Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Peng Zhou,Zhishu Li

DOI: https://doi.org/10.1109/ICIME.2010.5478129

2010-01-01

Abstract:The paper introduces cluster ensemble for intrusion detection systems. Intrusion detection is a hard problem which is studied by many researchers and is a research hot pot. The idea is that we use cluster ensemble to decide which net-event is normal or unnormal. In this paper there are three works presented. First, we state a hard cluster ensemble method. Second, the model of cluster ensemble for IDS is illustrated in detail. Third, some UCI datasets and KDD99 dataset are chosen for the experiments, and the results show that cluster ensemble for IDS is better than any single algorithm or model.

LIN Hui,ZHU Jun-ping

2009-01-01

Abstract:On the base of discussing the basic concepts and characters of clone clustering, the advantage of IDS is explored based on clone clustering. According to the medium and small enterprise actual demand, the clone clustering algorithm is mainly presented, the intrusion detection system CCIDS (clone clustering based intrusion detection system) based on CC algorithm is designed and imple-mented. the experimental results using KDD CUP99 dataset show that this algorithm can achieve higher detection rate of known or unknown attacks and lower false positive rate.

MA Xiao-chun,GAO Xiang,GAO De-yuan

DOI: https://doi.org/10.3969/j.issn.1000-7180.2005.04.036

2005-01-01

Abstract:Intrusion Detection System (IDS) is an important part of the computer network security. According to the analysis of two intrusion detection models, this paper presents a clustering based method for unsupervised anomaly detection, and does some experiments using the KDD99 cup dataset. This method is proved to be with high performances by the results.

Tao Ma,Fen Wang,Jianjun Cheng,Yang Yu,Xiaoyun Chen

DOI: https://doi.org/10.3390/s16101701

IF: 3.9

2016-10-13

Sensors

Abstract:The development of intrusion detection systems (IDS) that are adapted to allow routers and network defence systems to detect malicious network traffic disguised as network protocols or normal access is a critical challenge. This paper proposes a novel approach called SCDNN, which combines spectral clustering (SC) and deep neural network (DNN) algorithms. First, the dataset is divided into k subsets based on sample similarity using cluster centres, as in SC. Next, the distance between data points in a testing set and the training set is measured based on similarity features and is fed into the deep neural network algorithm for intrusion detection. Six KDD-Cup99 and NSL-KDD datasets and a sensor network dataset were employed to test the performance of the model. These experimental results indicate that the SCDNN classifier not only performs better than backpropagation neural network (BPNN), support vector machine (SVM), random forest (RF) and Bayes tree models in detection accuracy and the types of abnormal attacks found. It also provides an effective tool of study and analysis of intrusion detection in large networks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

YU-FANG ZHANG,ZHONG-YANG XIONG,XIU-QIONG WANG

DOI: https://doi.org/10.1109/ICMLC.2005.1527342

2005-01-01

Abstract:The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusion detection system (IDS) techniques is increasingly unable to protect the global distributed information infrastructure. Distributed analysis employed by Agent-based DIDS is an accepted fabulous method. Clustering-based intrusion detection technique overcomes the drawbacks of relying on labeled training data which most current anomaly-based intrusion detection depend on. Clustering-based DIDS technique according to the advantages of two techniques is presented. For effectively choosing the attacks, twice clustering is employed: the first clustering is to choose the candidate anomalies at Agent IDS and the second clustering is to choose the true attack at central IDS. At last, through experiment on the KDD CUP 1999 data records of network connections verified that the methods put forward is better.

Zhouzhou Liu,Wei,Hao Wang,Yangmei Zhang,Qianyun Zhang,Shining Li

DOI: https://doi.org/10.1109/access.2018.2879891

IF: 3.9

2018-01-01

IEEE Access

Abstract:Aiming at large-scale, high dimensional data, and variable intrusion behavior in wireless sensor networks (WSNs), an intrusion detection algorithm based on parallel intelligent optimization feature extraction and distributed fuzzy clustering for WSNs is proposed. First, in order to effectively reduce the data dimensionality and improve the robustness of the feature extraction process, the parallel intelligent optimization feature extraction framework is constructed on the basis of defining the optimal feature evaluation index, for which the theoretical analysis shows that the index can eliminate feature redundancy and maintain the diversity of original data. Second, the spider cluster optimization algorithm evolution rule is redefined by introducing local search and adaptive multi strategy update method, and it proves that the improved social spider optimization (ISSO) algorithm has global convergence. The ISSO is used to solve the feature extraction framework, and through the parallel feature subset selection process, the best feature combination is extracted. Finally, WSNs intrusion detection is carried out by using the best feature subset and the distributed fuzzy clustering technology, and intelligent iterative evolution method and adaptive clustering strategy are introduced in order to improve the fuzzy clustering algorithm performance. Experimental results show that the intrusion detection algorithm can effectively give the results of intrusion detection, and moreover, compared with the other detection algorithms, the intrusion detection rate is improved by about 13.1%, and the false detection rate is decreased by about 8.5%.

Hongying Zheng,Xiaofeng Liao,Lin Ni

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:In this paper, a new detection method, Intrusion detection based on unsupervised clustering and simulated annealing algorithm (IDCSA), is proposed, it can automatically establish clusters and detect intruders by labeling normal and abnormal groups, IDCSA combines partitional clustering with simulated annealing. Firstly, clustering is described as assignment problem and clusters are established using partitional clustering. Secondly, simulated annealing algorithm is used to optimize the clustering results and find a near-optimal partitioning instead of local optimizing results. The experiments with KDD cup 1999 show that IDCSA is effective for intrusion detection.

Yuyang Zhou,Guang Cheng

2019-01-01

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Ma Li,Bai Lin,Jiao Li-cheng,Chen Chang-guo

DOI: https://doi.org/10.1109/iccias.2006.294205

2006-01-01

Abstract:Adaptive polyclonal algorithm is the improved one of clonal selection algorithm, and its convergence speed is much faster. This paper intends to direct a novel clustering analysis by means of the affinity function that the adaptive polyclonal clustering strategy affects. The clustering algorithm has the advantage that it does not depend on priori knowledge and has nothing to do data distribution, effectively overcoming the disadvantage that some existing algorithms are sensitive to initialization and easy to be trapped into the local optima. This algorithm clusters large data sets with mixed numeric and categorical values effectively. The intrusion detection system based on this algorithm can deal with massive unlabeled data to distinguish between normal and anomaly and even can detect unknown attacks. The computer comparison-contrast simulations through the KDD CUP 99 datasets show that the algorithm discussed in this paper has much superior detection rate and less false positive rate when compared with AiNet algorithm, the algorithm of L. Portnoy (2000) and the algorithm of L. Jing and L. Fang (2004)

Ying Wang,Yongjun Shen,Guidong Zhang

DOI: https://doi.org/10.1109/ICSESS.2016.7883100

2016-01-01

Abstract:In the past few years, for security issues keep increasing and changing explosively, Intrusion Detection System (IDS) have been asked for discovering these threats more accurately and more rapidly. Many intrusion detection models have been proposed to meet the requirements. However, for this unbalanced data sample KDDcup99, some classifiers may have a good effect on big sample classes like J48 and RandomForest, others are good at classifying on small sample, but few of them can achieve balance. In this paper, an intrusion detection solution based on ensemble learning is put forward. In our model, we employ Bayesian network and RandomTree as base classifiers along with meta learning algorithms RandomCommitte and vote. To evaluate the model's performance, the KDDcup99 dataset is introduced.

Y Feng,KG Wu,ZF Wu,J Zhong,H Li

DOI: https://doi.org/10.1142/9789812701534_0110

2005-01-01

Abstract:A clustering algorithm based on swarm intelligence is systematically proposed for anomaly intrusion detection. The basic idea of our approach is to produce the cluster by swarm intelligence-based clustering. Instead of using the linear segmentation function of the CSI model, here we propose to use a nonlinear probability conversion function and can help to solve linearly inseparable problems. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio. And then the identified cluster can be used in real data detection. In the traditional clustering-based intrusion detection algorithms, clustering using a simple distance-based metric and detection based on the centers of clusters, which generally degrade detection accuracy and efficiency. Our approach can settle these problems effectively. The experiment result shows that out approach can detect unknown intrusions efficiently in the real network connections.

Yuyang Zhou,Guang Cheng,Shanqing Jiang,Mian Dai

DOI: https://doi.org/10.1016/j.comnet.2020.107247

IF: 5.493

2020-01-01

Computer Networks

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Kai Peng,Victor C. M. Leung,Qingjia Huang

DOI: https://doi.org/10.1109/ACCESS.2018.2810267

IF: 3.9

2018-01-01

IEEE Access

Abstract:Intrusion detection system (IDS) provides an important basis for the network defense. Due to the development of the cloud computing and social network, massive amounts of data are generated, which inevitably brings much pressure to IDS. And therefore, it becomes crucial to efficiently divide the data into different classes over big data according to data features. Moreover, we can further determine whether one is normal behavior or not based on the classes information. Although the clustering approach based on K-means for IDS has been well studied, unfortunately directly using it in big data environment may suffer from inappropriateness. On the one hand, the efficiency of data clustering needs to be improved. On the other hand, differ from the classification, there is no unified evaluation indicator for clustering issue, and thus, it is necessary to study which indicator is more suitable for evaluating the clustering results of IDS. In this paper, we propose a clustering method for IDS based on Mini Batch K-means combined with principal component analysis. First, a preprocessing method is proposed to digitize the strings and then the data set is normalized so as to improve the clustering efficiency. Second, the principal component analysis method is used to reduce the dimension of the processed data set aiming to further improve the clustering efficiency, and then mini batch K-means method is used for data clustering. More specifically, we use K-means++ to initialize the centers of cluster in order to avoid the algorithm getting into the local optimum, in addition, we choose the Calsski Harabasz indicator so that the clustering result is more easily determined. Compared with the other methods, the experimental results and the time complexity analysis show that our proposed method is effective and efficient. Above all, our proposed clustering method can be used for IDS over big data environment.

Di He,Xin Chen,Danping Zou,Ling Pei,Lingge Jiang

DOI: https://doi.org/10.1109/iscas.2018.8350994

2018-01-01

Abstract:In the computer network intrusion detection system, data objects, mapped from original space, are analyzed based on kernel clustering algorithm. During the process of kernel clustering, some representative points are introduced to represent a cluster. In just one iteration, the distance between a data object and representative points of a cluster is computed to partition the data objects. The clustering results contain normal data and abnormal data, which achieve the goal of intrusion detection. At the same time, KDD CUP 1999 dataset is used to make simulations. The results show that the proposed algorithm has higher detecting probability under the condition of low constant false alarm rate compared with K-Means clustering algorithm and SVM.

Nabeel H. Al-A’araji,Safaa O. Al-Mamory,Ali H. Al-Shakarchi

DOI: https://doi.org/10.1088/1742-6596/1818/1/012106

2021-01-01

Journal of Physics Conference Series

Abstract:Abstract A huge amount of data is transmitted through the networks, which allowed the exchange of knowledge and medical expertise, trade and banking facilities, etc. However, due to the huge connections to these networks, the security issue has been floated on the surface. Intrusion Detection System (IDS) plays a significant role to protect computer systems. To compensate these issues, the orientation is to employed machine learning and data mining techniques to design and implement powerful IDSs. Among these techniques is ensemble learning which enables a combination of multiple models to enhance overall performance. This study presents a brief overview of IDSs, discusses the history of ensemble systems, specifies the methods adapted in designed such system, highlights the most important ensemble techniques, demonstrates in detail the main methods that have been adapted in combining ensemble components. Besides, special attention was paid to studies in the period (2009-2020) that focus onto both ensemble classification and clustering when developing IDSs.

Binita Bohara,Jay Bhuyan,Fan Wu,Junhua Ding

DOI: https://doi.org/10.5121/ijnsa.2020.12101

2020-01-01

Abstract:In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.

Ren Wei-wu,Hu Liang,Zhao Kuo,Chu Jianfeng

DOI: https://doi.org/10.4304/jnw.8.3.672-679

2013-01-01

Abstract:For the purpose of improving real time and profiles accuracy, a parallel anomaly detection algorithm based on hierarchical clustering has been proposed. Training and predicting are two busiest processes and they are parallel designed and implemented. Moreover, an abnormal cluster feature tree is built to dig anomalies from normal profiles. A series of experiment results on well-known KDD Cup 1999 data sets indicate that the improved algorithm has superior performance in both detection and real time.

Ting Huang,Wenbo Chen,Ruisheng Zhang

DOI: https://doi.org/10.2991/amcce-17.2017.11

2017-01-01

Abstract:The rapid development of information technology generates high dimension and large scale data, which puts severer challenges to network security. Feature selection is proposed for the reduction of data dimension so that features of original data are utmostly retained and improving the effectiveness of data processing. This paper proposes a new method of feature extraction by combining two algorithms. Firstly, removes some noise and irrelevant features after researching for correlation between features and categories; Secondly, furtherly optimize subsets to select key features through feature selection algorithm, whose Evaluate Function is based on clustering algorithm. KDDCUP9910% datasets is used to testify the experiment, whose result shows the method guarantees effective detection rate and reducing the data dimension effectively at the same time , the effectiveness of data detection is improved.

Guowei Wu,Lin Yao,Kai Yao

DOI: https://doi.org/10.1109/ICIA.2006.305969

2007-01-01

Abstract:In this paper, we introduce an adaptive clustering algorithm for intrusion detection based on wavecluster which was introduced by Gholamhosein in 1999 and used with success in image processing. Because of the non-stationary characteristic of network traffic, we extend and develop an adaptive wavecluster algorithm for intrusion detection. Using the multiresolution property of wavelet transforms, we can effectively identify arbitrarily shaped clusters at different scales and degrees of detail, moreover, applying wavelet transform removes the noise from the original feature space and make more accurate cluster found. Experimental results on KDD-99 intrusion detection dataset show the efficiency and accuracy of this algorithm. A detection rate above 96% and a false alarm rate below 3% are achieved. The time complexity of the adaptive wavecluster algorithm is O(N) ,which is comparatively low than other algorithm