Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Wei Pan,Weihua Li,Haobin Shi,Jianfeng Yan

DOI: https://doi.org/10.1117/12.657359

2005-01-01

Abstract:A methodology for optimizing radial basis function (RBF) networks is proposed, which consists of the RBF network and the self-organizing map (SOM), aiming at improving the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm, in which the centers and the number of hidden neurons are self-adjustable. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach to recognize network attacks performance especially in terms of both efficient and accuracy.

ZHAO Jian-hua,LI Wei-hua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.12.032

2012-01-01

Abstract:In order to improve the classification effectiveness of Self-organizing feature Mapping(SOM) neural network,this paper designs a Supervised Self-organizing feature Mapping(SSOM) network,which adds output layer into the network structure based on input layer and competitive layer.According to different prediction category of input samples,SSOM selects different formula to adjust weights and train network.Through combinations of two weights,SSOM realizes the regression and statistic of the sample classes.Experiments on KDD CUP99 dataset show that SSOM has better classification ability and higher intrusion detection rate.

Simon T. Powers,Jun He

DOI: https://doi.org/10.1016/j.ins.2007.11.028

2012-08-03

Abstract:Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.

Neural and Evolutionary Computing,Cryptography and Security

Tao Ma,Yang Yu,Fen Wang,Qiang Zhang,Xiaoyun Chen

DOI: https://doi.org/10.1007/978-981-10-3187-8_13

2017-01-01

Abstract:This paper proposes a novel approach called KDSVM, which utilized the k-mean techniques and advantage of feature learning with deep neural network (DNN) model and strong classifier of support vector machines (SVM) , to detection intrusion networks. KDSVM is composed of two stages. In the first step, the dataset is divided into k subset based on every sample distance by the cluster centers of k-means approach, and in the second step, testing dataset is distanced by the same cluster center and fed into the DNN model with SVM model for intrusion detection. The experimental results show that the KDSVM not only performs better than SVM, BPNN, DBN-SVM (Salama et al., Soft computing in industrial applications, 2011 [21]) and Bayes tree models in terms of detection accuracy and abnormal types of attacks found. It also provides an effective tool for the study and analysis of intrusion detection in the large network.

Xiaojun Tong,Zhu Wang,Haining Yu

DOI: https://doi.org/10.1016/j.cpc.2009.05.004

IF: 4.717

2009-01-01

Computer Physics Communications

Abstract:A hybrid RBF/Elman neural network model that can be employed for both anomaly detection and misuse detection is presented in this paper. The IDSs using the hybrid neural network can detect temporally dispersed and collaborative attacks effectively because of its memory of past events. The RBF network is employed as a real-time pattern classification and the Elman network is employed to restore the memory of past events. The IDSs using the hybrid neural network are evaluated against the intrusion detection evaluation data sponsored by U.S. Defense Advanced Research Projects Agency (DARPA). Experimental results are presented in ROC curves. Experiments show that the IDSs using this hybrid neural network improve the detection rate and decrease the false positive rate effectively.

Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dianbo Jiang,Yahui Yang,Min Xia

DOI: https://doi.org/10.1109/IAS.2009.247

2009-01-01

Abstract:Neural networks approach is an advanced methodology used for intrusion detection. As a type of neural network, Self-organizing Maps (SOM) is getting more attention in the field of intrusion detection.In this paper, some improvements on SOM algorithm are made in order to increase detection rate and improve the stability of intrusion detection, include: (1) Modify the strategy of “winner-take-all” to decrease underutilized or completely unutilized neurons. (2) Introduce interaction weight which describes the effect between each neuron in the output layer to enhance the relationships between the input pattern and the weights of all the nodes when adjusting weights; The improved SOM is implemented and applied to the intrusion detection. The validities and feasibilities of the improved SOM are confirmed through experiments on KDD Cup 99 datasets. The experiment result shows that the detection rate has been increased by employing the improved SOM.

Guofeng He,Qing Lu,Guangqiang Yin,Hu Xiong

DOI: https://doi.org/10.1007/978-3-031-19214-2_54

2022-01-01

Abstract:The rapid development of the Internet has brought great changes and convenience to the society and people. With the development of the Internet, its security has been paid more and more attention. Intrusion detection can detect network attacks in real time and respond to them in time, which has become an essential and important security line. With the novel of network attack and the diversification of network traffic, traditional intrusion detection based on attack load matching and the intrusion detection based on machine learning has problems of inaccurate feature extraction and insufficient detection effect. To solve the above problems, this paper designs a hybrid neural network DCT-IDS model, using dense convolution neural network to achieve traffic feature fusion, reducing the number of parameters, using Transformer to extract time sequence features, and experimental tests were carried out on the latest dataset CIC-IDS2018. The experimental results show that the accuracy of the proposed DCT-IDS model reaches 98%, and all the indexes are better than the existing excellent models.

Nasrullah Khan,Muhammad Ismail Mohmand,Sadaqat Ur Rehman,Zia Ullah,Zahid Khan,Wadii Boulila

DOI: https://doi.org/10.1371/journal.pone.0299666

IF: 3.7

2024-06-21

PLoS ONE

Abstract:Computer networks face vulnerability to numerous attacks, which pose significant threats to our data security and the freedom of communication. This paper introduces a novel intrusion detection technique that diverges from traditional methods by leveraging Recurrent Neural Networks (RNNs) for both data preprocessing and feature extraction. The proposed process is based on the following steps: (1) training the data using RNNs, (2) extracting features from their hidden layers, and (3) applying various classification algorithms. This methodology offers significant advantages and greatly differs from existing intrusion detection practices. The effectiveness of our method is demonstrated through trials on the Network Security Laboratory (NSL) and Canadian Institute for Cybersecurity (CIC) 2017 datasets, where the application of RNNs for intrusion detection shows substantial practical implications. Specifically, we achieved accuracy scores of 99.6% with Decision Tree, Random Forest, and CatBoost classifiers on the NSL dataset, and 99.8% and 99.9%, respectively, on the CIC 2017 dataset. By reversing the conventional sequence of training data with RNNs and then extracting features before applying classification algorithms, our approach provides a major shift in intrusion detection methodologies. This modification in the pipeline underscores the benefits of utilizing RNNs for feature extraction and data preprocessing, meeting the critical need to safeguard data security and communication freedom against ever-evolving network threats.

Khurram Hussain,Yuanqing Xia,Ameer N. Onaizah,Tayyab Manzoor,Khurrum Jalil

DOI: https://doi.org/10.1016/j.ijleo.2022.170145

IF: 3.1

2022-01-01

Optik

Abstract:Wireless sensor networks (i.e., WSNs) are self-configured and infrastructure-less wireless networks that monitor environmental or physical factors, such as sound, temperature, vibration, motion, pressure, or pollutants, and collaborate with the base station for analysis of their data. A sink, also known as a base station, serves as a link between customers and the network. However, WSNs have various challenges such as high energy consumption, high bandwidth demand, quality of service, compression techniques, data processing, and intrusion. To avoid intrusion, an intrusion detection system is the best solution. It investigates the network by gathering enough information from each node and detecting abnormal sensor node behavior. The intrusion detection system is primarily divided into two steps: feature extraction/selection and classification. In this work, we introduced a new intrusion detection system based on a deep learning network. For feature selection, a proposed hybrid WOA-ABC algorithm is used, and a proposed CNN architecture is used for classification. In WSN there are various attacks available mainly DoS attack, Sybil attack, black hole attack, wormhole attack, etc. In this paper, the NSLKDD dataset is used for intrusion detection. In the NSLKDD dataset, numerous attacks available but those attacks come under 4 types of attacks. There are Dos, UR2, R2L, and probe. So, in this work mainly we concentrate to classify these 4 types of attacks. Compared to the existing method our proposed architecture gives the best performance result in terms of execution time, detection rate, accuracy, and false alarm rate. When compared to existing approaches, our proposed mechanism minimizes execution time by 76.54 %.

Longjie Li,Yang Yu,Shenshen Bai,Ying Hou,Xiaoyun Chen

DOI: https://doi.org/10.1109/access.2017.2787719

IF: 3.9

2018-01-01

IEEE Access

Abstract:Intrusion detection has been an important countermeasure to secure computing infrastructures from malicious attacks. To improve detection performance and reduce bias towards frequent attacks, this paper proposes a two-step hybrid method based on binary classification and k-NN technique. Step 1 employs several binary classifiers and one aggregation module to effectively detect the exact classes of network connections. After step 1, the connections whose classes are uncertain are sent to step 2 to further determine their classes by the k-NN algorithm. Step 2 is based on the outcomes of step 1 and yields a beneficial supplement to step 1. By combining the two steps, the proposed method achieves reliable results on the NSL-KDD data set. The effectiveness of the proposed method is evaluated in comparison with five supervised learning techniques. Experimental results demonstrate that the proposed method outperforms baselines with respect to various evaluation criteria. In particular, for U2R and R2L attacks, the F1-scores of the proposed method are much higher than those of baselines. Furthermore, comparisons with some recent hybrid approaches are also listed. The results illustrate that the proposed method is competitive.

Yu Yao,Fu-xiang Gao,Ge Yu

DOI: https://doi.org/10.1145/1046290.1046341

2004-01-01

Abstract:In order to improve the intrusion detection rates and reduce false positives, a hybrid BP/CNN neural network is constructed, which has both the capability of real-time classification which BP has and the functionality of time-delay, collection and judgment which chaotic neuron has. Because this intrusion detection approach has flexible time-delay characteristic, it corresponds to the requirement of intrusion detection nowadays. The simulation tests to FTP brute-force attacks are conducted using samples captured from data traffic in local computer network. The test results are drawn by ROC curves. The intrusion criterion with high rate intrusion detection and low rates of false alarms can be found. The intrusion detection approach in this paper may be generalized to other intrusion detection systems.

Jia Liu,Wang Yinchai,Teh Chee Siong,Xinjin Li,Liping Zhao,Fengrui Wei

DOI: https://doi.org/10.21203/rs.3.rs-1770107/v1

2022-01-01

Abstract:Abstract Intrusion detection is a fuzzy classification problem. Intrusion detection can detect the attack behaviors of hackers in advance. For generating a visualizing architecture for identifying intrusions, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System), DT (Decision Tree), and K-means clustering algorithm for visualizing the deep pattern of intrusion detection. The ANFIS generates complex and fuzzy combinations of selected attributes. To reduce the rules generation of ANFIS, Pearson Correlation analysis is used to select attributes that highly relate to the target. Meanwhile, standard deviation analysis and a proposed adaptive K-means algorithm are used for determining the interval division of selected attributes. Then, the CART (classification and regression tree) is used to identify the deep mode in generated rules and selected attributes. The architecture of the proposed algorithm is a hybrid visualizing approach. The architecture can identify deep and hybrid features in intrusion detection. The proposed algorithm was trained, validated, and tested on the NSL-KDD dataset. Using 22 attributes that highly relate to the target, the performance of the proposed method achieved a 99.86% detection rate and 0.14% false alarm rate, which is better than many classifiers. Besides, the visualizing model can help us visually identify the complex pattern of intrusions and analyze the pattern of various intrusions.

Jianhong Gao,Lixin Xu,Yaping Dai

DOI: https://doi.org/10.1109/wcica.2004.1342338

2004-01-01

Abstract:Self-organizing map (SOM) neural network and pattern recognition methods were applied in this system. A two-layered SOM network was designed, containing SOM1 and SOM2. SOM1 was designed to distinguish attack patterns from normal ones, and SOM2 was designed to point out the specific type of attack patterns. The KDD benchmark dataset from the International Knowledge Discovery and Data Mining Tools Competition was employed for training and testing our prototype, and divergences were calculated for feature selection. Finally, 4 chief features were employed as input of the two SOMs. From our experimental results with different network data, our scheme achieved more than 98 percent detection rate and less than 2 percent false alarm rate, it could provide a precise and efficient way for implementing the classifier in intrusion detection.

Wen Jie Tian,Ji Cheng Liu

DOI: https://doi.org/10.1109/CAR.2010.5456628

2010-01-01

Abstract:Intrusion Detection Systems (IDS) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively in effective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. An intrusion detection method based on neural network and particle swarm optimization algorithm (PSOA) is presented in this paper. The novel structure model has higher accuracy and faster convergence speed. With the ability of strong self-learning and faster convergence, this intrusion detection method can detect various intrusion behaviors rapidly and effectively by learning the typical intrusion characteristic information. Utilizing the character that rough set can keep the discernability of original dataset after reduction, the reduces of the original dataset are calculated and used to train neural network, which increase the detection accuracy. We apply this technique on KDD99 data set and get satisfactory results. The experimental result shows that this intrusion detection method is feasible and effective.

YAO Yu,GAO Fu-xiang,DENG Qing-xu,YU Ge,ZHANG Shou-zhi

DOI: https://doi.org/10.3321/j.issn:1001-0920.2007.04.015

2007-01-01

Abstract:A hybrid feedforward neural network based on chaotic neuron is proposed to detect complicate network intrusion.The proposed neural network has the capability of time-delay,collection,thinking and classification,based on which the weakness of general neural network is avoided which can only detect current misuse intrusion.The neural network is trained and applied to misuse intrusion detection cases.This approach is evaluated by using DARPA data set.Results show that the system's capability of detecting time-delayed Probe and DOS attacks is enhanced effectively by using the proposed approach.

Yuluo Hou,Yusheng Fu,Jinhong Guo,Jie Xu,Renting Liu,Xin Xiang

DOI: https://doi.org/10.1007/s12652-022-04350-6

IF: 3.662

2022-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:In recent years, deep learning techniques have been widely applied to network intrusion detection. However, current detection methods suffer from a low detection rate, rendering them useless in fighting unknown attacks. Thus, in this article, we proposed a hybrid detection system based on deep learning techniques. First, to understand comprehensively the pattern of normal network traffic and anomaly detection, a designed nonsymmetric autoencoder (NAE) is proposed. The NAE extracts the latent feature of network traffic with two different convolution neural networks and multiple linear layers are applied to the NAE’s decoder to reconstruct the input. Besides, a latent feature extraction scheme using the NAE encoder is proposed and a deep neural network (DNN) is trained with this latent feature to achieve detection. In addition, in order to strengthen system stability, a hybrid scheme is proposed that considers the detection results of NAE and DNN, and makes the comprehensive decision. Experiments are performed on the NSL-KDD, N-baIoT and BoT-IoT datasets respectively to evaluate the proposed hybrid model. The evaluation is carried out through classification evaluation indexes such as accuracy, precision, recall, F1-score. The results have shown that our proposed hybrid model gets the best detection ability of abnormal traffic compared with several state-of-the-art intrusion detection methods.

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications