Kezhou Ren,Yifan Zeng,Zhiqin Cao,Yingchao Zhang

DOI: https://doi.org/10.1038/s41598-022-19366-3

IF: 4.6

2022-09-14

Scientific Reports

Abstract:Network assaults pose significant security concerns to network services; hence, new technical solutions must be used to enhance the efficacy of intrusion detection systems. Existing approaches pay insufficient attention to data preparation and inadequately identify unknown network threats. This paper presents a network intrusion detection model (ID-RDRL) based on RFE feature extraction and deep reinforcement learning. ID-RDRL filters the optimum subset of features using the RFE feature selection technique, feeds them into a neural network to extract feature information and then trains a classifier using DRL to recognize network intrusions. We utilized CSE-CIC-IDS2018 as a dataset and conducted tests to evaluate the model's performance, which is comprised of a comprehensive collection of actual network traffic. The experimental results demonstrate that the proposed ID-RDRL model can select the optimal subset of features, remove approximately 80% of redundant features, and learn the selected features through DRL to enhance the IDS performance for network attack identification. In a complicated network environment, it has promising application potential in IDS.

multidisciplinary sciences

Wei Pan,Weihua Li

DOI: https://doi.org/10.1007/11576235_58

2005-01-01

Abstract:Intrusion Detection is an essential and critical component of network security systems. The key ideas are to discover useful patterns or features that describe user behavior on a system, and use the set of relevant features to build classifiers that can recognize anomalies and known intrusions, hopefully in real time. In this paper, a hybrid neural network technique is proposed, which consists of the self-organizing map (SOM) and the radial basis function (RBF) network, aiming at optimizing the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach performance especially in terms of both efficient and accuracy.

Yichun Peng,Yi Niu,Qiwei Hu

DOI: https://doi.org/10.1109/CIS.2012.128

2012-01-01

Abstract:As an active and dynamic security-defense technique, intrusion detection can detect the interior and exterior attacks, and it plays an important role in assuring the network security. A radial basis function (RBF) neural network learning algorithm based on immune recognition algorithm which based on the clonal selection principle recognition principle was studied. In the algorithm, the input data was regarded as antigens, and antibodies are regarded as the hidden layer centers. The weights of the output layer are determined by adopting the Recursive least square method, which can improve convergence speed and precision of the RBF neural network. This algorithm was applied to Intrusion Detection Systems. Theory and experiment show that this algorithm has better ability in intrusion detection, and can be used to improve the efficiency of intrusion detection, reduce the false alarm rate.

Al Mehedi Hasan d.,Nasser Mohammed,Ahmad Shamim,Islam Molla Khademul,Md. Al Mehedi Hasan,Mohammed Nasser,Shamim Ahmad,Khademul Islam Molla

DOI: https://doi.org/10.4236/jis.2016.73009

2016-01-01

Journal of Information Security

Abstract:An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.

English Else

Yakub Kayode Saheed,Temitope Olubanjo Kehinde,Mustafa Ayobami Raji,Usman Ahmad Baba

DOI: https://doi.org/10.1080/24751839.2023.2272484

2023-11-08

Journal of Information and Telecommunication

Abstract:This research introduces innovative approaches to enhance intrusion detection systems (IDSs) by addressing critical challenges in existing methods. Various machine-learning techniques, including nature-inspired metaheuristics, Bayesian algorithms, and swarm intelligence, have been proposed in the past for attribute selection and IDS performance improvement. However, these methods have often fallen short in terms of detection accuracy, detection rate, precision, and F-score. To tackle these issues, the paper presents a novel hybrid feature selection approach combining the Bat metaheuristic algorithm with the Residue Number System (RNS). Initially, the Bat algorithm is utilized to partition training data and eliminate irrelevant attributes. Recognizing the Bat algorithm's slower training and testing times, RNS is incorporated to enhance processing speed. Additionally, principal component analysis (PCA) is employed for feature extraction. In a second phase, RNS is excluded for feature selection, allowing the Bat algorithm to perform this task while PCA handles feature extraction. Subsequently, classification is conducted using naive bayes, and k-Nearest Neighbors. Experimental results demonstrate the remarkable effectiveness of combining RNS with the Bat algorithm, achieving outstanding detection rates, accuracy, and F-scores. Notably, the fusion approach doubles processing speed. The findings are further validated through benchmarking against existing intrusion detection methods, establishing their competitiveness.

S. Priya,K. Pradeep Mohan Kumar

DOI: https://doi.org/10.1007/s00500-023-08678-9

IF: 3.732

2023-06-08

Soft Computing

Abstract:The new generation of Intrusion Detection Systems (IDS) progressively requires automatic and intellectual network ID strategies for managing security risks made by a rising amount of advanced attackers from the cyber environment. Specifically, there were huge demands for autonomous agent-related IDS solution which need some human intervention as possible whereas can progress and enhance themselves (by making suitable acts for a presented environment) and turns out to be highly powerful to effective threats that were not seen before (for instance, zero-day attacks). Recently, DRL methods were presented that can learns from the environment with uncontrollable massive amount of states for addressing the major drawbacks of prevailing RL methods. This article introduces a Binary Bat Algorithm-based Feature Selection with Deep Reinforcement Learning (BBAFS-DRL) system for IDSs. The major intention of the BBAFS-DRL approach is the recognition and classification of intrusion systems. In the projected BBAFS-DRL method, data pre-processed was primarily executed to change the data as suitable format. Furthermore, the BBAFS system can be utilized for the effectual feature selection. Next, deep Q-network is applied for the effectual identification and classification of intrusion. At last, the root means square propagation (RMSProp) optimizer is utilized for the effectual hyperparameter tuning procedure. The experimental analysis of the BBAFS-DRL algorithm can be tested by utilize of benchmark database and the outcome can be analyzed on many measures. The comparison outcome demonstrated the improvement of the BBAFS-DRL methodology over other existing approaches.

computer science, artificial intelligence, interdisciplinary applications

Qasem, Abdelaziz Alshaikh,Qutqut, Mahmoud H.,Kitana, Asem

DOI: https://doi.org/10.1007/s12083-024-01763-2

IF: 3.488

2024-08-24

Peer-to-Peer Networking and Applications

Abstract:Network intrusion detection systems (NIDSs) have evolved into a significant subject in cybersecurity research, mainly due to the growth of cyberattacks and intelligence, which also led to the usage of machine learning (ML) to advance and enhance NIDSs. A NIDS is the first line of defense in any environment, and it detects external and internal attacks. Recently, intrusion mechanisms have become more sophisticated and challenging to detect. Researchers have applied techniques such as ML to detect intruders and secure networks. This paper proposes a novel approach called SRFE (Stepwise Recursive Feature Elimination) to improve the performance and efficiency of predictive models for NIDSs. Our approach depends primarily on recursive feature elimination, which operates on a simple yet effective principle. We experimented with four classification algorithms, namely Support Vector Machine (SVM), Naive Bayes (NB), J48, and Random Forest (RF), on the most widely used dataset in the cybersecurity domain (NSL-KDD). The approach is mainly built on the features' significance ranking using the Information Gain (IG) method. We conduct multiple experiments according to three scenarios. Each scenario contains various rounds, and in each round, we train the classifiers to eliminate the three lowest-ranked features stepwise. Our experiments show that the RF and J48 classifiers outperform other binary classifiers with an accuracy of 99.80% and 99.66%, respectively. Furthermore, both classifiers obtained the best results in the multiclass classification task; J48 achieved an accuracy of 99.53% in round number seven, and the RF achieved 99.69% in the fifth round.

computer science, information systems,telecommunications

Reehan Ali Shah,Yuntao Qian,Ghulam Mahdi

DOI: https://doi.org/10.1109/hpcc-smartcity-dss.2016.0089

2016-01-01

Abstract:Intrusion Detection System (IDS) may be considered one of the most important components in the domain of network security. Currently, most of the IDSs encounter some problems like feature redundancy, high-dimensional feature, overfitting and a limited number of training examples. Thus, feature selection acts as an important role in IDSs to solve the aforementioned problems. In our suggested approach, we try to address these problems via Structural Sparse Logistic Regression (SSPLR). In this paper, we propose important feature groups and individual feature selection as well as intrusions classification for IDSs. Recently, SSPLR has been used as a technique for data analysis and processing via structural sparse penalization. With SSPLR, the relation between features has been considered in the modeling. Finally, the experiments in this correspondence demonstrate that the SSPLR technique has better performance than the currently used techniques addressing the same challenge.

Zhang Lian-hua,Zhang Guan-hua,Lang Yu,Zhang Jie,Bai Ying-cai

DOI: https://doi.org/10.1631/jzus.2004.1076

2004-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of “IF-THEN” rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).

LIU YAN,JIANG JIANGUO,DU GENYUAN

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.15.015

2007-01-01

Abstract:By combining fuzzy clustering and neural network ,this paper puts forward an FORBF algorithm based on improved FCM and OLS.The novel algorithm is applied to intrusion detection.The simulation shows that FORBF gains satisfying performances.

Reehan Ali Shah,Yuntao Qian,Dileep Kumar,Munwar Ali,Muhammad Bux Alvi

DOI: https://doi.org/10.3390/fi9040081

2017-01-01

Future Internet

Abstract:Intrusion detection system (IDS) is a well-known and effective component of network security that provides transactions upon the network systems with security and safety. Most of earlier research has addressed difficulties such as overfitting, feature redundancy, high-dimensional features and a limited number of training samples but feature selection. We approach the problem of feature selection via sparse logistic regression (SPLR). In this paper, we propose a discriminative feature selection and intrusion classification based on SPLR for IDS. The SPLR is a recently developed technique for data analysis and processing via sparse regularized optimization that selects a small subset from the original feature variables to model the data for the purpose of classification. A linear SPLR model aims to select the discriminative features from the repository of datasets and learns the coefficients of the linear classifier. Compared with the feature selection approaches, like filter (ranking) and wrapper methods that separate the feature selection and classification problems, SPLR can combine feature selection and classification into a unified framework. The experiments in this correspondence demonstrate that the proposed method has better performance than most of the well-known techniques used for intrusion detection.

Yuyang Zhou,Guang Cheng

2019-01-01

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Xiaojun Tong,Zhu Wang,Haining Yu

DOI: https://doi.org/10.1016/j.cpc.2009.05.004

IF: 4.717

2009-01-01

Computer Physics Communications

Abstract:A hybrid RBF/Elman neural network model that can be employed for both anomaly detection and misuse detection is presented in this paper. The IDSs using the hybrid neural network can detect temporally dispersed and collaborative attacks effectively because of its memory of past events. The RBF network is employed as a real-time pattern classification and the Elman network is employed to restore the memory of past events. The IDSs using the hybrid neural network are evaluated against the intrusion detection evaluation data sponsored by U.S. Defense Advanced Research Projects Agency (DARPA). Experimental results are presented in ROC curves. Experiments show that the IDSs using this hybrid neural network improve the detection rate and decrease the false positive rate effectively.

Jiang Zhong,Zhiguo Li,Yong Feng,Cunxiao Ye

DOI: https://doi.org/10.1109/ISDA.2006.253762

2006-01-01

Abstract:Recently the machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, we propose a new method to design classifier based on multiple granularities immune network. Firstly a multiple granularities immune network (MGIN) algorithm is employed to reduce the data and get the candidate hidden neurons and construct an original RBF network including all candidate neurons. Secondly, the removing redundant neurons procedure is used to get a smaller network. Experimental results on the real network data set show that the new classifier has higher detection and lower false positive rate than traditional RBF classifier.

张连华,张冠华,张洁,白英彩

DOI: https://doi.org/10.3321/j.issn:1006-2467.2004.z1.047

2004-01-01

Abstract:This paper presented an intelligent intrusion detection mechanism using Rough Set Classification (RSC). Given some attacks, the intrusion detection mechanism using RSC can get both explainable detection rules and high detection rate. Furthermore, RSC can also accomplish fast feature ranking for the intrusion detection system. The performance of RSC was compared with that of Support Vector Machine (SVM), which is a classical intrusion detection algorithm. Experiments were carried out based on a set of benchmark DARPA data. It is observed that both RSC and SVM obtain high accurate results (with accuracy greater than 99% on testing set) for Probe and DoS attacks. However, RSC has a higher training time in comparison with the SVM. To solve this problem, an improved hybrid genetic algorithm was proposed here to expedite the convergence speed of computing the rough set reducts and decrease the training time of RSC.

M. Rani,Gagandeep

DOI: https://doi.org/10.1109/INDIACom51348.2021.00088

2021-03-17

Abstract:Feature selection in Intrusion Detection System (IDS) helps in optimizing the classification process. Being an optimization problem, it is vitally important to choose the appropriate subset of features from feature space. In this paper, Artificial Bee Colony (ABC) algorithm has been used for feature selection process followed by random forest classifier applied for classification task. The proposed model is evaluated over two well-known datasets, i.e. NSL KDD and UNSW-NB15. The experimental results show that the proposed approach is able to select good feature set from both datasets using 80.83% and 88.17% accuracy. The performance of the system is also compared with the existing literature work which uses same datasets.

Computer Science

田俊峰,张晶,毕志明

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.31.039

2008-01-01

Computer Engineering and Applications Journal

Abstract:In recent years,the neural network technology obtained the widespread application in the Intrusion,what most has represents is the BP neural network,but the local minimum nature of itself has limited the detection performance enhancement.The RBF network can solve the BP neural network existence question.But how to determine an appropriate RBF network hidden centers is also a difficult problem.In view of the above question,by combining Entropy-based Fuzzy Clustering(EFC) and neural network,this paper puts forward an improved RBF algorithm based on Entropy-based Fuzzy Clustering and applies this algorithm to intrusion detection.The experiment shows that algorithm can gains satisfying performances.

Yuhua Yin,Julian Jang-Jaccard,Wen Xu,Amardeep Singh,Jinting Zhu,Fariza Sabrina,Jin Kwak

DOI: https://doi.org/10.1186/s40537-023-00694-8

2023-02-07

Journal Of Big Data

Abstract:The effectiveness of machine learning models can be significantly averse to redundant and irrelevant features present in the large dataset which can cause drastic performance degradation. This paper proposes IGRF-RFE: a hybrid feature selection method tasked for multi-class network anomalies using a multilayer perceptron (MLP) network. IGRF-RFE exploits the qualities of both a filter method for its speed and a wrapper method for its relevance search. In the first phase of our approach, we use a combination of two filter methods, information gain (IG) and random forest (RF) respectively, to reduce the feature subset search space. By combining these two filter methods, the influence of less important features but with the high-frequency values selected by IG is more effectively managed by RF resulting in more relevant features to be included in the feature subset search space. In the second phase of our approach, we use a machine learning-based wrapper method that provides a recursive feature elimination (RFE) to further reduce feature dimensions while taking into account the relevance of similar features. Our experimental results obtained based on the UNSW-NB15 dataset confirmed that our proposed method can improve the accuracy of anomaly detection as it can select more relevant features while reducing the feature space. The results show that the feature is reduced from 42 to 23 while the multi-classification accuracy of MLP is improved from 82.25% to 84.24%.

Yuyang Zhou,Guang Cheng,Shanqing Jiang,Mian Dai

DOI: https://doi.org/10.1016/j.comnet.2020.107247

IF: 5.493

2020-01-01

Computer Networks

Abstract:Intrusion detection system (IDS) is one of extensively used techniques in a network topology to safeguard the integrity and availability of sensitive assets in the protected systems. Although many supervised and unsupervised learning approaches from the field of machine learning have been used to increase the efficacy of IDSs, it is still a problem for existing intrusion detection algorithms to achieve good performance. First, lots of redundant and irrelevant data in high-dimensional datasets interfere with the classification process of an IDS. Second, an individual classifier may not perform well in the detection of each type of attacks. Third, many models are built for stale datasets, making them less adaptable for novel attacks. Thus, we propose a new intrusion detection framework in this paper, and this framework is based on the feature selection and ensemble learning techniques. In the first step, a heuristic algorithm called CFS-BA is proposed for dimensionality reduction, which selects the optimal subset based on the correlation between features. Then, we introduce an ensemble approach that combines C4.5, Random Forest (RF), and Forest by Penalizing Attributes (Forest PA) algorithms. Finally, voting technique is used to combine the probability distributions of the base learners for attack recognition. The experimental results, using NSL-KDD, AWID, and CIC-IDS2017 datasets, reveal that the proposed CFS-BA-Ensemble method is able to exhibit better performance than other related and state of the art approaches under several metrics.

Nour Moustafa,Jill Slay

DOI: https://doi.org/10.4225/75/57a84d4fbefbb

2017-07-18

Abstract:Network intrusion detection systems are an active area of research to identify threats that face computer networks. Network packets comprise of high dimensions which require huge effort to be examined effectively. As these dimensions contain some irrelevant features, they cause a high False Alarm Rate (FAR). In this paper, we propose a hybrid method as a feature selection, based on the central points of attribute values and an Association Rule Mining algorithm to decrease the FAR. This algorithm is designed to be implemented in a short processing time, due to its dependency on the central points of feature values with partitioning data records into equal parts. This algorithm is applied on the UNSW-NB15 and the NSLKDD data sets to adopt the highest ranked features. Some existing techniques are used to measure the accuracy and FAR. The experimental results show the proposed model is able to improve the accuracy and decrease the FAR. Furthermore, its processing time is extremely short.

Cryptography and Security