Jiang Wei,Min Yao,Jun Yan

DOI: https://doi.org/10.1109/ISISE.2008.17

2008-01-01

Abstract:Clustering is one of the important means of Intrusion detection. In order to overcome the disadvantages of fuzzy C-means algorithm, this paper presents a kind of improved fuzzy C-means algorithm (IFCM for short). IFCM algorithm reduces the infection of isolated point by means of weighting the degree of membership for objects to be clustered, and avoids the subjectivity in choosing the number of clustering by introducing the function of validity. Then, IFCM algorithm is used to intrusion detection, and satisfactory experiment effects are obtained. © 2008 IEEE.

Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Gang Chen,Wenjian Luo

DOI: https://doi.org/10.1007/978-3-319-20466-6_35

2015-01-01

Abstract:The previous evolutionary clustering methods for time-evolving data usually adopt the temporal smoothness framework, which controls the balance between temporal noise and true concept drift of clusters. They, however, have two major drawbacks: (1) assuming a fixed number of clusters over time; (2) the penalty term may reduce the accuracy of the clustering. In this paper, a Multimodal Evolutionary Clustering (MEC) based on Differential Evolution (DE) is presented to cope with these problems. With an existing chromosome representation of the ACDE, the MEC automatically determines the cluster number at each time step. Moreover, instead of adopting the temporal smoothness framework, we try to deal with the problem from view of the multimodal optimization. That is, the species-based DE (SDE) for multimodal optimization is adopted in the MEC. Thus the MEC is a hybrid of the ACDE and the SDE, and designed for time-evolving data clustering. Experimental evaluation demonstrates the MEC achieves good results.

Qifan Yang,Lina Wang

DOI: https://doi.org/10.4028/www.scientific.net/amm.651-653.547

2014-01-01

Applied Mechanics and Materials

Abstract:Fuzzy C-means clustering algorithm (FCM) is widely applied to the intrusion detection. To acquire a better division for intrusion data, a new method (DEFCM) presented in the paper which combines FCM and differential evolution algorithm (DE) is found application. As a start, several randomly initiated partitions are optimized by FCM, and then the result is provided to differential evolution algorithm. After that, the combined result is sent to FCM again to adjust the partition and obtain the final answer. The method can improve detection performance effectively. The KDDCUP1999 data set is used in the simulation experiment, and the result proves that the DEFCM algorithm has a comparatively high detection rate in intrusion detection.

HUANG Kai-feng,WU Qing-tao,ZHENG Rui-juan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2012.11.013

2012-01-01

Abstract:In view of the faults of the traditional fuzzy C-means clustering algorithm in convergence speed and easy fall into local optimum,the improved particle swarm optimization algorithm with cross-operation is used to make up for the deficiency of the fuzzy C-means(FCM)algorithm,thus an optimized fuzzy C-means clustering algorithm is proposed.Simulation experiment results show that the optimized fuzzy C-means(OFCM) algorithm is better than FCM in global searching capability and convergence speed.The method overcome the shortages of FCM,such as poor stability and low intrusion detection precision.The new algorithm has good feasibility and practicality in network security.

Wei Liang,Kuan-Ching Li,Jing Long,Xiaoyan Kui,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tii.2019.2946791

IF: 12.3

2020-03-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8, and the FP of detection is decreased by 8.8.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Mutasem K. Alsmadi,Dr. Rami Mustafa A Mohammad,Malek Alzaqebah,Sana Jawarneh,Muath AlShaikh,Ahmad Al Smadi,Fahad A. Alghamdi,Jehad Saad Alqurni,Hayat Alfagham

DOI: https://doi.org/10.58346/jowua.2024.i2.006

2022-06-29

Abstract:These days, intelligent cybersecurity models based on machine learning and data mining techniques are prevalent. Several factors might affect the quality of these models, including the accuracy, the ability to train new models quickly, the quick decision-making process, the simplicity of the created models, and the model’s interpretability. Feature selection algorithms can help achieve all these characteristics by isolating the crucial features from the unimportant ones during the model creation phase. The current article proposes an intelligent intrusion detection model based on an improved cuckoo search algorithm which is a nature-inspired optimization algorithm. The improved cuckoo search algorithm proposed in this article may tolerate several bad steps toward determining the set of effective features that would preserve or maximize the capabilities of the produced classification models. The generalization ability of such an algorithm is examined by applying it to 10 benchmark datasets, and it showed superior outcomes compared with several nature-inspired attribute selection approaches. Later, the improved cuckoo search algorithm is used to develop intelligent intrusion detection systems using the well-known “NSL-KDD” dataset. The obtained outcomes are appealing regarding the general performance, the time required to develop the intelligent intrusion detection models, and the number of rules generated.

Bin Xie,Xinyu Dong,Changguang Wang

DOI: https://doi.org/10.1155/2021/9322368

2021-08-04

Wireless Communications and Mobile Computing

Abstract:The existing wireless network intrusion detection algorithms based on supervised learning confront many challenges, such as high false detection rate, difficulty in finding unknown attack behaviors, and high cost in obtaining labeled training data sets. This paper presents an improved k -means clustering algorithm for detecting intrusions on wireless networks based on Federated Learning. The proposed algorithm allows multiple participants to train a global model without sharing their private data and can expand the amount of data in the training model and protect the local data of each participant. Furthermore, the cosine distance of multiple perspectives is introduced in the algorithm to measure the similarity between network data objects in the improved k -means clustering process, making the clustering results more reasonable and the judgment of network data behavior more accurate. The AWID, an open wireless network attack data set, is selected as the experimental data set. Its dimensionality reduces by the method of principal component analysis (PCA). Experimental results show that the improved k -means clustering intrusion detection algorithm based on Federated Learning has better performance in detection rate, false detection rate, and detection of unknown attack types.

computer science, information systems,telecommunications,engineering, electrical & electronic

Maheswari, K. G.

DOI: https://doi.org/10.1007/s11277-022-10030-7

IF: 2.017

2022-09-27

Wireless Personal Communications

Abstract:In recent years, the rapid growth of information technology organizations causes ability to meet their demands such as scalability, mobility and flexibility. The security and privacy is a major issue of those organizations that's why they move the data to the cloud. Meanwhile, the security in cloud has become an important issue in the growing demand of cloud computing, Due to the nature characteristics of cloud, those confidential data are vulnerable to attacks/malicious or intruders. Several Intrusion Detection System (IDS) have been proposed for cloud environment to enhance the security problem but they are not possible to solve those issues with better accuracy, due to the recent real-time intruders. However, those IDSs are possible to solve and resist limited and known attacks. In this paper, we propose Optimal Cluster based Intrusion Detection System for defence against attacks in web and cloud computing environments (OC-IDS). We use hybrid optimization algorithm i.e. Multi-verse is combined with Chaotic Atom search optimization (MCA) algorithm for pre-processing which removes the unwanted/repeated data in dataset. We introduce a Chaotic Manta-ray Foraging Optimization (CMFO) based clustering technique which segment the data in different groups. Then, we develop hybrid machine learning technique i.e. Modified Teacher Learning based Deep Neural Network (MTL-DNN) which categorize the attack in cloud environment as a novelty of this study. Finally, the proposed OC-IDS technique can evaluate through standard open source datasets are KDD cup'99 and MSL-KDD, the performance of proposed and existing techniques are compared with different metrics such as accuracy, precision, recall and F-measure. Our proposed OC IDS MTL-DNN attains 95.01% accuracy in KDD cup'99 dataset.

telecommunications

王桐,刘大昕,杜晔

DOI: https://doi.org/10.3969/j.issn.1009-671x.2004.02.016

2004-01-01

Abstract:Through simulating the evolutionary process,many non-linear problems can be resolved.The biggest shortcoming of misuse detection is the lack for the ability to detect the unknown intrusions.Genetic algorithm was put into use ,in order to enhance the machine learing so as to find out the most hazardous attack subsets among huge data recorded in audit trail.The data was analyzed via the emulation test,and in the end the scenario set was optimized dynamically.

Di He,Xin Chen,Danping Zou,Ling Pei,Lingge Jiang

DOI: https://doi.org/10.1109/iscas.2018.8350994

2018-01-01

Abstract:In the computer network intrusion detection system, data objects, mapped from original space, are analyzed based on kernel clustering algorithm. During the process of kernel clustering, some representative points are introduced to represent a cluster. In just one iteration, the distance between a data object and representative points of a cluster is computed to partition the data objects. The clustering results contain normal data and abnormal data, which achieve the goal of intrusion detection. At the same time, KDD CUP 1999 dataset is used to make simulations. The results show that the proposed algorithm has higher detecting probability under the condition of low constant false alarm rate compared with K-Means clustering algorithm and SVM.

Zhi Wang,Leshi Shao,Kai Cheng,Yuanzhao Liu,Jianan Jiang,Yuanping Nie,Xiang Li,Xiaohui Kuang

DOI: https://doi.org/10.1002/int.22877

IF: 8.993

2022-03-27

International Journal of Intelligent Systems

Abstract:Many machine‐learning‐based intrusion detection methods have been proposed, however there is a lack of collaboration among these methods. Faced with a cascade of malicious behaviors and various running environments, coupled with the endless emergence of new malicious activities, it is difficult for us to choose an algorithm manually that is suitable for all scenarios. In addition, usually the binary detection models are applied that only “normal” or “abnormal” decision is made, and it is difficult for us to know how much confidence we have in the prediction model. In this study, we propose an intrusion collaborative detection framework (ICDF), an ICDF that allows heterogeneous detection models to effectively work together which have complementary expertise. A multialgorithm model ensemble learning method with confidence interval is adopted. In this process, each algorithm model only makes prediction judgments on its own credible probability interval and refuses to predict outside the interval. The final result is generated by voting based on the confidence of multiple models. Ten detection algorithms were tested on three different data sets. Compared with different single algorithms, ICDF could achieve high precision and recall rate, and the best F1 scores.

computer science, artificial intelligence

S. Gokul Pran,Sivakami Raja,S. Jeyasudha

DOI: https://doi.org/10.1002/acs.3771

IF: 3.369

2024-03-14

International Journal of Adaptive Control and Signal Processing

Abstract:Summary Intrusion detection is a cyber‐security method that is significant for network security. It is utilized to detect behaviors that compromise security and privacy within a network or in the context of a computer system. To enhance the identification, an Intrusion Detection System Based on the Beetle Swarm Optimization and K‐RMS Clustering Algorithm cluster‐based hybrid classifiers is proposed in this manuscript. Here, the data is amassed from CICIDS2017 dataset. Then the data is preprocessed to eradicate the unwanted noise. After completing the preprocessed data, it can be clustered by using K‐RMS clustering algorithm. This algorithm cluster the entire data to the associated cluster set depending on the data behavior. The classification algorithm is considered to predict the data as normal or attacking behaviors. The hybrid classification is used to predict the data. The solitary predictor aims to achieve high detection rates and accuracy. The hybrid classifiers, such as support vector machines, artificial neural networks are applied to recognize the normal or intruder. The performance of the SVM‐ANN‐IDS method attains 22.05%, 15.87%, 27.25% higher accuracy, 23.90% and 28.53% higher precision, 29.29%, 19.19% and 23.27% higher specificity and 18.28%, 24.36% and 27.49% greater recall when compared to the existing models, like developing novel deep‐learning model to improve network intrusion categorization (DNN‐IDS), Intrusion identification scheme on real‐time data traffic under machine learning techniques along feature selection method (RNN‐SVM‐IDS) and recurrent deep learning basis feature fusion ensemble meta‐classifier for intellectual network intrusion identification scheme (RNN‐IDS) respectively.

automation & control systems,engineering, electrical & electronic

Yanqing Yang,Kangfeng Zheng,Chunhua Wu,Xinxin Niu,Yixian Yang,Yanqing Yang,Kangfeng Zheng,Chunhua Wu,Xinxin Niu,Yixian Yang

DOI: https://doi.org/10.3390/app9020238

2019-01-10

Applied Sciences

Abstract:Machine learning plays an important role in building intrusion detection systems. However, with the increase of data capacity and data dimension, the ability of shallow machine learning is becoming more limited. In this paper, we propose a fuzzy aggregation approach using the modified density peak clustering algorithm (MDPCA) and deep belief networks (DBNs). To reduce the size of the training set and the imbalance of the samples, MDPCA is used to divide the training set into several subsets with similar sets of attributes. Each subset is used to train its own sub-DBNs classifier. These sub-DBN classifiers can learn and explore high-level abstract features, automatically reduce data dimensions, and perform classification well. According to the nearest neighbor criterion, the fuzzy membership weights of each test sample in each sub-DBNs classifier are calculated. The output of all sub-DBNs classifiers is aggregated based on fuzzy membership weights. Experimental results on the NSL-KDD and UNSW-NB15 datasets show that our proposed model has higher overall accuracy, recall, precision and F1-score than other well-known classification methods. Furthermore, the proposed model achieves better performance in terms of accuracy, detection rate and false positive rate compared to the state-of-the-art intrusion detection methods.

Brunel Elvire Bouya-Moko,Edward Kwadwo Boahen,Changda Wang

DOI: https://doi.org/10.3390/electronics11111675

IF: 2.9

2022-05-25

Electronics

Abstract:Strong network connections make the risk of malicious activities emerge faster while dealing with big data. An intrusion detection system (IDS) can be utilized for alerting suitable entities when hazardous actions are occurring. Most of the techniques used to classify intrusions lack the techniques executed with big data. This paper devised an optimization-driven deep learning technique for detecting the intrusion using the Spark model. The input data is fed to the data partitioning phase wherein the partitioning of data is done using the proposed fuzzy local information and Bhattacharya-based C-means (FLIBCM). The proposed FLIBCM was devised by combining Bhattacharya distance and fuzzy local information C-Means (FLICM). The feature selection was achieved with classwise info gained to select imperative features. The data augmentation was done with oversampling to make it apposite for further processing. The detection of intrusion was done using a deep Maxout network (DMN), which was trained using the proposed student psychology water cycle caviar (SPWCC) obtained by combining the water cycle algorithm (WCA), the conditional autoregressive value at risk by regression quantiles (CAViaR), and the student psychology-based optimization algorithm (SPBO). The proposed SPWCC-based DMN offered enhanced performance with the highest accuracy of 97.6%, sensitivity of 98%, and specificity of 97%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Shuai Feng,Wenyu Jiang,Mingcai Chen,Yuntao Du,Hao Cheng,Yuxin Ge,Chongjun Wang

DOI: https://doi.org/10.1137/1.9781611977653.ch30

2023-01-01

Abstract:Out-of-distribution (OOD) detection is critical for ensuring the safe deployment of machine learning models in the open world. Due to the simplicity and intuitiveness of distance based methods, i.e., samples are detected as OOD if they are relatively far away from the centroids or prototypes of in-distribution (ID) classes, they have attracted widespread attention from researchers in the field of OOD detection. However, prior OOD detection methods directly take off-the-shelf loss functions, like widely used softmax cross-entropy (CE) loss, that suffices for classifying ID samples, but is not optimally designed for OOD detection. In this work, we propose CESED, an improved CE loss applied to the scalable Squared Euclidean Distance vector, which exploits hyperspherical evenly-distributed class centroids for OOD detection. CESED can promote strong ID- OOD separability because it explicitly encourages maximization of inter-class distances and minimization of intra-class distances. Extensive experiments demonstrate that CESED achieves superior detection performance on a comprehensive suite of benchmark datasets. For the more challenging case where CIFAR-100 is used as ID, our method achieves a 31.98% reduction in average FPR95 and 6.20% reduction in ID test error compared to the baseline method using a softmax confidence score.

Celestine Iwendi,Suleman Khan,Joseph Henry Anajemba,Mohit Mittal,Mamdouh Alenezi,Mamoun Alazab

DOI: https://doi.org/10.3390/s20092559

IF: 3.9

2020-04-30

Sensors

Abstract:The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Durgesh Srivastava,Rajeshwar Singh,Chinmay Chakraborty,Sunil Kumar,Aaisha Makkar,Deepak Sinwar

DOI: https://doi.org/10.1016/j.micpro.2023.104964

IF: 3.503

2023-10-23

Microprocessors and Microsystems

Abstract:Recognition of the consequence for advanced tools and techniques to secure the network infrastructure from the security risks has prompted the advancement of many machine learning-based intrusion detection strategies. However, it is a big challenge for the researchers to make improvements in an Intrusion Detection System with desired advantages and constraints. This paper has developed a proficient soft computing framework using Grey Wolf Optimization and Entropy-Based Graph (GWO-EBG) to classify intrusion detection datasets to reduce the false rate. In the proposed scheme, initially, the input data is preprocessed by the data transformation and normalization procedure. After the preprocessing, optimal features have been chosen for the dimension reduction from the preprocessed data using the grey wolf optimization (GWO) algorithm. Then, the Entropy value has estimated from the idyllically selected features. Lastly, an Entropy-Based Graph (EBG) has been constructed to classify data into intrusion or normal data. The experimental results demonstrate that the developed method outperforms other existing methods in various performance measures. The detection rate of the developed GWO-EBG is found to be 94.6 %, which is higher than 91.24% of EBG, 75.60% K-Nearest Neighbors (KNN), 73.36% of Support Vector Machine (SVM), and 74.88% of Generalized Regression Neural Network (GRNN) on 5000 connection vectors data obtained from KDD CUP'99 testing dataset. The false-positive rate of developed strategy (GWO-EBG) is 0.35% %, which is lower than 2.18% of EBG, 7.32% KNN, 8.15% of SVM, and 8.13% of GRNN with 5000 testing datasets.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Ben Yang,Xuetao Zhang,Feiping Nie,Badong Chen,Fei Wang,Zhixiong Nan,Nanning Zheng

DOI: https://doi.org/10.1109/tnnls.2022.3142806

IF: 14.255

2022-01-01

IEEE Transactions on Neural Networks and Learning Systems

Abstract:One of the hottest topics in unsupervised learning is how to efficiently and effectively cluster large amounts of unlabeled data. To address this issue, we propose an orthogonal conceptual factorization (OCF) model to increase clustering effectiveness by restricting the degree of freedom of matrix factorization. In addition, for the OCF model, a fast optimization algorithm containing only a few low-dimensional matrix operations is given to improve clustering efficiency, as opposed to the traditional CF optimization algorithm, which involves dense matrix multiplications. To further improve the clustering efficiency while suppressing the influence of the noises and outliers distributed in real-world data, an efficient correntropy-based clustering algorithm (ECCA) is proposed in this article. Compared with OCF, an anchor graph is constructed and then OCF is performed on the anchor graph instead of directly performing OCF on the original data, which can not only further improve the clustering efficiency but also inherit the advantages of the high performance of spectral clustering. In particular, the introduction of the anchor graph makes ECCA less sensitive to changes in data dimensions and still maintains high efficiency at higher data dimensions. Meanwhile, for various complex noises and outliers in real-world data, correntropy is introduced into ECCA to measure the similarity between the matrix before and after decomposition, which can greatly improve the clustering effectiveness and robustness. Subsequently, a novel and efficient half-quadratic optimization algorithm was proposed to quickly optimize the ECCA model. Finally, extensive experiments on different real-world datasets and noisy datasets show that ECCA can archive promising effectiveness and robustness while achieving tens to thousands of times the efficiency compared with other state-of-the-art baselines.

computer science, artificial intelligence, theory & methods,engineering, electrical & electronic, hardware & architecture

Yu Shengsheng,Zhou Jingli

2006-01-01

Abstract:An artificial immunity based multimodal evolution algorithm is developed to generate detectors with variable coverage for multidimensional intrusion detection. In this algorithm, a proper fitness function is used to drive the detectors to fill in those detection holes close to self set or among self spheres, and genetic algorithm is adopted to reduce the negative effects that different distribution of self imposes on the detector generating process. The validity of the algorithm is tested with spherical and rectangular detectors, respectively, and experiments performed on two real data sets (machine learning database and DAPRA99) indicate that the proposed algorithm can obtain good results on spherical detectors, and that its performances in detection rate, false alarm rate, stability, time cost, and adaptability to incomplete training set on spherical detectors are all better than on rectangular ones.