Haibin Shen

2008-01-01

Abstract:In order to prevent the huge damage caused by computer worms,an innovative approach using support vector machine(SVM) classifier for detecting unknown computer worm based on the measurement of computer performance was proposed to alarm Internet users.In the experiment,system features were monitored from window performance counters with different applications running on and bayesian network theorem was applied on selecting features from which the judging rule is deduced by SVM.As proved by the result from testing experiment,the system can detect the presence of an unknown worm by reaching high accuracy,so that it can be well known that the model using SVM active learning the less prior knowledge has a good performance on detecting unknown computer worms.

Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Shangqing Cui,Dongqin Feng

DOI: https://doi.org/10.1109/icpeca56706.2023.10076096

2023-01-01

Abstract:With the application of Internet technologies in the industrial field, industrial control systems (ICS) have the possibility of suffering malicious network attacks. Because ICS is widely used in critical infrastructure, designing attack detection algorithms for it can effectively reduce losses. Many papers have built physical models for cyber-attacks against ICS and the corresponding detection algorithms have been proposed. However, the detection performance can be further improved. This paper establishes the simulation attack on the Tennessee Eastman (TE) process and proposes an improved support vector machine (SVM) method to detect integrity attacks. This algorithm uses contribution plots and recursive feature elimination to select features. Compared with the principal component analysis (PCA) feature extraction, the detection accuracy is improved. After adding system dynamics to the algorithm, the time to detect attacks is advanced.

Li-zhong Geng,Hui-bo Jia

DOI: https://doi.org/10.1109/aici.2009.92

2009-01-01

Abstract:Intrusion detection systems could rely on short sequences of system calls to distinguish between legitimate and illegitimate activities. We found that the frequencies of system calls in a particular process generally follow the Zipf’s law. It means that there are many sequences which are meaningless to differentiate the ongoing behavior but generate lots of computing waste. Due to improve the performance of existing intrusion detection methods which are implemented in the kernel of operating system, this paper focuses on the negative selection algorithm using maximum entropy model to avoid the degeneration caused by the Valueless repetition of system calls. The improved scheme uses negative selection method to remove the useless computing which is predicted by maximum entropy model. Experimental results demonstrate that the computing cost has a reduction of 50~80% with the same Detection Rate

Zhongwei Bai,Ruizhe Jia,Peng Yu,Jin Guo

DOI: https://doi.org/10.1002/asjc.3519

IF: 2.4

2024-10-17

Asian Journal of Control

Abstract:With the advancements in network technology and artificial intelligence, the interaction between network nodes is getting more frequent. The malicious data tampering can be extremely damaging to system stability, therefore the network security is of great importance. In this paper, we address the problem of system identification with binary‐valued observations under data tampering attacks and an information entropy‐based approach to optimal attack strategy from the viewpoint of attacker. Under the constrained attack energy, a method is proposed to obtain the optimal attack strategy using the information entropy as the optimization index. It is interestingly demonstrated that such optimal attack strategy is equivalent to the one by using the estimation error of the identification algorithm as the optimization index. The rationality of the proposed method is verified through numerical simulations.

automation & control systems

Fangjun Kuang,Siyang Zhang,Zhong Jin,Weihong Xu

DOI: https://doi.org/10.1007/s00500-014-1332-7

IF: 3.732

2014-01-01

Soft Computing

Abstract:A novel support vector machine (SVM) model by combining kernel principal component analysis (KPCA) with improved chaotic particle swarm optimization (ICPSO) is proposed to deal with intrusion detection. The proposed method, in which multi-layer SVM classifier is employed to estimate whether the action is an attack, KPCA is applied as a preprocessor of SVM to reduce the dimension of feature vectors and shorten training time. To shorten the training time and improve the performance of SVM, N-RBF is employed to reduce the noise generated by feature differences, and ICPSO is presented to optimize the punishment factor C, kernel parameters \(\sigma \) and the tube size \(\varepsilon \) of SVM, which introduces chaos optimization and premature processing mechanism. Experimental results illustrate that the improved SVM model has faster computational time and higher predictive accuracy, and it can also shorten the training time and improve the performance of SVM.

Xue Li,Jin-long Fei,Jue Wang,Zan Qi

DOI: https://doi.org/10.1109/ITNEC56291.2023.10082305

2023-02-24

Abstract:Feature selection methods for classification are crucial for intrusion detection techniques using machine learning. High-dimensional features in intrusion detection data affect computational complexity, consume more used resources and more time for data analysis, and the irrelevant and redundant features among them often hinder the performance of classifiers and mislead the classification task. Therefore, it is challenging to select more relevant features from intrusion detection data containing many such features. In this paper, we propose an efficient feature selection algorithm that first considers the correlation between features and the redundancy of pairs of features with respect to class labels based on an improved Pearson correlation coefficient, and later improves the evaluation function based on conditional mutual information to obtain a final subset of features with the goal of improving the classification rate and accuracy. The proposed feature selection method based on improved conditional mutual information is compared with three existing feature selection methods on the frequently studied public benchmark intrusion detection dataset NSL-KDD. The experimental results show that the features selected by the proposed method in this paper lead to a significant reduction in execution time while resulting in higher classification accuracy.

Computer Science

Li Zou,Xuemei Luo,Yan Zhang,Xiao Yang,Xiangwen Wang

DOI: https://doi.org/10.1109/access.2023.3251354

IF: 3.9

2023-01-01

IEEE Access

Abstract:Network intrusion detection is an important technology in national cyberspace security strategy and has become a research hotspot in various cyberspace security issues in recent years. The development of effective and efficient intelligent network intrusion detection methods using advanced machine learning algorithms is of great importance for defending against various network intrusions in complex network environments. In this study, a network intrusion detection method based on decision tree twin support vector machine and hierarchical clustering, named HC-DTTWSVM, is proposed, which can effectively detect different categories of network intrusion. First, the hierarchical clustering algorithm is applied to construct the decision tree for network traffic data, where the bottom-up merging approach is used to maximize the separation of the upper nodes of the decision tree, which reduces the error accumulation in the construction of the decision tree. Then, twin support vector machines are embedded in the constructed decision tree to implement the network intrusion detection model, which can effectively detect the network intrusion category in a top-down manner. The detection performance of the proposed HC-DTTWSVM method is evaluated on NSL-KDD and UNSW-NB15 intrusion detection benchmark datasets. Experimental results show that HC-DTTWSVM can effectively detect different categories of network intrusion and achieves comparable detection performance compared to some of the recently proposed network intrusion detection methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

WANG Peng-ying,HUANG Hai,HUANG Xiao-ping

DOI: https://doi.org/10.3969/j.issn.1002-137x.2012.01.020

2012-01-01

Computer Science

Abstract:The network intrusion means are diversification.Traditional detection system can not extract feature very well.Packet is easy lost,and omission and misstatement rates are high.In order to improve the detection rate,this paper proposed an intrusion detection algorithm based on weighted feature selection.Firstly,features were extracted from network packets,then support vector machine(SVM) was used to select feature based on cross validation and calculate the feature values,lastly,intrusion detection mode was set up based on the weighted reserves features.The results of simulation experiment show that the proposed algorithm improves the intrusion detection rate.It is an effective network intrusion detection method.

Wu Liu,Ping Ren,Ke Liu,Duan Hai-xin

DOI: https://doi.org/10.1109/wicom.2011.6040153

2011-01-01

Abstract:This paper considers anomaly detection using an improved probabilistic neural networks. We first introduce a Basic Adaptive Boost Algorithm (BABA) and analysis its drawbacks and then introduce an Improved Adaptive Boost Algorithm (IABA) to classify the detected event as normal or intrusive. © 2011 IEEE.

Qian Huang,Zhen Wang,Tao Wei,Yu Chen

2006-01-01

Abstract:This paper presents an algorithm for intrusion detection, based on one-class support vector machine (SVM) and online training of SVM. The algorithm formulates intrusion detection as a one-class classification problem. The model-building part of the algorithm works even when the training data is noisy, and therefore compared with regular SVM algorithms, it imposes fewer requirements on the training set and has a higher detection rate. For the testing data containing new types of attack, the algorithm can add such data to the training set and update the training result real-time. It tests the algorithm on KDD CUP' 99 benchmark data set for intrusion detection and the result shows that the algorithm is able to shorten the training time, and in the same time, obtain a high detection rate.

Huaping Liu,Yin Jian,Sijia Liu

DOI: https://doi.org/10.1109/etcs.2010.210

2010-01-01

Abstract:Intelligent algorithms applied in intrusion detection system has become a tendency in recent years. An intelligent intrusion detection method is presented, based on rough set theory (RST) and improved binary particle swarm optimization with supported vector machine (IBPSO-SVM), which is combined attribute reduction with parameters optimization. Experiments on KDD CUP'99 dataset show this method can be an effective way for intrusion detection, not only accelerating the training time, but also improving the accuracy of test.

Mikel K. Ngueajio,Gloria Washington,Danda B. Rawat,Yolande Ngueabou

DOI: https://doi.org/10.48550/arXiv.2209.05579

2022-09-12

Cryptography and Security

Abstract:With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.

Amir Moradibaad,Ramin Jalilian Mashhoud

DOI: https://doi.org/10.48550/arXiv.1812.03173

2018-12-13

Abstract:In the world today computer networks have a very important position and most of the urban and national infrastructure as well as organizations are managed by computer networks, therefore, the security of these systems against the planned attacks is of great importance. Therefore, researchers have been trying to find these vulnerabilities so that after identifying ways to penetrate the system, they will provide system protection through preventive or countermeasures. SVM is one of the major algorithms for intrusion detection. In this research, we studied a variety of malware and methods of intrusion detection, provide an efficient method for detecting attacks and utilizing dimension <a class="link-external link-http" href="http://reduction.Thus" rel="external noopener nofollow">this http URL</a>, we will be able to detect attacks by carefully combining these two algorithms and pre-processes that are performed before the two on the input data. The main question raised is how we can identify attacks on computer networks with the above-mentioned method. In anomalies diagnostic method, by identifying behavior as a normal behavior for the user, the host, or the whole system, any deviation from this behavior is considered as an abnormal behavior, which can be a potential occurrence of an attack. The network intrusion detection system is used by anomaly detection method that uses the SVM algorithm for classification and SVD to reduce the size. Steps of the proposed method include pre-processing of the data set, feature selection, support vector machine, and <a class="link-external link-http" href="http://evaluation.The" rel="external noopener nofollow">this http URL</a> NSL-KDD data set has been used to teach and test the proposed model. In this study, we inferred the intrusion detection using the SVM algorithm for classification and SVD for diminishing dimensions with no classification <a class="link-external link-http" href="http://algorithm.Also" rel="external noopener nofollow">this http URL</a> the KNN algorithm has been compared in situations with and without diminishing dimensions,the results have shown that the proposed method has a better performance than comparable methods.

Cryptography and Security,Machine Learning

A. Devendhiran,I. Vasudevan,S. Saravanan,P. Preethi,R. Krishna Prakash

DOI: https://doi.org/10.1109/ICOTL59758.2023.10435119

2023-12-07

Abstract:In the current interconnected and susceptible digital environment, the demand for reliable network attack prediction systems has reached a critical level. This research paper presents a novel approach for network intrusion detection utilizing the Improved Import Vector Machine (IVM) classification algorithm combined with feature selection using Cuckoo Search based Grey Wolf Optimization (CS-GWO). The aim is to improve the accuracy and effectiveness of intrusion detection systems by selecting the most relevant features and employing a powerful classification algorithm. The proposed methodology begins with data preprocessing, ensuring the dataset is appropriately cleaned and normalized. Subsequently, the CS-GWO algorithm is applied for feature selection, leveraging the strengths of both Cuckoo Search and Grey Wolf Optimization. This hybrid approach efficiently explores the search space to identify the optimal feature subset that contributes to accurate intrusion detection. Once the feature selection process is completed, the IVM classification algorithm is employed to classify network instances into intrusion or normal categories. The IVM algorithm is chosen for its ability to handle high-dimensional data and its robustness in dealing with imbalanced datasets commonly encountered in network intrusion detection. To evaluate the performance of the proposed approach, extensive experiments are conducted using benchmark datasets. Various evaluation metrics such as accuracy, precision, recall, and F1 score are utilized to assess the effectiveness of the system in detecting network intrusions. The results demonstrate that the combination of IVM classification and CS-GWO feature selection significantly improves the accuracy and efficiency of network intrusion detection. The selected features obtained through CS-GWO contribute to enhanced classification performance, enabling the system to accurately identify and respond to potential intrusions in real-time scenarios.

Engineering,Computer Science

陈光英,张千里,李星

DOI: https://doi.org/10.3321/j.issn:1000-436x.2002.05.010

2002-01-01

Abstract:An intrusion detection system based on SVM classification technique was designed and implemented. It uses the technique of support vector machine to recognize TCP network connections without the reference of the port numbers. If a connection is recognized in a category that is different from the type of service characterized by the port number, then the connection is considered abnormal. This paper also focused on how the trace time, the feature set size and the kernel function of SVM affect the recognition error rate. Results from preliminary experiments show that our system can detect abnormal TCP network connections.

Mohammed Amin Almaiah,Omar Almomani,Adeeb Alsaaidah,Shaha Al-Otaibi,Nabeel Bani-Hani,Ahmad K. Al Hwaitat,Ali Al-Zahrani,Abdalwali Lutfi,Ali Bani Awad,Theyazn H. H. Aldhyani

DOI: https://doi.org/10.3390/electronics11213571

IF: 2.9

2022-11-02

Electronics

Abstract:The growing number of security threats has prompted the use of a variety of security techniques. The most common security tools for identifying and tracking intruders across diverse network domains are intrusion detection systems. Machine Learning classifiers have begun to be used in the detection of threats, thus increasing the intrusion detection systems' performance. In this paper, the investigation model for an intrusion detection systems model based on the Principal Component Analysis feature selection technique and a different Support Vector Machine kernels classifier is present. The impact of various kernel functions used in Support Vector Machines, namely linear, polynomial, Gaussian radial basis function, and Sigmoid, is investigated. The performance of the investigation model is measured in terms of detection accuracy, True Positive, True Negative, Precision, Sensitivity, and F-measure to choose an appropriate kernel function for the Support Vector Machine. The investigation model was examined and evaluated using the KDD Cup'99 and UNSW-NB15 datasets. The obtained results prove that the Gaussian radial basis function kernel is superior to the linear, polynomial, and sigmoid kernels in both used datasets. Obtained accuracy, Sensitivity, and, F-measure of the Gaussian radial basis function kernel for KDD CUP'99 were 99.11%, 98.97%, and 99.03%. for UNSW-NB15 datasets were 93.94%, 93.23%, and 94.44%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Shanxiong Chen,Maoling Peng,Hailing Xiong,Xianping Yu

DOI: https://doi.org/10.1155/2016/3095971

2016-01-01

Journal of Electrical and Computer Engineering

Abstract:Intrusion detection needs to deal with a large amount of data; particularly, the technology of network intrusion detection has to detect all of network data. Massive data processing is the bottleneck of network software and hardware equipment in intrusion detection. If we can reduce the data dimension in the stage of data sampling and directly obtain the feature information of network data, efficiency of detection can be improved greatly. In the paper, we present a SVM intrusion detection model based on compressive sampling. We use compressed sampling method in the compressed sensing theory to implement feature compression for network data flow so that we can gain refined sparse representation. After that SVM is used to classify the compression results. This method can realize detection of network anomaly behavior quickly without reducing the classification accuracy.

Zh-Xian Chen,Hao Huang

DOI: https://doi.org/10.1080/10798587.2011.10643140

2011-01-01

Abstract:Traditional intrusion detection techniques examine all features to detect intrusion or misuse patterns. But all features are not relevant and some of them may be redundant and contribute little to the detection process. Irrelevant and redundant features may lead to complex intrusion detection model as well as poor detection accuracy. In this paper, we propose and investigate a novel hybrid feature selection method to intrusion detection based on fusion of Extension Matrix (EM) and Genetic Algorithm (GA), which employs a combination of EM and GA through genetic operation, and it is capable of building an optimal detection model with only selected important features and their specific values. Experiment results show the achievement of high correct detection rates and tolerable low false positive rates based on benchmark KDD Cup 99 data sets.