gradient Boosting (XGBoost) are applied. Performance evaluations of our system were conducted using the UNSW-NB15 and NSL-KDD datasets. Our technique is superior to previous works in terms of sensitivity, specificity, precision, false positive rate (FPR), accuracy, F1 Score, and Matthews correlation coefficient (MCC).

mathematics

Mohamed Abushwereb,Mouhammd Alkasassbeh,Mohammad Almseidin,Muhannad Mustafa

DOI: https://doi.org/10.48550/arXiv.2203.04347

2022-02-21

Abstract:The internet has caused tremendous changes since its appearance in the 1980s, and now, the Internet of Things (IoT) seems to be doing the same. The potential of IoT has made it the center of attention for many people, but, where some see an opportunity to contribute, others may see IoT networks as a target to be exploited. The high number of IoT devices makes them the perfect setup for staging denial-of-service attacks (DoS) that can have devastating consequences. This renders the need for cybersecurity measures such as intrusion detection systems (IDSs) evident. The aim of this paper is to build an IDS using the big data platform, Apache Spark. Apache Spark was used along with its ML library (MLlib) and the BoT-IoT dataset. The IDS was then tested and evaluated based on F-Measure (f1), as was the standard when evaluating imbalanced data. Two rounds of tests were performed, a partial dataset for minimizing bias, and the full BoT-IoT dataset for exploring big data and ML capabilities in a security setting. For the partial dataset, the Random Forest algorithm had the highest performance for binary classification at an average f1 measure of 99.7%, as well as 99.6% for main category classification, and an 88.5% f1 measure for sub category classification. As for the complete dataset, the Decision Tree algorithm scored the highest f1 measures for all conducted tests; 97.9% for binary classification, 79% for main category classification, and 77% for sub category classification.

Cryptography and Security,Networking and Internet Architecture

Mr. Abdul Khadar A,Modem Tharun Kumar,Sharath K N,Sukesh V N,Tejaswini K N

DOI: https://doi.org/10.48175/ijarsct-5052

2022-06-23

Abstract:In imbalanced network traffic, malicious cyber-attacks can often hide in large amounts of normal data. It exhibits a high degree of stealth and obfuscation in cyberspace, making it difficult for Network Intrusion Detection System (NIDS) to ensure the accuracy and timeliness of detection. This paper researches machine learning and deep learning for intrusion detection in imbalanced network traffic. It proposes a novel Difficult Set Sampling Technique (DSSTE) algorithm to tackle the class imbalance problem. First, use the Edited Nearest Neighbor (ENN) algorithm to divide the imbalanced training set into the difficult set and the easy set. Next, use the K- Means algorithm to compress the majority samples in the difficult set to reduce the majority. Zoom in and out the minority samples’ continuous attributes in the difficult set synthesize new samples to increase the minority number. Finally, the easy set, the compressed set of majority in the difficult, and the minority in the difficult set are combined with its augmentation samples to make up a new training set. The algorithm reduces the imbalance of the original training set and provides targeted data augment for the minority class that needs to learn. It enables the classifier to learn the differences in the training stage better and improve classification performance. To verify the proposed method, we conduct experiments on the classic intrusion dataset NSL-KDD. We use classical classification models: random forest(RF), Support Vector Machine (SVM), XGBoost, Long and Short- term Memory (LSTM), Adaboost, AlexNet, Mini- VGGNet.

Mahdieh Maazalahi,Soodeh Hosseini

DOI: https://doi.org/10.1007/s10586-024-04510-7

2024-05-08

Cluster Computing

Abstract:In this research paper, we propose a two-stage hybrid approach that uses machine learning techniques and meta-heuristic algorithms. The first step, known as data preparation, involves converting string values to numeric format and subsequently normalizing the data. To increase the performance beyond the limitations of traditional methods, we use population-based meta-heuristic algorithms, namely Atom Search Optimization (ASO) and Equilibrium Optimization (EO), for feature selection, aiming to achieve global optimization. The second step, called attack detection, focuses on distinguishing normal traffic from malicious traffic. To improve the performance of this step, we use K-means clustering and firefly algorithm (FA). In addition, an elitism method is randomly integrated. The resulting approach is called ASO-EO-FA-K-means. We evaluate the performance of our proposed method using two datasets, namely NSL-KDD, UNSW_NB15, and KDD_CUP99. To establish a benchmark, we compare our method with other approaches including Particles Swarm Optimization (PSO), Genetic, Grey Wolf Optimization (GWO), Ant colony optimization (ACO), Harris Hawk Optimization (HHO), NSGA-2, Multi-objective PSO, Multi-objective GWO, learning vector quantization (LVQ), XGBoost, particle swarm optimization based on C4.5 (PSO-C4.5) and genetic algorithm based on multilayer perceptron (GA-MLP)) we compare. The evaluation results show that the proposed method achieves the highest accuracy and the lowest error rate in three datasets NSL-KDD and UNSW_NB15 KDD-CUP99 with accuracy values of 0.998, 0.995 and 0.995, respectively. In addition, our method shows superior efficiency in terms of computation time. In general, our research shows the effectiveness of the ASO-EO-FA-K-means method in intrusion detection and provides better accuracy and efficiency compared to alternative approaches. In all three data sets, the results have shown that NSL-KDD data set with MSE 0.012, accuracy value 0.998 has obtained better results than other data sets.

computer science, information systems, theory & methods

Fazila Malik,Qazi Waqas Waqas Khan,Atif Rizwan,Rana Alnashwan,Ghada Atteia

DOI: https://doi.org/10.3390/math12121799

IF: 2.4

2024-06-10

Mathematics

Abstract:Intrusion Detection Systems (IDSs) play a crucial role in safeguarding network infrastructures from cyber threats and ensuring the integrity of highly sensitive data. Conventional IDS technologies, although successful in achieving high levels of accuracy, frequently encounter substantial model bias. This bias is primarily caused by imbalances in the data and the lack of relevance of certain features. This study aims to tackle these challenges by proposing an advanced machine learning (ML) based IDS that minimizes misclassification errors and corrects model bias. As a result, the predictive accuracy and generalizability of the IDS are significantly improved. The proposed system employs advanced feature selection techniques, such as Recursive Feature Elimination (RFE), sequential feature selection (SFS), and statistical feature selection, to refine the input feature set and minimize the impact of non-predictive attributes. In addition, this work incorporates data resampling methods such as Synthetic Minority Oversampling Technique and Edited Nearest Neighbor (SMOTE_ENN), Adaptive Synthetic Sampling (ADASYN), and Synthetic Minority Oversampling Technique–Tomek Links (SMOTE_Tomek) to address class imbalance and improve the accuracy of the model. The experimental results indicate that our proposed model, especially when utilizing the random forest (RF) algorithm, surpasses existing models regarding accuracy, precision, recall, and F Score across different data resampling methods. Using the ADASYN resampling method, the RF model achieves an accuracy of 99.9985% for botnet attacks and 99.9777% for Man-in-the-Middle (MITM) attacks, demonstrating the effectiveness of our approach in dealing with imbalanced data distributions. This research not only improves the abilities of IDS to identify botnet and MITM attacks but also provides a scalable and efficient solution that can be used in other areas where data imbalance is a recurring problem. This work has implications beyond IDS, offering valuable insights into using ML techniques in complex real-world scenarios.

mathematics

Ramin Atefinia,Mahmood Ahmadi

DOI: https://doi.org/10.22108/jcs.2022.131400.1085

2022-12-10

Abstract:The increase in the use of the Internet and web services and the advent of the fifth generation of cellular network technology (5G) along with ever-growing Internet of Things (IoT) data traffic will grow global internet usage. To ensure the security of future networks, machine learning-based intrusion detection and prevention systems (IDPS) must be implemented to detect new attacks, and big data parallel processing tools can be used to handle a huge collection of training data in these systems. In this paper Apache Spark, a general-purpose and fast cluster computing platform is used for processing and training a large volume of network traffic feature data. In this work, the most important features of the CSE-CIC-IDS2018 dataset are used for constructing machine learning models and then the most popular machine learning approaches, namely Logistic Regression, Support Vector Machine (SVM), three different Decision Tree Classifiers, and Naive Bayes algorithm are used to train the model using up to eight number of worker nodes. Our Spark cluster contains seven machines acting as worker nodes and one machine is configured as both a master and a worker. We use the CSE-CIC-IDS2018 dataset to evaluate the overall performance of these algorithms on Botnet attacks and distributed hyperparameter tuning is used to find the best single decision tree parameters. We have achieved up to 100% accuracy using selected features by the learning method in our experiments

Networking and Internet Architecture

Haipeng Yao,Qiyi Wang,Luyao Wang,Peiying Zhang,Maozhen Li,Yunjie Liu

DOI: https://doi.org/10.1007/s10766-017-0537-7

2017-01-01

International Journal of Parallel Programming

Abstract:With the dramatic opening-up of network, network security becomes a severe social problem with the rapid development of network technology. Intrusion Detection System (IDS) is an innovative and proactive network security technology, which becomes a hot topic in both industry and academia in recent years. There are four main characteristics of intrusion data that affect the performance of IDS including multicomponent, data imbalance, time-varying and unknown attacks. We propose a novel IDS framework called HMLD to address these issues, which is an exquisite designed framework based on Hybrid Multi-Level Data Mining. In this paper, we use KDDCUP99 dataset to evaluate the performance of HMLD. The experimental results show that HMLD can reach 96.70% accuracy which is nearly 1% higher than the recent proposed optimal algorithm SVM+ELM+Modified K-Means. In details, HMLD greatly increased the detection accuracy of DoS attacks and R2L attacks.

Mouhammd Alkasassbeh

DOI: https://doi.org/10.48550/arXiv.1712.09623

2017-12-28

Abstract:Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

Networking and Internet Architecture,Cryptography and Security,Machine Learning

Md Tahmid Rahman Laskar,Jimmy Huang,Vladan Smetana,Chris Stewart,Kees Pouw,Aijun An,Stephen Chan,Lei Liu

DOI: https://doi.org/10.48550/arXiv.2104.13190

2021-04-27

Cryptography and Security

Abstract:Industrial Information Technology (IT) infrastructures are often vulnerable to cyberattacks. To ensure security to the computer systems in an industrial environment, it is required to build effective intrusion detection systems to monitor the cyber-physical systems (e.g., computer networks) in the industry for malicious activities. This paper aims to build such intrusion detection systems to protect the computer networks from cyberattacks. More specifically, we propose a novel unsupervised machine learning approach that combines the K-Means algorithm with the Isolation Forest for anomaly detection in industrial big data scenarios. Since our objective is to build the intrusion detection system for the big data scenario in the industrial domain, we utilize the Apache Spark framework to implement our proposed model which was trained in large network traffic data (about 123 million instances of network traffic) stored in Elasticsearch. Moreover, we evaluate our proposed model on the live streaming data and find that our proposed system can be used for real-time anomaly detection in the industrial setup. In addition, we address different challenges that we face while training our model on large datasets and explicitly describe how these issues were resolved. Based on our empirical evaluation in different use-cases for anomaly detection in real-world network traffic data, we observe that our proposed system is effective to detect anomalies in big data scenarios. Finally, we evaluate our proposed model on several academic datasets to compare with other models and find that it provides comparable performance with other state-of-the-art approaches.

Sudhanshu Sekhar Tripathy,Bichitrananda Behera

2023-10-01

Abstract:The escalation of hazards to safety and hijacking of digital networks are among the strongest perilous difficulties that must be addressed in the present day. Numerous safety procedures were set up to track and recognize any illicit activity on the network's infrastructure. IDS are the best way to resist and recognize intrusions on internet connections and digital technologies. To classify network traffic as normal or anomalous, Machine Learning (ML) classifiers are increasingly utilized. An IDS with machine learning increases the accuracy with which security attacks are detected. This paper focuses on intrusion detection systems (IDSs) analysis using ML techniques. IDSs utilizing ML techniques are efficient and precise at identifying network assaults. In data with large dimensional spaces, however, the efficacy of these systems degrades. correspondingly, the case is essential to execute a feasible feature removal technique capable of getting rid of characteristics that have little effect on the classification process. In this paper, we analyze the KDD CUP-'99' intrusion detection dataset used for training and validating ML models. Then, we implement ML classifiers such as Logistic Regression, Decision Tree, K-Nearest Neighbour, Naive Bayes, Bernoulli Naive Bayes, Multinomial Naive Bayes, XG-Boost Classifier, Ada-Boost, Random Forest, SVM, Rocchio classifier, Ridge, Passive-Aggressive classifier, ANN besides Perceptron (PPN), the optimal classifiers are determined by comparing the results of Stochastic Gradient Descent and back-propagation neural networks for IDS, Conventional categorization indicators, such as "accuracy, precision, recall, and the f1-measure, have been used to evaluate the performance of the ML classification algorithms.

Cryptography and Security

Satyanarayana Gunupusala,Shahu Chatrapathi Kaila

DOI: https://doi.org/10.37256/cm.5220243723

2024-06-19

Contemporary Mathematics

Abstract:Computer networks rely on Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) to ensure the security, reliability, and availability of an organization. In recent years, various approaches were developed and implemented to create effective IDSs and IPSs. This paper specifically focuses on IDSs that utilize Machine Learning (ML) techniques for improved accuracy. ML-based IDSs have verified to be successful in discovering network attacks. However, their performance tends to decline when dealing with high-dimensional data spaces. It is essential to develop a suitable feature extraction strategy that could identify and remove irrelevant features that do not significantly classification process to address this issue. Additionally, many ML-based IDSs exhibit high false positive rates and poor detection accuracy when trained on unbalanced datasets. In this study, we analyze the UNSW-NB15 IDS, which will serve as the training and testing data for our models. In order to reduce the feature space and improve the efficiency of our analysis, we leverage a filter-based feature reduction method utilizing the Pearson correlation coefficient algorithm. By identifying and selecting only the most relevant features, we are able to streamline our dataset and focus on the variables that have the highest impact on our analysis. This approach not only reduces computational complexity but also improves the interpretability of our results by eliminating unnecessary noise from the data. After applying the feature reduction technique, we proceed to implement a range of machine learning methods to perform our classification task. These include well-known algorithms such as Stacking, Extra Trees, Multi-Layer Perceptron, XGBoost, K-Nearest Neighbors, Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and Decision Tree. By employing a diverse set of algorithms, we are able to explore different modeling approaches and evaluate their effectiveness in accurately classifying the various types of assaults. In order to assess the performance of our classification models, we utilize a range of specialized evaluation metrics such as Root Mean Square Error (RMSE), Mean Absolute Error (MAE), R2-Score, Mean Squared Error (MSE), Precision, F1-Score, Recall, and Accuracy. These metrics provide us with a comprehensive understanding of how well our models are performing across different dimensions, including the accuracy of predictions, the level of precision in classifying different assault types, and the overall goodness-of-fit of our models. By considering multiple evaluation metrics, we are able to gain a more nuanced understanding of the strengths and weaknesses of each algorithm and make informed decisions about their suitability for our classification task. These metrics deliver a complete evaluation of the classifiers’ effectiveness in detecting community intrusions.

Anil V Turukmane,Ramkumar Devendiran

DOI: https://doi.org/10.1016/j.cose.2023.103587

IF: 5.105

2024-02-01

Computers & Security

Abstract:The intrusions are increasing daily, so there is a huge amount of privacy violations, financial loss, illegal transferring of information, etc. Various forms of intrusion occur in networks, such as menacing networks, computer resources and network information. Each type of intrusion focuses on specified tasks, whereas the hackers may focus on stealing confidential data, industrial secrets and personal information, which is then leaked to others for illegal gains. Due to the false detection of attacks in the security and changing environmental fields, limitations like data lagging on actual attacks and sustaining financial harms occur. To resolve this, automatic abnormality detection systems are required to secure the required computing ability and to analyze the attacks. Hence, an efficient automated intrusion detection system using machine learning methodology is proposed in this research paper. Initially, the data are gathered from CSE-CIC-IDS 2018 and UNSW-NB15 datasets. The acquired data are pre-processed using Null value handling and Min-Max normalization. Null value handling is used to remove missing values and irrelevant parameters. Min-Max normalization adjusted the unnormalized data in the pre-processing stage. After pre-processing, the class imbalance problem is reduced by using the Advanced Synthetic Minority Oversampling Technique (ASmoT). ASmoT aims to balance the class and reduce imbalance class problems and overfitting issues. The next phase is feature extraction, which is performed by Modified Singular Value Decomposition (M-SvD). M-SvD extracts essential features such as basic features, content features and traffic features from the input. The extracted features are optimized by the Opposition-based Northern Goshawk Optimization algorithm (ONgO). These optimal features are able to produce optimal output. After feature selection, the different types of attacks are classified by a hybrid machine learning model called Mud Ring assisted multilayer support vector machine (M-MultiSVM) and finally, the hyperparameters are tuned by the Mud Ring optimization algorithm. Thus, the proposed M-MultiSVM model can efficiently detect intrusion in the network. The performance metrics show that the proposed system achieved 99.89 % accuracy by using the CSE-CIC-IDS 2018 dataset; also, the proposed system achieved 97.535 % accuracy by using the UNSW-NB15 dataset.

computer science, information systems

Suad Mohammed Othman,Fadl Mutaher Ba-Alwi,Nabeel T. Alsohybe,Amal Y. Al-Hashida

DOI: https://doi.org/10.1186/s40537-018-0145-4

2018-09-24

Journal Of Big Data

Abstract:Recently, the huge amounts of data and its incremental increase have changed the importance of information security and data analysis systems for Big Data. Intrusion detection system (IDS) is a system that monitors and analyzes data to detect any intrusion in the system or network. High volume, variety and high speed of data generated in the network have made the data analysis process to detect attacks by traditional techniques very difficult. Big Data techniques are used in IDS to deal with Big Data for accurate and efficient data analysis process. This paper introduced Spark-Chi-SVM model for intrusion detection. In this model, we have used ChiSqSelector for feature selection, and built an intrusion detection model by using support vector machine (SVM) classifier on Apache Spark Big Data platform. We used KDD99 to train and test the model. In the experiment, we introduced a comparison between Chi-SVM classifier and Chi-Logistic Regression classifier. The results of the experiment showed that Spark-Chi-SVM model has high performance, reduces the training time and is efficient for Big Data.

P. G. V. Suresh Kumar,Shaheda Akthar

DOI: https://doi.org/10.1007/978-981-16-1866-6_28

2021-07-23

Abstract:Computer security is a significant issue in the present networking conditions. These days, with the improvement of Web advances administrations on the planet, the gatecrashers have been expanded promptly. Consequently, the need for an intrusion detection system (IDS) framework in the security of the organization field keeps interlopers from approaching the data. IDS is a gadget or programming application that screens the organization or framework for malevolent action or strategy infringement and sends caution to framework and managers at a legitimate time. IDS screens both inbound and outbound traffics and is used to recognize potential interruptions. In this article, IDSs are assembled utilizing machine learning (ML) methods. IDSs dependent on ML techniques are viable and exact in identifying network assaults. In any case, the presentation of these frameworks diminishes for high-dimensional information spaces. It is necessary to perform a fitting component extraction strategy that can prune a portion of the highlights that does not have an incredible effect in the characterization cycle. Feature choice is expected to choose the ideal subset of highlights that delivers to the whole dataset to expand the precision and the characterization execution of IDS. In this work, the UNSW-NB15 interruption discovery dataset is examined to prepare and test the models. Additionally, a covering-based element is applied to decrease the strategy by utilizing the SVM-RFE calculation for IDS to choose the best subset of highlights. At that point, the two ML approaches are executed to utilize the diminished component space such as decision tree and support vector machine (SVM). The outcomes exhibited that the support vector machine RFE-based component determination strategy takes into consideration techniques; for example, the decision tree is build to test the exactness from 98.89 to 99.99% for the twofold order plot. The investigation results affirmed the adequacy of the proposed feature determination strategy in improving organization IDS.

Arun Kumar Ramamoorthy,K. Karuppasamy

DOI: https://doi.org/10.1007/s11277-024-11396-6

IF: 2.017

2024-07-20

Wireless Personal Communications

Abstract:Intrusion Detection Model (IDM) is an essential device for network defence in current trend. Malicious users analyse the vulnerabilities of IDSs to capture unauthorized access. Furthermore, intrusion detection encompasses numerous numerical attributes and models, resulting in elevated detection errors and triggering false alarms. Hence, optimal computational intelligence shall be incorporated in IDM to achieve high detection rate and less number of false alarms. Considering the same, a new hybrid IDM framework is developed as the combination of Fuzzy Genetic Algorithm with Multi-Objective Particle Swarm Optimization that maximizes the detection accuracy, minimizes the false alarms and takes less computational complexity which will be explained first phase. The existing IDSs are constraint to the information trained incur into false positives based on user continuity for normal activity. The objective of this proposal is to extract optimal classification rules automatically from training data that helps to identify types of attacks correctly including the unknown attack types. For achieving this goal, Multi-Objective Particle Swarm Optimization (MOPSO) is used as classifier to enhance the identification of the rare attack classes within the IDM. The effectiveness of this method lies in its capacity to leverage information within an unfamiliar search space, guiding subsequent searches towards valuable subspaces. It provides better separability of various classes' i.e. normal behaviour and false alarms. In this FGA-MOPSO model, Principal Component Analysis (PCA) serves as the feature selection technique employed to identify pertinent features within the dataset, thereby enhancing the classifier's performance and Fuzzy Genetic Algorithm (FGA) is used to create new population for training the classifier with the help of three operations namely selection, crossover and mutation that helps to practice more patterns in training phase and to obtain better understanding of the proposed classifier. The simulation will illustrate that the system is competent to speed-up the training and testing process of intrusions detection is important for network applications.Please confirm if the author names are presented accurately and in the correct sequence (given name, middle name/initial, family name). Author 1 Given name: [Arun Kumar] Last name [Ramamoorthy]. Also, kindly confirm the details in the metadata are correct.Checked and Verified for Author 1. In Author 2 name, Given Name was [K.] and last name was[Karuppasamy], But its is just the opposite. Given Name is [Karuppasamy] and Last Name is [K.]. I have edited it.

telecommunications

Chao Liu,Zhaojun Gu,Jialiang Wang

DOI: https://doi.org/10.1109/access.2021.3082147

IF: 3.9

2021-01-01

IEEE Access

Abstract:Digital assets have come under various network security threats in the digital age. As a kind of security equipment to protect digital assets, intrusion detection system (IDS) is less efficient if the alert is not timely and IDS is useless if the accuracy cannot meet the requirements. Therefore, an intrusion detection model that combines machine learning with deep learning is proposed in this paper. The model uses the k-means and the random forest (RF) algorithms for the binary classification, and distributed computing of these algorithms is implemented on the Spark platform to quickly classify normal events and attack events. Then, by using the convolutional neural network (CNN), long short-term memory (LSTM), and other deep learning algorithms, the events judged as abnormal are further classified into different attack types finally. At this stage, adaptive synthetic sampling (ADASYN) is adopted to solve the unbalanced dataset. The NSL-KDD and CIS-IDS2017 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed model has better TPR for most of attack events, faster data preprocessing speed, and potentially less training time. In particular, the accuracy of multi-target classification can reach as high as 85.24% in the NSL-KDD dataset and 99.91% in the CIC-IDS2017 dataset.

computer science, information systems,telecommunications,engineering, electrical & electronic

Die Zhang,Zhen Zhang

DOI: https://doi.org/10.1109/EIECC60864.2023.10456717

2023-12-22

Abstract:Network abnormal traffic intrusion detection technology is an important research field of network security today. Hybrid intrusion detection technology overcomes the shortcomings of single detection and retains their advantages, achieving high detection rate and high accuracy, so it is widely used in existing network abnormal traffic detection. However, the optimization of the high false alarm rate of anomaly detection in existing hybrid intrusion detection is imperfect, resulting in a large room for improvement in the detection accuracy of hybrid intrusion detection. In response to the above problems, this paper proposes a hybrid intrusion detection method based on Cluster Marking-k-means. By adding a classifier to the anomaly-based detection module, the detection results are secondary classified to reduce False alarm rate, thus improving the overall detection accuracy of the method. The experiment uses NSL-KDD and CICIDS2017 datasets to verify the effectiveness of the method. The results show that the method proposed in this article improves the average F1 score by 1.19% compared to the comparative method.

Computer Science