张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Jingqi Zhang,Xin Zhang,Zhaojun Liu,Fa Fu,Yihan Jiao,Fei Xu

DOI: https://doi.org/10.3390/electronics12194170

IF: 2.9

2023-10-09

Electronics

Abstract:A network intrusion detection tool can identify and detect potential malicious activities or attacks by monitoring network traffic and system logs. The data within intrusion detection networks possesses characteristics that include a high degree of feature dimension and an unbalanced distribution across categories. Currently, the actual detection accuracy of some detection models is relatively low. To solve these problems, we propose a network intrusion detection model based on multi-head attention and BiLSTM (Bidirectional Long Short-Term Memory), which can introduce different attention weights for each vector in the feature vector that strengthen the relationship between some vectors and the detection attack type. The model also utilizes the advantage that BiLSTM can capture long-distance dependency relationships to obtain a higher detection accuracy. This model combined the advantages of the two models, adding a dropout layer between the two models to improve the detection accuracy while preventing training overfitting. Through experimental analysis, the network intrusion detection model that utilizes multi-head attention and BilSTM achieved an accuracy of 98.29%, 95.19%, and 99.08% on the KDDCUP99, NSLKDD, and CICIDS2017 datasets, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Liu Jiqing,Xu Ming

DOI: https://doi.org/10.3969/j.issn.1673-4807.2011.06.020

2011-01-01

Abstract:In view of the weakness of current intrusion detection system,a new intrusion detection system model based on the combination of KPCA technology and BP Neural Network is put forward.Against the high dimensions problem of complicated network data,KPCA technology as a method of characteristics extraction is used to decrease the dimensions and simplifie the size of neutral network and reduces the operations work.A large amount of experiments with KDD99 dataset have been conducted and the results show that the new system is with higher adaptable ability and higher speed detection rate in nowadays complicated network circumstances than the intrusion detection system only uses BP neural network.

Hao Zhang,Bin Li

DOI: https://doi.org/10.1109/IMCCC.2016.177

2016-01-01

Abstract:this paper analyzes the shortcomings of traditional multilayer BP neural network in intrusion detection, and gives an optimized multilayer BP neural network algorithm based on matrix, which has good readability, higher recognition rates and the faster program execution speed, etc. On the basis of this, the improved algorithm, combined with principal component analysis and other methods, is applied to intrusion detection. Theoretical analysis and experimental data show that the proposed algorithm is more concise and it can detect intrusions more quickly and efficiently, compared with the traditional multi-layer neural networks.

Jiang Zhong,Zhiguo Li,Yong Feng,Cunxiao Ye

DOI: https://doi.org/10.1109/ISDA.2006.253762

2006-01-01

Abstract:Recently the machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, we propose a new method to design classifier based on multiple granularities immune network. Firstly a multiple granularities immune network (MGIN) algorithm is employed to reduce the data and get the candidate hidden neurons and construct an original RBF network including all candidate neurons. Secondly, the removing redundant neurons procedure is used to get a smaller network. Experimental results on the real network data set show that the new classifier has higher detection and lower false positive rate than traditional RBF classifier.

WEI Shengjun,HU Changzhen,JIANG Fei

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.13.056

2005-01-01

Abstract:The BP neural network algorithm is improved to detect intrusion. The improved method is as follows: according to different input, different part of network will be fired to generate output. The weights of the arcs only connected with fired neuron will be adjusted whereas all weights in traditional BP network must be adjusted. The experiment results indicate that this improved algorithm can increase learning speed and shorten training time. The results also show that the intrusion detection rate is improved.

Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Aimin Yang,Yunxi Zhuansun,Chenshuai Liu,Jie Li,Chunying Zhang

DOI: https://doi.org/10.1109/access.2019.2929919

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the advent of global 5G networks, the Internet of Things will no longer be limited by network speed and traffic. With the large-scale application of the Internet of Things, people pay more and more attention to the security of the Internet of Things. Once the Internet of Things system suffers from malicious attacks, not only the serious loss of information will lead to the paralysis of the Internet of Things equipment. Aiming at the security problem of the Internet of Things, this paper puts forward the LM-BP neural network model. The LM-BP neural network model is applied to an intrusion detection system, and the intrusion detection flow under LM-BP algorithm is given. LM algorithm has the characteristics of fast optimization speed and strong robustness and uses this characteristic to optimize the weight threshold of traditional BP neural network. Through establishing LM-BP neural network classifier, KDD CUP 99 intrusion detection data set is imported into an LM-BP neural network classifier, and the best results are obtained through continuous training. Finally, the experimental simulation results show that this model has higher detection rate and lower false alarm rate than the traditional BP neural network model and PSO-BP neural network model for DOS, R2L, U2L, and Probing, thus this modified model has certain promotion value.

Dingyu Shou,Chao Li,Zhen Wang,Song Cheng,Xiaobo Hu,Kai Zhang,Mi Wen,Yong Wang

DOI: https://doi.org/10.1093/comjnl/bxad105

2023-11-01

The Computer Journal

Abstract:Abstract Security of computer information can be improved with the use of a network intrusion detection system. Since the network environment is becoming more complex, more and more new methods of attacking the network have emerged, making the original intrusion detection methods ineffective. Increased network activity also causes intrusion detection systems to identify errors more frequently. We suggest a new intrusion detection technique in this research that combines a Convolutional Neural Network (CNN) model with a Bi-directional Long Short-term Memory Network (BiLSTM) model for adding attention mechanisms. We distinguish our model from existing methods in three ways. First, we use the NCR-SMOTE algorithm to resample the dataset. Secondly, we use recursive feature elimination method based on extreme random tree to select features. Thirdly, we improve the profitability and accuracy of predictions by adding attention mechanism to CNN-BiLSTM. This experiment uses UNSW-UB15 dataset composed of real traffic, and the accuracy rate of multi-classification is 84.5$\%$; the accuracy rate of multi-classification in CSE-IC-IDS2018 dataset reached 98.3$\%$.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Xizhong Shen

2012-01-01

Computer Engineering and Applications Journal

Abstract:Intrusion detection is a central issue of network security research.This paper proposes a new neural network ensembles model for intrusion detection system.The model trains the individual networks based on data reducing.Genetic algorithm is used to optimize neural network weight.Neural network techniques are used to combine the different classification results.Theory and experiment show that the model is effective.

Zhendong Wang,Yaodi Liu,Daojing He,Sammy Chan

DOI: https://doi.org/10.1016/j.cose.2021.102177

IF: 5.105

2021-01-01

Computers & Security

Abstract:Intrusion detection system can effectively identify abnormal data in complex network environments, which is an effective method to ensure computer network security. Recently, deep neural networks have been widely used in image recognition, natural language processing, network security and other fields. For network intrusion detection, this paper designs an integrated deep intrusion detection model based on SDAE-ELM to overcome the long training time and low classification accuracy of existing deep neural network models, and to achieve timely response to intrusion behavior. For host intrusion detection, an integrated deep intrusion detection model based on DBN-Softmax is constructed, which effectively improves the detection accuracy of host intrusion data. At the same time, in order to improve the training efficiency and detection performance of the SDAE-ELM and DBN-Softmax models, a small batch gradient descent method is used for network training and optimization. Experiments on the KDD Cup99, NSL-KDD, UNSW-NB15, CIDDS-001, and ADFA-LD datasets show that SDAE-ELM and DBN-Softmax integrated deep inspection models have better performance than other classic machine learning models.

Ying Zhang,Peisong Li,Xinheng Wang

DOI: https://doi.org/10.1109/access.2019.2903723

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the advent of the Internet of Things (IoT), the security of the network layer in the IoT is getting more and more attention. The traditional intrusion detection technologies cannot be well adapted in the complex Internet environment of IoT. For the deep learning algorithm of intrusion detection, a neural network structure may have fine detection accuracy for one kind of attack, but it may not have a good detection effect when facing other attacks. Therefore, it is urgent to design a self-adaptive model to change the network structure for different attack types. This paper presents an intrusion detection model based on improved genetic algorithm (GA) and deep belief network (DBN). Facing different types of attacks, through multiple iterations of the GA, the optimal number of hidden layers and number of neurons in each layer are generated adaptively, so that the intrusion detection model based on the DBN achieves a high detection rate with a compact structure. Finally, the NSL-KDD dataset was used to simulate and evaluate the model and algorithms. The experimental results show that the improved intrusion detection model combined with DBN can effectively improve the recognition rate of intrusion attacks and reduce the complexity of the neural network structure.

Hong Chen,Lili Chen

DOI: https://doi.org/10.1117/12.2683212

2023-01-01

Abstract:With the increasing number and categories of cyber-attacks in the era of big data, intrusion detection techniques are constantly updated and optimized. In order to address the shortcomings of traditional intrusion detection methods and single neural network models in intrusion detection, this paper proposes a deep learning-based intrusion detection method. By combining a one-dimensional convolutional neural network with a bidirectional gated recurrent unit, a new CNN-BiGRU network model is formed to fully extract intrusion detection data features and improve the accuracy of intrusion detection. Using the public dataset CIC-IDS2017, multiple sets of comparison experiments were conducted on the proposed method in this paper in the same environment. Firstly, the ablation experiments yielded that in terms of detection performance, the accuracy of this paper's method improved from 99.50% and 99.34% to 99.58% compared with CNN and BiGRU-based models respectively. In terms of running time, the detection time of this model is reduced from 1921s to 907s compared with that of BiGRU, demonstrating the good detection performance of this method. Finally, through comparison tests, it is verified that the intrusion detection method proposed in this paper has better detection performance compared with other methods.

JIANG Jia-tao,LIU Zhi-jie,XIE Xiao-yao

2011-01-01

Abstract:With increasing serious situation of network security and network defects in the agreement itself,it is incompetent to use the traditional way of a firewall.A fuzzy neural network model of integrated intrusion detection is proposed to improve the ability of intrusion prevention in a network.First,the data stream is obtained from the network,and the fuzzy approach is used to perform data pre-processing on characteristics of invasion.Then,the training and testing data is received by the integrated fuzzy neural network module from the data pre-processing module.Through repeated training and learning,the weights of nodes in the sub-trees converge to determine values.When training is completed,the model is used to detect the network data.The response module receives the results of the fuzzy neural network module and makes the appropriate response.In the experiment,the network intrusion detection datasets,a part of KDDCUP99,are used to evaluate the integrated fuzzy neural network,and are compared to a single neural network model.On the whole,the result shows that the fuzzy neural network ensemble method results are more stable.It slightly reduces the false alarm rate,false negative rate and false positive rate and significantly improves on accuracy and ability of datasets generalization.

Hao-Ran Deng,Yun-Hong Wang

DOI: https://doi.org/10.1109/ICWAPR.2007.4420755

2007-01-01

Abstract:In this paper, a neural network based algorithm is used in the intrusion detection. Moreover, we propose a fusion method combine several neural network classifiers. Experimental results show that the proposed method is an encouraging intrusion detection wanner.

Arun Kumar Silivery,Ram Mohan Rao Kovvur

DOI: https://doi.org/10.1016/j.measen.2023.100924

2023-10-25

Abstract:This proposed model introduces novel deep learning methodologies. The objective here is to create a reliable intrusion detection mechanism to help identify malicious attacks. Deep learning based solution framework is developed consisting of three approaches. The first approach is Long-Short Term Memory Recurrent Neural Network (LSTM-RNN) with seven optimizer functions such as adamax, SGD, adagrad, adam, RMSprop, nadam and adadelta. The model is evaluated on NSL-KDD dataset and classified multi attack classification. The model has outperformed with adamax optimizer in terms of accuracy, detection rate and low false alarm rate. The results of LSTM-RNN with adamax optimizer is compared with existing shallow machine and deep learning models in terms of accuracy, detection rate and low false alarm rate. The multi model methodology consisting of Recurrent Neural Network (RNN), Long-Short Term Memory Recurrent Neural Network (LSTM-RNN), and Deep Neural Network (DNN). The multi models are evaluated on bench mark datasets such as KDD99, NSL-KDD, and UNSWNB15 datasets. The models self-learnt the features and classifies the attack classes as multi-attack classification. The models RNN, and LSTM-RNN provide considerable performance compared to other existing methods on KDD99 and NSL-KDD dataset

Networking and Internet Architecture,Machine Learning

Huaping Jia,Jun Liu,Min Zhang,Xiaohu He,Weixi Sun

DOI: https://doi.org/10.1016/j.comcom.2021.07.016

IF: 5.047

2021-10-01

Computer Communications

Abstract:Existing network intrusion detection models suffer such problems as low detection accuracy and high false alarm rates in face of massive data traffic. Deep-learning models provide a solution as they can reduce the dimensionality of massive data, extract data features, and identify intrusions. However, the network structure and the number of hidden layer neurons of deep-learning models are determined by empirical or trial-and-error methods, which will affect the generalization ability and learning efficiency of the model. In the present work, a deep belief network model based on information entropy (IE-DBN model) is proposed for network intrusion detection. The model uses information gain (IG) to reduce the dimensionality of high-dimensional data features and remove redundant features. The information entropy is used to determine the number of hidden neurons in the DBN network and the network depth. The synthetic minority oversampling technique (SMOTE) algorithm is used to address the problem of data imbalance. Tests on the KDD CUP 99 intrusion detection data set have shown that the proposed IE-DBN model improved the convergence speed of the model and reduced the likelihood of overfitting. Compared with the conventional back propagation (BP) neural network and DBN network model, the IE-DBN model obtained a higher detection accuracy and a lower false alarm rate. Verification tests on other intrusion detection data sets showed that the proposed IE-DBN model had good generalization capacity.

computer science, information systems,telecommunications,engineering, electrical & electronic

王景新,戴葵,宋辉,王志英

DOI: https://doi.org/10.46382/mjbas.2022.6103

2022-01-01

Mediterranean Journal of Basic and Applied Sciences

Abstract:Artificial Intelligence (AI) breakthroughs in the last few years have accelerated dramatically as a result of the industry's vast technological use. Neural Networks (NN) is one of the most vital areas of AI, as they allow for commercial use of features that were previously not accessible via the use of computers. The Intrusion Detection System (IDS) is one of the areas in which Neural Networks are being extensively investigated to provide comprehensive computer network security and data confidentiality. During the realization of this work Artificial Neural Network (ANN) were used to shape the proposed model using a realistic CICIDS2017 dataset retrieved from the Canadian Institute for Cyber-Security (CIC) website. Following implementation and testing, it was discovered that the new model performs exceptionally well, with an average. In addition, the receiver operator characteristic curve (ROC) has a 9.999 % area under the Receiver Operator Characteristic Curve (AUC). Finally, it was discovered that the new model is exceptional and has a high level of accuracy. The new model will aid in an improved knowledge of various orders in which IDS research has been conducted. It will be useful for those working on AI-based solutions in IDS and similar domains. It is possible to enhance the new model's detection capabilities to incorporate all other lingering forms of incidents in this actual datasets, which contains all real-time and existing incidents.

Zhongjun Yang,Qi Wang,Xuejun Zong,Guogang Wang

DOI: https://doi.org/10.1016/j.cose.2024.103781

IF: 5.105

2024-02-23

Computers & Security

Abstract:The network security problem in today's world is becoming more and more prominent, and intrusion detection as a branch in the field of network security has been developed tremendously. At present, back propagation (BP) neural network is widely used in intrusion detection. However, its weights and thresholds are randomly initialized, so that fall into local optimal after training. To solve this problem, an intrusion detection model based on improved social network search (ISNS) algorithm to optimize BP neural network is proposed. The model first uses chaotic mapping and elite mechanism to improve the original Social Network Search (SNS) algorithm, and then uses the ISNS algorithm to filter the initial weights and thresholds of the BP neural network, and constructs the neural network with the optimal values to avoid falling into local optimum. The experimental results show that the proposed method solves the problem that the traditional BP neural network is easy to fall into local optimum. At the same time, the ISNS_BP model achieves better classification performance than other models, and the accuracy on the NSL-KDD and UNSW-NB15 datasets reaches 98.62 % and 93.97 %, respectively.

computer science, information systems

Jing Yu,Xiaojun Ye,Hongbo Li

DOI: https://doi.org/10.1016/j.future.2021.10.018

IF: 7.307

2022-01-01

Future Generation Computer Systems

Abstract:The openness of network data makes it vulnerable to hackers, viruses and other attacks, which seriously threatens the privacy and property security of users. In order to improve the accuracy of the intrusion detection for network security communication, based on the traditional intrusion detection system, combining with the deep learning theory and shortcomings, this paper proposed an intrusion detection system for network security communication based on multi-scale convolutional neural network, and conducted the corresponding experiments on public data sets. The experimental results perform that compared to the intrusion detection system based on Adaboost model and Recurrent Neural Network model, the convergence speed of multi-scale convolutional neural network system is faster, the average error detection rate is reduced by 4.02%, and the average accuracy is improved by 4.37%. The results prove that the intrusion detection system based on multi-scale convolution neural network has a high detection accuracy.