Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

耿立中,贾惠波

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2011.04.010

2011-01-01

Abstract:The bottleneck formation of intrusion detection leaning in the network-attached storage（NAS） application was analyzed to increase the NAS security framework efficiency and show that the learning cost of intrusion detection methods shows exponential growth with increasing knowledge and the bottleneck seriously restricts the detection performance,which can be solved using information fusion technologies.A NAS security framework was then designed and implemented by fusing two different intrusion detection methods,the storage based intrusion detection method and the system call based intrusion detection method.The experimental results demonstrate that the framework can more effectively retard intrusion with the overall detection capability increasing by 15%.

Li-zhong Geng,Hui-bo Jia

DOI: https://doi.org/10.1109/IAS.2009.100

2009-01-01

Abstract:Rapid increase of information resources speeds the development of network storage. And security of network storage satisfies the demands of privacy and safety of the information. Data encryption and personal identity authentication which are based on cryptography can protect the storage against non-authorized access, while they are ineffective for malicious authorized users and inherent attacks. Also heavy performances affect the control of storage. This paper demonstrates an efficient intrusion detection system model for network-attached storage based on system calls and improves the Process Homeostasis to realize the implementation. The experimental results demonstrate high detection rate and low false detection rate. The total performance is about 3% additions when the detection system is running normally.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Geng Lizhong,Jia Huibo

DOI: https://doi.org/10.1109/IFITA.2010.242

2010-01-01

Abstract:According to the various and complex intrusions in the network, this paper proposed a new collaborative intrusion detection scheme for Network-Attached Storage (NAS) based on agents. The new scheme utilizes the static agents and mobile agents to collect intrusion alerts which are generated by the single-node Intrusion Detection System. These intrusion alerts can be associated to build scenarios which represent the course and purpose of the hacker attacks. The experimental results demonstrate that the new scheme can protect the network storage devices efficiently with a little extra network traffic.

Guangyang Zeng,Junfeng Wu,Xiufang Shi,Zhiguo Shi

DOI: https://doi.org/10.1109/ALLERTON.2018.8635875

2018-01-01

Abstract:Information fusion brings great advantages in multi-sensor detection systems and has attracted much attention. Regarding decision level fusion, in many existing literatures, the fusion center (FC) gives a global decision via a likelihood ratio (LR) test where the LR function is compared with a constant threshold. Most of these can be viewed as one-stage decision fusion schemes because the FC does not utilize the historical information in a continuous period of time. In this paper, we propose a novel multi-stage decision fusion scheme with feedback from the view of the Neyman-Pearson (N-P) criterion. In the proposed scheme, at each stage, the FC selects one threshold from two alternative values based on the feedback of the previous stage’s global decision to perform the LR test. Then we prove the convergence of the global detection probability and the false alarm probability when the true state of the target remains unchanged. For the decision fusion of two homogeneous sensors, we derive the optimal alternative thresholds under the N-P criterion. Simulation results show that the proposed scheme can effectively improve the performance of target detection.

Chaoqun Yang,Li Feng,Heng Zhang,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/tsipn.2018.2790361

2018-01-01

IEEE Transactions on Signal and Information Processing over Networks

Abstract:Networked radar systems are vulnerable to different types of attacks, including electronic countermeasure (ECM) jamming and false data injection (FDI) attack. Substantial research has concentrated on ECM jamming, which interferes with radar echoes between a radar and targets. However, FDI attack in which an attacker somehow replaces or modifies radars' measurements, has rarely been considered. FDI attack is much stealthier than ECM jamming, making detection more difficult. In this paper, we take the first attempt to investigate the FDI attack's effects on a networked radar system. Further, we propose a novel data fusion algorithm to combat this attack. The proposed algorithm can dramatically reduce the attack's adverse effects, since it creatively introduces data's confidence factors into data fusion and adaptively decreases the fusion weights of the injected data. Numerical results verify the effectiveness of the proposed algorithm.

Feilu Hang,Linjiang Xie,Zhenhong Zhang,Jian Hu

DOI: https://doi.org/10.12694/scpe.v25i4.2862

2024-06-16

Abstract:This paper proposes an adaptive Wedman intrusion detection algorithm (AID-DFS) for data fusion. Firstly, feature extraction of abnormal text detection is carried out using a BI-gated loop (Bi-GRU). Multi-branch convolutional recurrent neural network (CNN-RNN) extracts hierarchical features from abnormal images. The multi-mode dynamic fusion uses the intermodal and intramodal attention mechanisms. In this way, a joint representation of multiple modes is obtained. The visual perception mechanism is used to realize multichannel integration and strengthen the function of original information in multichannel. The experimental results show that the proposed method has 99.6% accuracy and 94.9% accuracy. Compared with other algorithms, the proposed method can improve the performance of the intrusion system by about 10.2%.

李辉,蔡忠闽,韩崇昭,管晓宏

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.09.008

2003-01-01

Abstract:State of the art of the Intrusion Detection technology is investigated and a new IDS inference framework and prototype based on information fusion is proposed. The new framework is to solve the problems of existing IDS——high false positive rate and incapable of detection of coordinated attacks. The prototype employ Bayesian Network to do information fusion and goal-tree to analyze intensions of coordinated attacks and quantify the security risk of system. The prototype is more integral than existing IDS and easier to find coordinated attacks with lower false positive rate.

Gou Jin,Yang Jiangang,Chen Qian

2005-01-01

Abstract:This paper presents a compound intrusion detection model based on a knowledge fusion algorithm. The proposed method suggests a set of related pattern knowledge objects with a well-defined structure, which instructs that pattern knowledge can be used for misuse detection or anomaly detection or both of them. Fusion algorithm is used to fuse original or real time knowledge objects to generate new useful ones and destroy those who may lead to miscar-riage of justice. In contrast with the conventional intrusion detection models, process in the paper combines anomaly and misuse detection so that it eliminates the flaws of a narrow definition for intrusion patterns and extends the known intrusions patterns to novel intrusions patterns. The experimental results show the feasibility of design rationale.

Ambareen Siraj,Rayford B. Vaughn,Susan M. Bridges,A. Siraj,R.B. Vaughn,S.M. Bridges

DOI: https://doi.org/10.1109/hicss.2004.1265658

2004-01-01

Abstract:Most modern intrusion detection systems employ multiple intrusion sensors to maximize their trustworthiness. The overall security view of the multi-sensor intrusion detection system can serve as an aid to appraise the trustworthiness in the system. This paper presents our research effort in that direction by describing a Decision Engine for an Intelligent Intrusion Detection System (IIDS) that fuses information from different intrusion detection sensors using an artificial intelligence technique. The Decision Engine uses Fuzzy Cognitive Maps (FCMs) and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process. In this paper, we report on the workings of the Decision Engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research (CCSR), Mississippi State University.

Rasheed Ahmad,Izzat Alsmadi,Ahmad, Rasheed

DOI: https://doi.org/10.1007/s10586-024-04365-y

2024-03-27

Cluster Computing

Abstract:The increasing frequency and sophistication of cyber-attacks pose significant threats to organizational entities and critical national infrastructure, leading to substantial financial and operational consequences. Detecting such attacks early and accurately remains a complex endeavour, compounded by challenges in intrusion detection system (IDS) design, the exploitation of zero-day attacks, and issues of reliability and resiliency in physical systems. This research addresses these challenges through a two-fold approach: firstly, implementing input data fusion from diverse and heterogeneous sources, and secondly, fusing classifiers from multiple deep learning (DL)-based algorithms. The success of machine learning (ML) and DL models for IDS relies on meticulous data collection and classifier selection. The paper underscores the limitations of relying on single datasets and ML/DL algorithms, emphasizing potential biases and training restrictions. Rigorous experiments were conducted to identify optimal DL architectures, ensuring the creation of models that exhibit robust generalization on new traffic instances, leading to trusted and unbiased results. The study demonstrates the efficacy of the proposed models through comprehensive evaluations and metrics. Results indicate that the fusion of data and classifiers significantly improves model generalization. The paper also outlines key challenges and future trends in data fusion, emphasizing its role in enhancing IDS performance for securing critical infrastructure.

computer science, information systems, theory & methods

Tongxiang Li,Pindi Weng,Bo Chen,Dongping Zhang,Li Yu

DOI: https://doi.org/10.1109/taes.2024.3418932

2024-01-01

Abstract:This paper deals with the problem of secure fusion estimation for multi-sensor systems under false data injection (FDI) attacks, where each sensor node sends a local estimation to the fusion center through the communication network, and each local estimate may be subject to FDI attacks. Firstly, a practical data encryption scheme with low computational complexity is designed in the transmission of local estimation to establish a dynamic relationship between ciphertext, secret key and decryption value. In particular, this dynamic relationship will be changed once FDI attacks occur, which can be used to directly verify whether the local estimation is under attack. Then, an encryption-based attack detection scheme is designed to achieve immediate detection and location of FDI attacks according to the characteristics of data encryption scheme. Furthermore, based on the attack detection results, a secure fusion estimation algorithm is proposed to eliminate the impact of FDI attacks on fusion estimation accuracy. Finally, a simulation example is given to show the effectiveness of the proposed secure fusion estimation algorithm.

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

TAN Min,HU Xiao-long,LIU Lian-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.07.055

2008-01-01

Abstract:In view of the weakness of current intrusion detection system and intrusion analysis method,a distributed fusing multi detection technology intrusion detection system model based on multi-Agent is brought forward.Apart from traditional analysis technology,file integrity analysis method based on mobile agent is added to the analysis Agent too.The model realizes the dist-ribution of intrusion detection,owns good scalability,improves the accuracy of intrusion detection,enhances the intrusion detection system's capability by using multi detection technology.So it can meet extensive security demand of the distributed network envi-ronment.

Wei Liang,Kuan-Ching Li,Jing Long,Xiaoyan Kui,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tii.2019.2946791

IF: 12.3

2020-03-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8, and the FP of detection is decreased by 8.8.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Ahlem Abid,Farah Jemili,Ouajdi Korbaa

DOI: https://doi.org/10.1007/s10586-023-04087-7

2023-06-25

Cluster Computing

Abstract:Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks.

computer science, information systems, theory & methods

Yajing Wang,Juan Ma,Ashutosh Sharma,Pradeep Kumar Singh,Gurjot Singh Gaba,Mehedi Masud,Mohammed Baz

DOI: https://doi.org/10.1155/2021/5558860

IF: 2.336

2021-05-28

Journal of Sensors

Abstract:Intrusion detection is crucial in computer network security issues; therefore, this work is aimed at maximizing network security protection and its improvement by proposing various preventive techniques. Outlier detection and semisupervised clustering algorithms based on shared nearest neighbors are proposed in this work to address intrusion detection by converting it into a problem of mining outliers using the network behavior dataset. The algorithm uses shared nearest neighbors as similarity, judges whether it is an outlier according to the number of nearest neighbors of a data point, and performs semisupervised clustering on the dataset where outliers are deleted. In the process of semisupervised clustering, vast prior knowledge is added, and the dataset is clustered according to the principle of graph segmentation. The novelty of the proposed algorithm lies in outlier detection while effectively avoiding the dependence on parameters, thus eliminating the influence of outliers on clustering. This article uses real datasets: lypmphography and glass for simulation purposes. The simulation results show that the algorithm proposed in this paper can effectively detect outliers and has a good clustering effect. Furthermore, the experimentation reveals that the outlier detection-based SCA-SNN algorithm has the best practical effect on the dataset without outliers, clearly validating the clustering performance of the outlier detection-based SCA-SNN algorithm. Furthermore, compared to the other state-of-the-art anomaly detection method, it was revealed that the anomaly detection technology based on outlier mining does not require a training process. Thus, they overcome the current anomaly detection problems caused due to incomplete normal patterns in training samples.

engineering, electrical & electronic,instruments & instrumentation

Zhiquan Hu,Liejun Wang,Lei Qi,Yongming Li,Wenzhong Yang

DOI: https://doi.org/10.1109/access.2020.3034015

IF: 3.9

2020-01-01

IEEE Access

Abstract:The diversity of network attacks poses severe challenges to intrusion detection systems (IDSs). Traditional attack recognition methods usually adopt mining data associations to identify anomalies, which has the disadvantages of a high false alarm rate (FAR), low recognition accuracy (ACC) and poor generalization ability. To ameliorate the comprehensive capabilities of IDS and strengthen network security, we propose a novel intrusion detection method based on the adaptive synthetic sampling (ADASYN) algorithm and an improved convolutional neural network (CNN). First, we use the ADASYN method to balance the sample distribution, which can effectively prevent the model from being sensitive to large samples and ignore small samples. Second, the improved CNN is based on the split convolution module (SPC-CNN), which can increase the diversity of features and eliminate the impact of interchannel information redundancy on model training. Then, an AS-CNN model mixed with ADASYN and SPC-CNN is used for intrusion detection tasks. Finally, the standard NSL-KDD dataset is selected to test AS-CNN. The simulation illustrates that the accuracy is 4.60% and 2.79% higher than that of the traditional CNN and RNN models, and the detection rate (DR) increased by 11.34% and 10.27%, respectively. Additionally, the FAR decreased by 15.58% and 14.57%, respectively, compared with the two models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ying-Dar Lin,Ze-Yu Wang,Po-Ching Lin,Van-Linh Nguyen,Ren-Hung Hwang,Yuan-Cheng Lai

DOI: https://doi.org/10.1016/j.jisa.2022.103248

IF: 4.96

2022-08-01

Journal of Information Security and Applications

Abstract:This work compares the performance of different combinations of data sources for intrusion detection in depth. To learn and distinguish between normal and malicious behavior, we use machine learning algorithms and train three typical models on three kinds of datasets: system logs, packet flows and host statistics. Unlike other studies, our study captures and monitors the behavior from multiple data sources in order to catch security attacks. Our aim is to figure out how to build the most effective dataset for machine learning with a combination of multiple sources. However, since there are no such datasets which have been generated from multiple sources for given attacks, we show how to build and generate a dataset with three data sources. We then compare the F1 score of the detection by applying machine learning algorithms for various combinations of the data sources. Our evaluation results show that the dataset of host statistics results in better performance (0.91) than traffic flows (0.63) and system logs (0.44) because it has the highest average F1-score in the three stages of attacks, while the other datasets may have poor F1-scores in some of the stages, particularly in the stage of impact. However, in the initial access stage of attacks, the dataset of logs performs the best (0.94), and the packet flows are suitable for detecting network DoS attacks (0.82). Furthermore, running this detection with all three data sources results in minor overheads of at most 2.1% CPU utilization. Finally, we analyze the important features of each model, such as the number of logs generated by apache-access, in.telnetd and postfix in the dataset of logs, SrcBytes and TotBytes in the dataset of flows, and MINFLT, VSTEXT and RSIZE in the dataset of statistics.

computer science, information systems