Na Xing,Shuai Zhao,Yuehai Wang,Keqing Ning,Xiufeng Liu

DOI: https://doi.org/10.14569/ijacsa.2023.0140743

2023-01-01

Abstract:recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

Shi-Wen Chen,Jiang-xing Wu,Xiao-long Ye,Tong Guo

DOI: https://doi.org/10.4304/jnw.8.4.858-865

2013-01-01

Abstract:In order to detect distributed denial of service (DDoS) attacks accurately and efficiently, a new detection model based on conditional random fields (CRF) was proposed. The CRF based model incorporates the signature-based and anomaly-based detection methods to a hybrid system. The selected features include source IP entropy, destination IP entropy, source port entropy, destination port entropy, protocol number and etc. The CRF based model combines these IP flow entropies and other fingerprints into a normalize entropy as the feature vectors to depict the states of the monitoring traffic. The training method of the detection model uses the L-BFGS algorithm. And the model only needs to inspect the IP header fields of each packet, which makes it possible for real-time implementation even on real time network traffic. The CRF based model may have the ability to detect new form of forthcoming attacks, because it is independent from any specific DDoS flooding attack tools. The experiment results show that the CRF based method has higher detection accuracy and sensitivity as well as lower false positive alarms. Experiment with KDD CUP1999, DARPA 2000 and generated attack datasets, the CRF based model outperforms other well-known detection methods such as Naive Bayes, KNN, SVM and etc. The accuracy goes beyond 95.0% and the false alarm rate is less than 5.0%. Meanwhile, the CRF based model is robust under massive background network traffic.

Panigrahi, Ranjit,Garg, Amik,Bhoi, Akash Kumar

DOI: https://doi.org/10.1007/s44196-023-00205-w

IF: 2.259

2023-03-13

International Journal of Computational Intelligence Systems

Abstract:Intrusion detection ( ID ) methods are security frameworks designed to safeguard network information systems. The strength of an intrusion detection method is dependent on the robustness of the feature selection method. This study developed a multi-level random forest algorithm for intrusion detection using a fuzzy inference system. The strengths of the filter and wrapper approaches are combined in this work to create a more advanced multi-level feature selection technique, which strengthens network security. The first stage of the multi-level feature selection is the filter method using a correlation-based feature selection to select essential features based on the multi-collinearity in the data. The correlation-based feature selection used a genetic search method to choose the best features from the feature set. The genetic search algorithm assesses the merits of each attribute, which then delivers the characteristics with the highest fitness values for selection. A rule assessment has also been used to determine whether two feature subsets have the same fitness value, which ultimately returns the feature subset with the fewest features. The second stage is a wrapper method based on the sequential forward selection method to further select top features based on the accuracy of the baseline classifier. The selected top features serve as input into the random forest algorithm for detecting intrusions. Finally, fuzzy logic was used to classify intrusions as either normal, low, medium, or high to reduce misclassification. When the developed intrusion method was compared to other existing models using the same dataset, the results revealed a higher accuracy, precision, sensitivity, specificity, and F1-score of 99.46%, 99.46%, 99.46%, 93.86%, and 99.46%, respectively. The classification of attacks using the fuzzy inference system also indicates that the developed method can correctly classify attacks with reduced misclassification. The use of a multi-level feature selection method to leverage the advantages of filter and wrapper feature selection methods and fuzzy logic for intrusion classification makes this study unique.

computer science, artificial intelligence, interdisciplinary applications

CHEN Shiwen,WU Jiangxing,HUANG Wanwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.1302-0182

2013-01-01

Abstract:The traditional detection methods for DDoS attacks have low accuracy and high false alarms rate because those means are only based on one of such flow features as burst feature,dispersed source IP address,asymmetry flow and etc.This paper uses conditional random field to integrate many pattern match rules for DDoS attack detection.The feature vector includes one way connection density,source IP entropy,destination IP entropy,destination port entropy and protocol entropy.The simulation results show that the proposed method outperforms other well-known methods such as na ve Bayes and SVM.The detection accuracy rate reaches 99.82% and the false alarm rate is less than 0.6%.The method is robustness under strong interference traffic noise.

Al Mehedi Hasan d.,Nasser Mohammed,Ahmad Shamim,Islam Molla Khademul,Md. Al Mehedi Hasan,Mohammed Nasser,Shamim Ahmad,Khademul Islam Molla

DOI: https://doi.org/10.4236/jis.2016.73009

2016-01-01

Journal of Information Security

Abstract:An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.

English Else

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Ramani K,Chandrakala N

DOI: https://doi.org/10.1007/s11042-024-18170-7

IF: 2.577

2024-02-23

Multimedia Tools and Applications

Abstract:In the era of advanced cyber developments, intrusions becomes a common event in any network. Although there are research studies and developers found ways to improve the detection models, there is some problem that persists in the intrusion models such as extracting key features from a large dataset, and delayed detection is a critical issue that needs to be addressed. Hence the proposed study aimed to develop a model that could extract key features from the dataset and use them effectively in the detection of threats. The study incorporates two approaches, one is feature extraction by the K-Nearest Neighbourhood, and feature selection by the K-Best approach. And the other is the balanced Gini-Entropy approach for the Random Forest (RF) classifier. This combined approach by KNN, K-best, and RF is referred to as (KK-RF). This combined approach of feature extraction, selection, and classification results in an effective threat detection model with high accuracy of about 99.61%. Moreover the proposed model has achieved precision and the recall rates of 97.3 and 96.6% respectively. Concurrently, the model attained markable F1-score of 96.6 respectively. Also, from the comparison results, it is observed that the proposed model had higher performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

M. Niranjanamurthy,B. K. Nirupama

DOI: https://doi.org/10.1109/ACCAI53970.2022.9752578

2022-01-28

Abstract:With the growth in technology and increase in the usage of the same, we have seen that how Network Intrusion Detection has emerged and have also became a most important aspect in the area of research. The Intrusion Detection System broadly classifies the attack as normal or hostile attack based on the activities of the users. An Intrusion Detection System deals with Traffic data of networks. It is non-linear and can deal with complicated problems. In the past researches, many Intrusion Detection system was proposed with different accuracy levels. Even though there is no model that can precisely detect or predict an attack. Therefore, it is important to develop a robust and effective Intrusion Detection Model. In this paper a Network Intrusion Detection System is developed using Decision Tree and Random Forest classifier. These techniques give us a better accuracy and performs pretty well when compared with some other traditional classifier for classifications of attack effectively. The NSL-KDD dataset have been used to conduct our experiments and evaluate the performance of our model. The final results shows that our proposed method is efficient enough to give a low false alarm rate and high detection rate.

Engineering,Computer Science

Mostaque Md. Morshedur Hassan

DOI: https://doi.org/10.48550/arXiv.1304.3535

2013-04-12

Cryptography and Security

Abstract:Nowadays Intrusion Detection System (IDS) which is increasingly a key element of system security is used to identify the malicious activities in a computer system or network. There are different approaches being employed in intrusion detection systems, but unluckily each of the technique so far is not entirely ideal. The prediction process may produce false alarms in many anomaly based intrusion detection systems. With the concept of fuzzy logic, the false alarm rate in establishing intrusive activities can be reduced. A set of efficient fuzzy rules can be used to define the normal and abnormal behaviors in a computer network. Therefore some strategy is needed for best promising security to monitor the anomalous behavior in computer network. In this paper I present a few research papers regarding the foundations of intrusion detection systems, the methodologies and good fuzzy classifiers using genetic algorithm which are the focus of current development efforts and the solution of the problem of Intrusion Detection System to offer a realworld view of intrusion detection. Ultimately, a discussion of the upcoming technologies and various methodologies which promise to improve the capability of computer systems to detect intrusions is offered.

Chunying Zhang,Wenjie Wang,Lu Liu,Jing Ren,Liya Wang

DOI: https://doi.org/10.3390/math10234460

IF: 2.4

2022-01-01

Mathematics

Abstract:Network intrusion detection has the problems of large amounts of data, numerous attributes, and different levels of importance for each attribute in detection. However, in random forests, the detection results have large deviations due to the random selection of attributes. Therefore, aiming at the current problems, considering increasing the probability of essential features being selected, a network intrusion detection model based on three-way selected random forest (IDTSRF) is proposed, which integrates three decision branches and random forest. Firstly, according to the characteristics of attributes, it is proposed to evaluate the importance of attributes by combining decision boundary entropy, and using three decision rules to divide attributes; secondly, to keep the randomness of attributes, three attribute random selection rules based on attribute randomness are established, and a certain number of attributes are randomly selected from three candidate fields according to conditions; finally, the training sample set is formed by using autonomous sampling method to select samples and combining three randomly selected attribute sets randomly, and multiple decision trees are trained to form a random forest. The experimental results show that the model has high precision and recall.

GUO Shan-Qing,GAO Cong,YAO Jian,XIE Li

DOI: https://doi.org/10.1360/jos161490

2005-01-01

Journal of Software

Abstract:Coupled with the explosion of number of the network-oriented applications, Intrusion Detection as an increasingly popular area is attracting more and more research efforts. Although a number of algorithms have already been presented to tackle this problem, they are unable to achieve balanced detection performance for different types of intrusion and cannot respond as quickly as expected. Employing random forests algorithm (RFA)in intrusion detection, this paper devises an improved variation - IRFA and presents an IRFA based model for intrusion detection in information exchanged through network connections. The feasibility in balanced detection and the effectiveness of this approach are verified by experiments based on DARPA data sets.

ZengRi Zeng,Wei Peng,Detian Zeng,Chong Zeng,YiFan Chen

DOI: https://doi.org/10.1016/j.jisa.2022.103124

IF: 4.96

2022-03-01

Journal of Information Security and Applications

Abstract:Among network security issues, distributed denial of service (DDoS) attacks are particularly harmful to a network. Several previous machine learning (ML)-based network intrusion detection approaches have been developed to protect against DDoS attacks. However, existing ML detection approaches diagnose the causality between attacks and traffic features based mainly on purely associative features. Causal reasoning shows that this inability to disentangle correlation from causation can result in diagnostic errors. To solve this problem, this paper proposes a framework of DDoS detection based on causal reasoning to solve the problem of false associations. This framework consists of two main parts: feature selection based on "do-operations" and attack detection by counterfactual diagnosis. First, the noise features that are falsely associated with DDoS attacks are deleted during the "do-operations". Then, the expected number of anomaly features under different DDoS attack types is calculated in the counterfactual situations. The larger the expected value that is calculated for a certain attack, the more likely it is that the anomaly features of the testing data are caused by this attack. The experiments show that the causality between DDoS attacks and the anomaly features can be fully described by our method, which, compared to other classic ML associative methods, increases the detection accuracy by approximately 5% on average.

computer science, information systems

T. Tulasi Bhavani,M. Kameswara Rao,A. Manohar Reddy

DOI: https://doi.org/10.1007/978-981-15-0029-9_50

2019-11-02

Abstract:In the network communications, network interruption is the most vital concern these days. The expanding event of the system assaults is a staggering issue for system administrations. Different research works are now directed to locate a successful and productive answer for forestall interruption in the system so as to guarantee to arrange security and protection. Machine learning is a successful investigation device to identify any irregular occasions happened in the system traffic stream. In this paper, a mix of the decision tree and random forest algorithms is proposed to order any strange conduct in the system traffic.

Rakesh Kumar Mahendran,Santhosh Rajendran,Prakash Pandian,Rajkumar Singh Rathore,Francesco Benedetto,Rutvij H. Jhaveri

DOI: https://doi.org/10.1109/access.2024.3363420

IF: 3.9

2024-02-20

IEEE Access

Abstract:Today's Internet of Vehicles (IoV) has soared by leveraging data gathered from transportation systems, yet it grapples with security concerns stemming from network vulnerabilities, exposing it to cyber threats. This study proposes an innovative method to anticipate anomalies and exploit IoV services related to road traffic. Using the Unceasement Conditional Random Field Dynamic Bayesian Network Model (U-CRF-DDBN), this approach predicts the impact of network attacks, strategically managing vulnerable nodes and attackers. Through experimentation and comparisons with existing methods, our model demonstrates its effectiveness in mitigating IoV vulnerabilities. The U-CRF-DDBN strikes a superior balance, outperforming other approaches in intrusion detection for Internet of Vehicles systems. Evaluating its performance on the NSL-KDD dataset reveals a promising average Detection Rate of 93.512% and a low False Acceptance Rate of 0.125% for known attacks, highlighting its robustness. However, with unknown attacks, while the Detection Rate remains at 74.157%, there is an increased FAR of 16.47%, resulting in a slightly lower F1-score of 0.822.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sugandh Seth,Kuljit Kaur Chahal,Gurvinder Singh

DOI: https://doi.org/10.1093/comjnl/bxae023

2024-03-03

The Computer Journal

Abstract:Abstract Static machine and deep learning algorithms are commonly used in intrusion detection systems (IDSs). However, their effectiveness is constrained by the evolving data distribution and the obsolescence of the static data sources used for model training. Consequently, static classifiers lose efficacy, necessitating expensive model retraining with time. The aim is to develop a dynamic and adaptable IDS that mitigates the limitations of static models, ensuring real-time threat detection and reducing the need for frequent, resource-intensive model retraining. This research proposes an approach that amalgamates the adaptive random forest (ARF) classifier with Hoeffding’s bounds and a moving average test for the early and accurate detection of network intrusions. The ARF can adapt in real time to shifting network conditions and evolving attack patterns, constantly refining its intrusion detection capabilities. Furthermore, the inclusion of Hoeffding’s bounds and the moving average test adds a dimension of statistical rigor to the system, facilitating the timely recognition of concept drift and distinguishing benign network variations from potential intrusions. The synergy of these techniques results in reduced false positives and false negatives, thereby enhancing the overall detection rate. The proposed method delivers outstanding results, with 99.95% accuracy and an impressive 99.96% recall rate on the latest CIC-IDS 2018 dataset, outperforming the results of existing approaches.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Haipeng Yao,Qiyi Wang,Luyao Wang,Peiying Zhang,Maozhen Li,Yunjie Liu

DOI: https://doi.org/10.1007/s10766-017-0537-7

2017-01-01

International Journal of Parallel Programming

Abstract:With the dramatic opening-up of network, network security becomes a severe social problem with the rapid development of network technology. Intrusion Detection System (IDS) is an innovative and proactive network security technology, which becomes a hot topic in both industry and academia in recent years. There are four main characteristics of intrusion data that affect the performance of IDS including multicomponent, data imbalance, time-varying and unknown attacks. We propose a novel IDS framework called HMLD to address these issues, which is an exquisite designed framework based on Hybrid Multi-Level Data Mining. In this paper, we use KDDCUP99 dataset to evaluate the performance of HMLD. The experimental results show that HMLD can reach 96.70% accuracy which is nearly 1% higher than the recent proposed optimal algorithm SVM+ELM+Modified K-Means. In details, HMLD greatly increased the detection accuracy of DoS attacks and R2L attacks.

Yichun Peng,Yi Niu,Qiwei Hu

DOI: https://doi.org/10.1109/CIS.2012.128

2012-01-01

Abstract:As an active and dynamic security-defense technique, intrusion detection can detect the interior and exterior attacks, and it plays an important role in assuring the network security. A radial basis function (RBF) neural network learning algorithm based on immune recognition algorithm which based on the clonal selection principle recognition principle was studied. In the algorithm, the input data was regarded as antigens, and antibodies are regarded as the hidden layer centers. The weights of the output layer are determined by adopting the Recursive least square method, which can improve convergence speed and precision of the RBF neural network. This algorithm was applied to Intrusion Detection Systems. Theory and experiment show that this algorithm has better ability in intrusion detection, and can be used to improve the efficiency of intrusion detection, reduce the false alarm rate.

Sugata Sanyal,Manoj Rameshchandra Thakur

DOI: https://doi.org/10.48550/arXiv.1205.4457

2012-05-20

Cryptography and Security

Abstract:A number of works in the field of intrusion detection have been based on Artificial Immune System and Soft Computing. Artificial Immune System based approaches attempt to leverage the adaptability, error tolerance, self- monitoring and distributed nature of Human Immune Systems. Whereas Soft Computing based approaches are instrumental in developing fuzzy rule based systems for detecting intrusions. They are computationally intensive and apply machine learning (both supervised and unsupervised) techniques to detect intrusions in a given system. A combination of these two approaches could provide significant advantages for intrusion detection. In this paper we attempt to leverage the adaptability of Artificial Immune System and the computation intensive nature of Soft Computing to develop a system that can effectively detect intrusions in a given network.

Arshad Hashmi,Omar M Barukab,Ahmad Hamza Osman

DOI: https://doi.org/10.1371/journal.pone.0302294

IF: 3.7

2024-05-23

PLoS ONE

Abstract:Due to the recent advances in the Internet and communication technologies, network systems and data have evolved rapidly. The emergence of new attacks jeopardizes network security and make it really challenging to detect intrusions. Multiple network attacks by an intruder are unavoidable. Our research targets the critical issue of class imbalance in intrusion detection, a reflection of the real-world scenario where legitimate network activities significantly out number malicious ones. This imbalance can adversely affect the learning process of predictive models, often resulting in high false-negative rates, a major concern in Intrusion Detection Systems (IDS). By focusing on datasets with this imbalance, we aim to develop and refine advanced algorithms and techniques, such as anomaly detection, cost-sensitive learning, and oversampling methods, to effectively handle such disparities. The primary goal is to create models that are highly sensitive to intrusions while minimizing false alarms, an essential aspect of effective IDS. This approach is not only practical for real-world applications but also enhances the theoretical understanding of managing class imbalance in machine learning. Our research, by addressing these significant challenges, is positioned to make substantial contributions to cybersecurity, providing valuable insights and applicable solutions in the fight against digital threats and ensuring robustness and relevance in IDS development. An intrusion detection system (IDS) checks network traffic for security, availability, and being non-shared. Despite the efforts of many researchers, contemporary IDSs still need to further improve detection accuracy, reduce false alarms, and detect new intrusions. The mean convolutional layer (MCL), feature-weighted attention (FWA) learning, a bidirectional long short-term memory (BILSTM) network, and the random forest algorithm are all parts of our unique hybrid model called MCL-FWA-BILSTM. The CNN-MCL layer for feature extraction receives data after preprocessing. After convolution, pooling, and flattening phases, feature vectors are obtained. The BI-LSTM and self-attention feature weights are used in the suggested method to mitigate the effects of class imbalance. The attention layer and the BI-LSTM features are concatenated to create mapped features before feeding them to the random forest algorithm for classification. Our methodology and model performance were validated using NSL-KDD and UNSW-NB-15, two widely available IDS datasets. The suggested model's accuracies on binary and multi-class classification tasks using the NSL-KDD dataset are 99.67% and 99.88%, respectively. The model's binary and multi-class classification accuracies on the UNSW-NB15 dataset are 99.56% and 99.45%, respectively. Further, we compared the suggested approach with other previous machine learning and deep learning models and found it to outperform them in detection rate, FPR, and F-score. For both binary and multiclass classifications, the proposed method reduces false positives while increasing the number of true positives. The model proficiently identifies diverse network intrusions on computer networks and accomplishes its intended purpose. The suggested model will be helpful in a variety of network security research fields and applications.

Emmanuel. C. Uwazie,M. Olalere,Perpetua N. Achi,A. Obiniyi

DOI: https://doi.org/10.1109/SEB4SDG60871.2024.10629939

2024-04-02

Abstract:Earlier classification investigations identified Random Forest (RF), k-Nearest Neighbor (kNN), and Support Vector Machine (SVM) as leading nonparametric classifiers capable of achieving high accuracies. Nonetheless, there has been limited research comparing the performances of these classifiers across various standard intrusion detection datasets. In this research, the performances of the RF, KNN, and SVM classifiers are examined and compared when they are used for intrusion detection on various standard intrusion detection datasets. For each of the algorithms, parameter tunings produced various accuracies on each of the datasets. The parameter with the highest accuracy for each algorithm is compared with its counterpart in other algorithms on the same dataset. The experimental results show that the KNN Intrusion Detection System outperformed other approaches on all the datasets, with accuracies of 0.999928556, 0.996921593 and 0.971580496 on NSL-KDD, CICIDS2017 and CICIDS2018 datasets, respectively. Consequently, the obtained results of KNN present better performances in terms of precision, recall and f1-score on the various network traffic classes when compared to the other algorithms. As shown in this research, the high performances of these machine learning algorithms show that they can be deployed in the field for intrusion detection.

Computer Science