Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Panigrahi, Ranjit,Garg, Amik,Bhoi, Akash Kumar

DOI: https://doi.org/10.1007/s44196-023-00205-w

IF: 2.259

2023-03-13

International Journal of Computational Intelligence Systems

Abstract:Intrusion detection ( ID ) methods are security frameworks designed to safeguard network information systems. The strength of an intrusion detection method is dependent on the robustness of the feature selection method. This study developed a multi-level random forest algorithm for intrusion detection using a fuzzy inference system. The strengths of the filter and wrapper approaches are combined in this work to create a more advanced multi-level feature selection technique, which strengthens network security. The first stage of the multi-level feature selection is the filter method using a correlation-based feature selection to select essential features based on the multi-collinearity in the data. The correlation-based feature selection used a genetic search method to choose the best features from the feature set. The genetic search algorithm assesses the merits of each attribute, which then delivers the characteristics with the highest fitness values for selection. A rule assessment has also been used to determine whether two feature subsets have the same fitness value, which ultimately returns the feature subset with the fewest features. The second stage is a wrapper method based on the sequential forward selection method to further select top features based on the accuracy of the baseline classifier. The selected top features serve as input into the random forest algorithm for detecting intrusions. Finally, fuzzy logic was used to classify intrusions as either normal, low, medium, or high to reduce misclassification. When the developed intrusion method was compared to other existing models using the same dataset, the results revealed a higher accuracy, precision, sensitivity, specificity, and F1-score of 99.46%, 99.46%, 99.46%, 93.86%, and 99.46%, respectively. The classification of attacks using the fuzzy inference system also indicates that the developed method can correctly classify attacks with reduced misclassification. The use of a multi-level feature selection method to leverage the advantages of filter and wrapper feature selection methods and fuzzy logic for intrusion classification makes this study unique.

computer science, artificial intelligence, interdisciplinary applications

M. Niranjanamurthy,B. K. Nirupama

DOI: https://doi.org/10.1109/ACCAI53970.2022.9752578

2022-01-28

Abstract:With the growth in technology and increase in the usage of the same, we have seen that how Network Intrusion Detection has emerged and have also became a most important aspect in the area of research. The Intrusion Detection System broadly classifies the attack as normal or hostile attack based on the activities of the users. An Intrusion Detection System deals with Traffic data of networks. It is non-linear and can deal with complicated problems. In the past researches, many Intrusion Detection system was proposed with different accuracy levels. Even though there is no model that can precisely detect or predict an attack. Therefore, it is important to develop a robust and effective Intrusion Detection Model. In this paper a Network Intrusion Detection System is developed using Decision Tree and Random Forest classifier. These techniques give us a better accuracy and performs pretty well when compared with some other traditional classifier for classifications of attack effectively. The NSL-KDD dataset have been used to conduct our experiments and evaluate the performance of our model. The final results shows that our proposed method is efficient enough to give a low false alarm rate and high detection rate.

Engineering,Computer Science

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Seshu Bhavani Mallampati,Hari Seetha

DOI: https://doi.org/10.1142/s0219649223500661

2023-11-22

Journal of Information & Knowledge Management

Abstract:Journal of Information &Knowledge Management, Ahead of Print. With advances in computer network technology, the Internet has become an integral part of our daily lives. It goes without saying that providing security to network data is crucial. To this effect, the intrusion detection system (IDS) is vital for defending networks against cyberattacks. However, the high dimensionality of data is a significant issue that impacts categorisation accuracy. Therefore, we proposed a novel integrated feature extraction method called PC-UDAE that uses principal component analysis (PCA) and Unsupervised Deep Autoencoder (UDAE) to extract linear and nonlinear relationships. Also, to address the class imbalance, synthetic minority class samples are generated using the combination of Synthetic Minority Over Sampling Technique and Edited Nearest Neighbour (SMOTE-ENN). Finally, the extracted features are trained by using supervised machine learning models like Random Forest (RF), Extreme Gradient Boosting Machine (XGBM), Decision Tree (DT), Light Gradient Boosting Machine (LGBM), Extra Tree (ET), Support Vector Machine (SVM), AdaBoost (AB), and K-Nearest Neighbour (KNN) with the original imbalanced and balanced data. We analysed our suggested model using UNSW-NB 15, NSL-KDD, Ton-IoT data sets and obtained 98.85%, 99.59%, and 99.97% accuracy, respectively. Our experimental findings show that our proposed method outperformed all other competing methods.

Al Mehedi Hasan d.,Nasser Mohammed,Ahmad Shamim,Islam Molla Khademul,Md. Al Mehedi Hasan,Mohammed Nasser,Shamim Ahmad,Khademul Islam Molla

DOI: https://doi.org/10.4236/jis.2016.73009

2016-01-01

Journal of Information Security

Abstract:An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.

English Else

Mr. Abdul Khadar A,Modem Tharun Kumar,Sharath K N,Sukesh V N,Tejaswini K N

DOI: https://doi.org/10.48175/ijarsct-5052

2022-06-23

Abstract:In imbalanced network traffic, malicious cyber-attacks can often hide in large amounts of normal data. It exhibits a high degree of stealth and obfuscation in cyberspace, making it difficult for Network Intrusion Detection System (NIDS) to ensure the accuracy and timeliness of detection. This paper researches machine learning and deep learning for intrusion detection in imbalanced network traffic. It proposes a novel Difficult Set Sampling Technique (DSSTE) algorithm to tackle the class imbalance problem. First, use the Edited Nearest Neighbor (ENN) algorithm to divide the imbalanced training set into the difficult set and the easy set. Next, use the K- Means algorithm to compress the majority samples in the difficult set to reduce the majority. Zoom in and out the minority samples’ continuous attributes in the difficult set synthesize new samples to increase the minority number. Finally, the easy set, the compressed set of majority in the difficult, and the minority in the difficult set are combined with its augmentation samples to make up a new training set. The algorithm reduces the imbalance of the original training set and provides targeted data augment for the minority class that needs to learn. It enables the classifier to learn the differences in the training stage better and improve classification performance. To verify the proposed method, we conduct experiments on the classic intrusion dataset NSL-KDD. We use classical classification models: random forest(RF), Support Vector Machine (SVM), XGBoost, Long and Short- term Memory (LSTM), Adaboost, AlexNet, Mini- VGGNet.

Guezzaz, Azidine

DOI: https://doi.org/10.1007/s11042-023-14795-2

IF: 2.577

2023-02-19

Multimedia Tools and Applications

Abstract:The Internet of Things (IoT) interconnects billions of sensors and actuators to serve a meaningful purpose. However, it is always vulnerable to various menaces. Thus, IoT security represents a big concern in the research field. Various tools were developed to mitigate these security issues. So, Intrusion detection systems (IDS) have gained much attention in the research community due to their critical role in maintaining network security. In this work, we integrate a network IDS (NIDS) to enhance IoT security. This paper presents a network intrusion detection model for IoT environments using a K-Nearest Neighbors (K-NN) classifier and feature selection. We built the NIDS using the K-NN algorithm to improve the IDS accuracy (ACC) and detection rate (DR). Furthermore, the principal component analysis (PCA), univariate statistical test, and genetic algorithm (GA) are used for feature selection separately to improve the data quality and select the ten best performing features. The performance evaluation of our model is performed on the Bot-IoT dataset. After applying the feature selection, the models have shown promising results regarding ACC, DR, false alarm rate (FAR), and predicting time. Our proposed model provided 99.99% ACC and maintained its superior performance for the ten selected features. Furthermore, we calculated the prediction time, as we consider it critical in building IDS for IoT, and by applying feature selection, we reduced it significantly from 51,182.22 s to under a minute. This novel model presents many advantages and reliable performances compared with previous models relying on the same dataset.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Suguna Marappan,Bhavadharini Murugeshan,C. U. Om Kumar,V. Mercy Rajaselvi Beaulah

DOI: https://doi.org/10.1007/s11277-022-10155-9

IF: 2.017

2022-12-25

Wireless Personal Communications

Abstract:In communication and information technology, the Internet of Things (IoT) creates an enormous amount of data traffic that permits data analysis to expose and detect unusual network load and hidden trends. There are different existing DL (Deep Learning) classification methods applied for IDM (Intrusion Detection Model) detection, but it has some limitations, such as being difficult for security and more complex. In order to overcome these problems, the proposed work used the DL based RK.CNN-MMBO (Recurrent Kernel Convolution Neural Network-Modified Monarch Butterfly Optimization) model to identify the attacks in the network. In the pre-processing stage, the data are pre-processed by min_max normalization. After pre-processing, the optimal features are selected by the IBRO (Improved Battle Royale Optimization) algorithm. Then the selected features are classified using the DL classifier RKCNN (Recurrent kernel convolutional neural network). Moreover, MMBO (Modified Monarch Butterfly Optimization) improves the classifier's performance in attack detection. The proposed work used two different types of datasets for experimental validation, N-BaIoT and CICIDS-2017. The proposed IDM classification using the N-BaIoT dataset with the RKCNN-MMBO model attains the accuracy of (99.96%), and the CICIDS-2017 dataset with the RKCNN-MMBO model obtains the accuracy value of (99.95%). The proposed RKCNN-MMBO classifier model obtained higher accuracy in the detection of IDM than other methods.

telecommunications

V. Bhavya Lahari,T. Amrutha,S.N.B. Tanuja Reddy,P. Deepika Leela,Y. Venkata Narayana

DOI: https://doi.org/10.36713/epra14771

2023-11-01

EPRA International Journal of Research & Development (IJRD)

Abstract:In the rapidly evolving digital landscape, ensuring the security of computer systems and networks has become a paramount concern. Traditional methods often struggle to keep pace with the increasing complexity and diversity of cyber threats. In the context of cybersecurity and network analysis, the crucial tools for identifying and responding to unauthorized access, malicious activities, and potential threats within a network or system cannot take place. The significance of intrusion detection is underscored by the escalating frequency and sophistication of cyberattacks that can lead to data breaches, service disruptions, and financial losses. The XGBoost algorithms ability to handle complex, imbalanced datasets and its exceptional performance in various domains make it a promising candidate for improving intrusion detection accuracy. To evaluate the efficacy of the XGBoost algorithm, extensive experiments are conducted using the KDDCup99 dataset. This dataset represents diverse network traffic scenarios and intrusion types, providing a comprehensive evaluation environment. The Random Forest algorithm, known for its robustness in handling classification tasks, is selected as a baseline for comparison. The performance of the XGBoost algorithm is assessed using multiple performance metrics, including accuracy, precision, recall, F1-score. The outcomes highlight the potential advantages of utilizing XGBoost for intrusion detection. KEYWORDS: Cybersecurity, Network Analysis, Intrusion Detection, XGBoost Algorithm, Random Forest Algorithm, KDDCup99 Dataset.

Raisa Abedin Disha,Sajjad Waheed

DOI: https://doi.org/10.1186/s42400-021-00103-8

2022-01-04

Abstract:Abstract To protect the network, resources, and sensitive data, the intrusion detection system (IDS) has become a fundamental component of organizations that prevents cybercriminal activities. Several approaches have been introduced and implemented to thwart malicious activities so far. Due to the effectiveness of machine learning (ML) methods, the proposed approach applied several ML models for the intrusion detection system. In order to evaluate the performance of models, UNSW-NB 15 and Network TON_IoT datasets were used for offline analysis. Both datasets are comparatively newer than the NSL-KDD dataset to represent modern-day attacks. However, the performance analysis was carried out by training and testing the Decision Tree (DT), Gradient Boosting Tree (GBT), Multilayer Perceptron (MLP), AdaBoost, Long-Short Term Memory (LSTM), and Gated Recurrent Unit (GRU) for the binary classification task. As the performance of IDS deteriorates with a high dimensional feature vector, an optimum set of features was selected through a Gini Impurity-based Weighted Random Forest (GIWRF) model as the embedded feature selection technique. This technique employed Gini impurity as the splitting criterion of trees and adjusted the weights for two different classes of the imbalanced data to make the learning algorithm understand the class distribution. Based upon the importance score, 20 features were selected from UNSW-NB 15 and 10 features from the Network TON_IoT dataset. The experimental result revealed that DT performed well with the feature selection technique than other trained models of this experiment. Moreover, the proposed GIWRF-DT outperformed other existing methods surveyed in the literature in terms of the F1 score.

computer science, information systems, interdisciplinary applications, software engineering

Bhushan Deore,Surendra Bhosale

DOI: https://doi.org/10.1007/s42979-021-00991-0

2021-12-30

SN Computer Science

Abstract:Due to the increase in the use of the internet all over the world for business and education activates, cybercrime is increasing day by day in spite of the development of security protocols and algorithms. Recent research is based on the intrusion detection system. We attempt to develop is a secure protocol to detect malicious data, along with actual data, in the incoming data traffic. An intrusion detection system based on a recurrent neural network (RNN) classifier for feature reduction. Failure in intrusion detection apparatus results in a series of negatives ranging from loss of confidential data and thereof reducing reliability for the end-user. Hence, detection systems play an important role in the service end user. In the proposed work, an intelligent system is developed based on machine learning techniques specifically RNN wherein, a novel algorithm is developed for combining a correlation and information gain, feature reduction is achieved. A feed-forward neural network is then fed these reduced features for testing and training on the NSL-KDD dataset. Normally, pre-processing of the dataset is carried out before the training phase. It helps us to regularize instances of each class in the dataset. Attack and non-attack classes are formed which helps us to implement this developed algorithm for giving the best results in terms of Feature ranking. Our algorithms reduced the number of features, which in turn reduced in preprocessing time of extracting features related to information gain and correlation in the dataset.

Ankit Rajeshkumar Kharwar,Devendra V. Thakor

DOI: https://doi.org/10.4018/ijisp.2022010113

2022-01-01

International Journal of Information Security and Privacy

Abstract:The number of attacks increased with speedy development in web communication in the last couple of years. The Anomaly Detection method for IDS has become substantial in detecting novel attacks in Intrusion Detection System (IDS). Achieving high accuracy are the significant challenges in designing an intrusion detection system. It also emphasizes applying different feature selection techniques to identify the most suitable feature subset. The author uses Extremely randomized trees (Extra-Tree) for feature importance. The author tries multiple thresholds on the feature importance parameters to find the best features. If single classifiers use, then the classifier's output is wrong, so that the final decision may be wrong. So The author uses an Extra-Tree classifier applied to the best-selected features. The proposed method is estimated on standard datasets KDD CUP'99, NSL-KDD, and UNSW-NB15. The experimental results show that the proposed approach performs better than existing methods in detection rate, false alarm rate, and accuracy.

Ibrahim Hayatu Hassan,Mohammed Abdullahi,Mansur Masama Aliyu,Sahabi Ali Yusuf,Abdulrazaq Abdulrahim

DOI: https://doi.org/10.1016/j.iswa.2022.200114

2022-10-28

Intelligent Systems with Applications

Abstract:The growth within the Internet and communications areas have led to a massive surge in the dimension of network and data. Consequently, several new threats are being created and have posed difficulties for security networks to correctly discover intrusions. Intrusion Detection System (IDs) is one amongst the foremost essential events for security arrangements in network environments, and it is commonly applied to spot, track, and detect malevolent threats. Detecting intruders using metaheuristics and machine learning methodologies in recent trend offers improved discovery rate. Therefore, this paper presented an intrusion detection model using an improved Binary Manta Ray Foraging (BMRF) Optimization Algorithm based on adaptive S-shape function and Random Forest (RF) classifier. The BMFR is envisioned to identify the most relevant features and remove redundant and irrelevant ones from the intrusion detection datasets. Furthermore, the RF is used for feature evaluation and to build the intrusion detection model. The proposed method was validated and compared with other methods using two IDs benchmark datasets, which include NSL-KDD and CIC-IDS2017 datasets. The result indicates that the presented model selected 38 features with 99.6% precision, 94.3% recall, 96.9% f-measure, and 99.3% accuracy for the CIC-IDS2017 dataset. Moreover, for the NSL-KDD dataset, the presented model selected 22 features with 96.8%, 96.2%, 96.5%, and 98.8% for precision, recall, F-measure, and accuracy. In addition, a statistical significance test reveals a significance difference between the presented model and the compared methods in terms of F-measure.

Swapnil Mane,Vaibhav Khatavkar,Niranjan Gijare,Pranav Bhendawade

2023-04-04

Abstract:An Intrusion detection system (IDS) is essential for avoiding malicious activity. Mostly, IDS will be improved by machine learning approaches, but the model efficiency is degrading because of more headers (or features) present in the packet (each record). The proposed model extracts practical features using Non-negative matrix factorization and chi-square analysis. The more number of features increases the exponential time and risk of overfitting the model. Using both techniques, the proposed model makes a hierarchical approach that will reduce the features quadratic error and noise. The proposed model is implemented on three publicly available datasets, which gives significant improvement. According to recent research, the proposed model has improved performance by 4.66% and 0.39% with respective NSL-KDD and CICD 2017.

Cryptography and Security

Sumedha Seniaray,Rajni Jindal

DOI: https://doi.org/10.1007/s11277-024-11602-5

IF: 2.017

2024-10-05

Wireless Personal Communications

Abstract:Data and information, being a critical part of the Internet, are vital to network security. Intrusion Detection System (IDS) is required to preserve confidentiality, data integrity, and system availability from attacks. IDS collects network data from various places that may contain features that are redundant and irrelevant, leading to an increase in processing time and low detection rate. This study proposes a three-phase network-based IDS to counter this issue. Initially, network data is captured and preprocessed. In the second phase, we perform feature extraction, selection, and ranking to obtain the optimal feature set. A novel Dynamic Mutual Information-based Genetic Algorithm for feature selection (DMI-GA), aiming to enhance the performance of machine learning (ML) techniques by identifying an optimal set of features, is also proposed in this work. Finally, well-known ML models are employed to detect intrusions within this refined set of network traffic features. Experimental results demonstrate a significant improvement in detection accuracy when the ML models are trained and tested on an optimal set of features. It is also observed that DMI-GA combined with the Random Forest classifier, achieves the highest detection accuracy of 99.94%, surpassing the performance of existing state-of-the-art anomaly-based network intrusion detection systems. A comprehensive statistical analysis of these ML methods is also conducted using 10-fold and Leave-One-Out cross-validation strategies, as it mitigates overfitting and offers a thorough evaluation of the model's performance, resulting in an average accuracy of 99.91%.

telecommunications

Emmanuel. C. Uwazie,M. Olalere,Perpetua N. Achi,A. Obiniyi

DOI: https://doi.org/10.1109/SEB4SDG60871.2024.10629939

2024-04-02

Abstract:Earlier classification investigations identified Random Forest (RF), k-Nearest Neighbor (kNN), and Support Vector Machine (SVM) as leading nonparametric classifiers capable of achieving high accuracies. Nonetheless, there has been limited research comparing the performances of these classifiers across various standard intrusion detection datasets. In this research, the performances of the RF, KNN, and SVM classifiers are examined and compared when they are used for intrusion detection on various standard intrusion detection datasets. For each of the algorithms, parameter tunings produced various accuracies on each of the datasets. The parameter with the highest accuracy for each algorithm is compared with its counterpart in other algorithms on the same dataset. The experimental results show that the KNN Intrusion Detection System outperformed other approaches on all the datasets, with accuracies of 0.999928556, 0.996921593 and 0.971580496 on NSL-KDD, CICIDS2017 and CICIDS2018 datasets, respectively. Consequently, the obtained results of KNN present better performances in terms of precision, recall and f1-score on the various network traffic classes when compared to the other algorithms. As shown in this research, the high performances of these machine learning algorithms show that they can be deployed in the field for intrusion detection.

Computer Science

Sridevi Subbiah,Kalaiarasi Sonai Muthu Anbananthen,Saranya Thangaraj,Subarmaniam Kannan,Deisy Chelliah

DOI: https://doi.org/10.23919/jcn.2022.000002

2022-01-01

Journal of Communications and Networks

Abstract:Attacks in wireless sensor networks (WSNs) aim to prevent or eradicate the network's ability to perform its anticipated functions. Intrusion detection is a defense used in wireless sensor networks that can detect unknown attacks. Due to the incredible development in computer-related applications and massive Internet usage, it is indispensable to provide host and network security. The development of hacking technology tries to compromise computer security through intrusion. Intrusion detection system (IDS) was employed with the help of machine learning (ML) Algorithms to detect intrusions in the network. Classic ML algorithms like support vector machine (SVM), K-nearest neighbour (KNN), and filter-based feature selection often led to poor accuracy and misclassification of intrusions. This article proposes a novel framework for IDS that can be enabled by Boruta feature selection with grid search random forest (BFS-GSRF) algorithm to overcome these issues. The performance of BFS-GSRF is compared with ML algorithms like linear discriminant analysis (LDA) and classification and regression tree (CART) etc. The proposed work was implemented and tested on network security laboratory — knowledge on discovery dataset (NSL-KDD). The experimental results show that the proposed model BFS-GSRF yields higher accuracy (i.e., 99%) in detecting attacks, and it is superior to LDA, CART, and other existing algorithms.

computer science, information systems,telecommunications

Akinyemi OYELAKIN

DOI: https://doi.org/10.30989/ijds.v2i1.1302

2024-05-29

Abstract:Detection of intrusions from network data with the use of machine learning techniques has gained great attention in the past decades. One of the key problems in the network security domain is the availability of representative datasets for testing and evaluation purposes. Despite several efforts by researchers to release datasets that can be used for benchmarking attack detection models, some of the released datasets still suffer from one limitation or the other. Thus, some researchers at the University of Nevada released a dataset named UNR-IDD dataset which was argued to be free from some of the limitations of the past datasets. This study proposed Tree-based ensemble approaches for building binary intrusion identification models from the UNR-IDD dataset. Decision Tree algorithms are used as base classifiers in the Extra Trees, Random Forest and AdaBoost-based intrusion detection models. The results of the experimental analyses carried out indicated that the three ensembles performed excellently when feature selection was used compared to when all features were applied. For instance, Extra Trees model achieved an accuracy of 0.97, precision of 0.98, recall of 0.98 and f1-score of 0.98. Similarly, Random Forest model achieved an accuracy of 0.98, precision of 0.98, recall of 0.99 and f1-score of 0.98. Adaboost-based model had an accuracy of 0.96, precision of 0.96, recall of 0.99 and f1-score of 0.98. It was deduced that Random Forest intrusion classification model achieved slight overall best results when compared to the other models built. It is concluded that the three homogeneous ensemble models achieved very promising results while feature importance was used as attribute selection method.