Hassan Hadi Al-Maksousy,Michele C. Weigle,Cong Wang

DOI: https://doi.org/10.1109/ths.2018.8574174

2018-01-01

Abstract:Malware detection is an important problem. We propose an efficient real-time system to detect and classify malware based on network behavior using deep neural networks. We show that the splitting of the system into two neural networks, detection and analysis, is the key to increasing accuracy. Therefore, this approach allows for the construction of a real-time monitoring system with very low CPU usage. Finally, we provide a comparison analysis of four machine learning classifiers for this task.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Muhammad Basit Umair,Zeshan Iqbal,Muhammad Ahmad Faraz,Muhammad Attique Khan,Yu-Dong Zhang,Navid Razmjooy,Sefedine Kadry

DOI: https://doi.org/10.1089/big.2021.0268

IF: 4.426

2022-06-16

Big Data

Abstract:An intrusion detection system (IDS) is designed to detect and analyze network traffic for suspicious activity. Several methods have been introduced in the literature for IDSs; however, due to a large amount of data, these models have failed to achieve high accuracy. A statistical approach is proposed in this research due to the unsatisfactory results of traditional intrusion detection methods. The features are extracted and selected using a multilayer convolutional neural network, and a softmax classifier is employed to classify the network intrusions. To perform further analysis, a multilayer deep neural network is also applied to classify network intrusions. Furthermore, the experiments are performed using two commonly used benchmark intrusion detection datasets: NSL-KDD and KDDCUP'99. The performance of the proposed model is evaluated using four performance metrics: accuracy, recall, F1-score, and precision. The experimental results show that the proposed approach achieved better accuracy (99%) compared with other IDSs.

computer science, theory & methods, interdisciplinary applications

Ameera S. Jaradat,Malek M. Barhoush,Rawan S. Bani Easa

DOI: https://doi.org/10.11591/ijeecs.v25.i2.pp1151-1158

2022-02-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The main goal of intrusion detection system (IDS) is to monitor the network performance and to investigate any signs of any abnormalities over the network. Recently, intrusion detection systems employ machine learning techniques, due to the fact that machine learning techniques proved to have the ability of learning and adapting in addition to allowing a prompt response. This work proposes a model for intrusion detection and classification using machine learning techniques. The model first acquires the data set and transforms it in the proper format, then performs feature selection to pick out a subset of attributes that worth being considered. After that, the refined data set was processed by the Konstanz information miner (KNIME). To gain better performance and a decent comparative analysis, three different classifiers were applied. The anticipated classifiers have been executed and assessed utilizing the KNIME analytics platform using (CICIDS2017) datasets. The experimental results showed an accuracy rate ranging between (98.6) as the highest obtained while the average was (90.59%), which was satisfying compared to other approaches. The gained statistics of this research inspires the researchers of this field to use machine learning in cyber security and data analysis and build intrusion detection systems with higher accuracy.

Mohamed M Abdeldayem

DOI: https://doi.org/10.1007/s13369-022-07421-0

2022-11-07

Abstract:Artificial intelligence has been developed to be able to solve difficult problems that involve huge amounts of data and that require rapid decision-making in most branches of science and business. Machine learning is one of the most prominent areas of artificial intelligence, which has been used heavily in the last two decades in the field of network security, especially in Intrusion Detection Systems (IDS). Pattern recognition is a machine learning method applied in medical applications, image processing, and video processing. In this article, two layers' IDS is proposed. The first layer classifies the network connection according to the used service. Then, a minimum number of features that optimize the detection accuracy of malicious activities on that service are identified. Using those features, the second layer classifies each network connection as an attack or normal activity based on the pattern recognition method. In the training phase, two multivariate normal statistical models are created: the normal behavior model and the attack behavior model. In the testing and running phases, a maximum likelihood estimation function is used to classify a network connection into attack or normal activity using the two multivariate normal statistical models. The experimental results prove that the proposed IDS has superiority over related IDSs for network intrusion detection. Using only four features, it successfully achieves DR of 97.5%, 0.001 FAR, MCC 95.7%, and 99.8% overall accuracy.

Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

Ruki Harwahyu,Fajar Henri Erasmus Ndolu,Marlinda Vasty Overbeek

DOI: https://doi.org/10.11591/ijece.v14i2.pp1691-1699

2024-04-01

International Journal of Electrical and Computer Engineering (IJECE)

Abstract:In imbalanced network traffic, malicious cyberattacks can be hidden in a large amount of normal traffic, making it difficult for intrusion detection systems (IDS) to detect them. Therefore, anomaly-based IDS with machine learning is the solution. However, a single machine learning cannot accurately detect all types of attacks. Therefore, a hybrid model that combines long short-term memory (LSTM) and random forest (RF) in three layers is proposed. Building the hybrid model starts with Nearmiss-2 class balancing, which reduces normal samples without increasing minority samples. Then, feature selection is performed using chi-square and RF. Next, hyperparameter tuning is performed to obtain the optimal model. In the first and second layers, LSTM and RF are used for binary classification to detect normal data and attack data. While the third layer model uses RF for multiclass classification. The hybrid model verified using the CSE-CIC-IDS2018 dataset, showed better performance compared to the single algorithm. For multiclass classification, the hybrid model achieved 99.76% accuracy, 99.76% precision, 99.76% recall, and 99.75% F1-score.

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.3390/fi13050111

2021-04-28

Future Internet

Abstract:Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

Sabrine Ennaji,Nabil El Akkad,Khalid Haddouch

DOI: https://doi.org/10.4018/ijisp.317113

2023-02-03

International Journal of Information Security and Privacy

Abstract:The potential of machine learning mechanisms played a key role in improving the intrusion detection task. However, other factors such as quality of data, overfitting, imbalanced problems, etc. may greatly affect the performance of an intelligent intrusion detection system (IDS). To tackle these issues, this paper proposes a novel machine learning-based IDS called i-2NIDS. The novelty of this approach lies in the application of the nested cross-validation method, which necessitates using two loops: the outer loop is for hyper-parameter selection that costs least error during the run of a small amount of training set and the inner loop for the error estimation in the test set. The experiments showed significant improvements within NSL-KDD dataset with a test accuracy rate of 99.97%, 99.79%, 99.72%, 99.96%, and 99.98% in detecting normal activities, DDoS/DoS, Probing, R2L and U2R attacks, respectively. The obtained results approve the efficiency and superiority of the approach over other recent existing experiments.

Mouhammd Alkasassbeh

DOI: https://doi.org/10.48550/arXiv.1712.09623

2017-12-28

Abstract:Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

Networking and Internet Architecture,Cryptography and Security,Machine Learning

Zeeshan Ahmad,Adnan Shahid Khan,Cheah Wai Shiang,Johari Abdullah,Farhan Ahmad

DOI: https://doi.org/10.1002/ett.4150

IF: 3.6

2020-10-16

Transactions on Emerging Telecommunications Technologies

Abstract:<p>The rapid advances in the internet and communication fields have resulted in a huge increase in the network size and the corresponding data. As a result, many novel attacks are being generated and have posed challenges for network security to accurately detect intrusions. Furthermore, the presence of the intruders with the aim to launch various attacks within the network cannot be ignored. An intrusion detection system (IDS) is one such tool that prevents the network from possible intrusions by inspecting the network traffic, to ensure its confidentiality, integrity, and availability. Despite enormous efforts by the researchers, IDS still faces challenges in improving detection accuracy while reducing false alarm rates and in detecting novel intrusions. Recently, machine learning (ML) and deep learning (DL)‐based IDS systems are being deployed as potential solutions to detect intrusions across the network in an efficient manner. This article first clarifies the concept of IDS and then provides the taxonomy based on the notable ML and DL techniques adopted in designing network‐based IDS (NIDS) systems. A comprehensive review of the recent NIDS‐based articles is provided by discussing the strengths and limitations of the proposed solutions. Then, recent trends and advancements of ML and DL‐based NIDS are provided in terms of the proposed methodology, evaluation metrics, and dataset selection. Using the shortcomings of the proposed methods, we highlighted various research challenges and provided the future scope for the research in improving ML and DL‐based NIDS.</p>

telecommunications

Mouhammad Alkasassbeh,Mohammad Almseidin

DOI: https://doi.org/10.48550/arXiv.1809.02610

2018-09-02

Abstract:Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanisms that is used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity, and availability of the services. The speed of the IDS is a very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The J48, MLP, and Bayes Network classifiers have been chosen for this study. It has been proven that the J48 classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type DOS, R2L, U2R, and PROBE.

Networking and Internet Architecture,Cryptography and Security

Rula Abdulwahid Mohammed,Youssef A. Bazzi

DOI: https://doi.org/10.47001/irjiet/2024.802001

2024-01-01

International Research Journal of Innovations in Engineering and Technology

Abstract:The ever-evolving cybersecurity sector requires robust intrusion detection systems (IDS). Traditional rules-based measures are no longer sufficient due to the complexity of cyber threats, requiring new approaches. This study presents the architecture of an intrusion detection system combining machine learning and principal component analysis (PCA) to increase network security. A network traffic classification system was built and tested on the NSL-KDD dataset and used PCA for dimensionality reduction. The results were cross-validated to reduce overfitting and ensure generalizability of the model. Low-variance precision refers to the consistency of the cross-validation fold. The combination of PCA and machine learning models exceeds previous studies with an F1 score for the random forest model of over 99%. The study improves intrusion detection and network protection against cyber-attacks.

Caihong Wang,Run Huang,Weihang Zhang,Jian Sun

DOI: https://doi.org/10.1109/iccwamtip47768.2019.9067642

2019-01-01

Abstract:The main purpose of the intrusion detection system (IDS) is to detect a network attack and respond to the network intrusion. Existing supervised IDSs require a large amount of tag data as the training data, and there is almost no effect on the unknown attacks. Traditional unsupervised intrusion systems have problems including low accuracy and the inability to provide specific information regarding the detected attacks. To solve the above problems, we propose a multilayer IDS based on semi-supervised clustering. This system solves the problem of insufficient training data by using tag extension technology and genetic algorithm, and solves the problem of unsupervised clustering unable to provide specific information of attack by using the idea of semi-supervised clustering. We use the NSL-KDD dataset to conduct the experiments. The simulation results show that the proposed IDS only needs a small amount of training data to obtain better performance, especially for lower frequency attacks.

Zhanfei Ma,Xuefeng Zheng

DOI: https://doi.org/10.1109/wgec.2008.56

2008-01-01

Abstract:Recently network intrusion detection is one of the hottest research topics. Existing network-based Intrusion Detection System (IDS) has drawbacks in many aspects, among of which the two outstanding problems are the high ratio of false alarms and the lack of self-adaptation. The powerful information processing capabilities of the biological immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive multi-layer defence mechanisms provide rich metaphors for designing a computer immune defence system. In this approach, the authors propose a novel multi-layer defence mechanisms based on immunity, which is capable of detecting and identifying both known and unknown intrusions, elaborating a specialized response measure. Besides that, the proposed defence mechanisms have the same learning and adaptive capability of the biological immune system, and so it is able to monitor networked computer's activities at different levels, and to improve its response under subsequent exposures to the same attack. This on-going research effort is not to mimic simply the immunology characteristics but to explore and learn valuable lessons useful for self-adaptive immune intrusion prevention systems.

Muhammad Naveed,Fahim Arif,Syed Muhammad Usman,Aamir Anwar,Myriam Hadjouni,Hela Elmannai,Saddam Hussain,Syed Sajid Ullah,Fazlullah Umar

DOI: https://doi.org/10.1155/2022/2215852

2022-08-10

Wireless Communications and Mobile Computing

Abstract:An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as "the big three." On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammed Maithem,Ghadaa A. Al-sultany

DOI: https://doi.org/10.1088/1742-6596/1804/1/012138

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract In recent decades, rapid development in the world of technology and networks has been achieved, also there is a spread of Internet services in all fields over the world. Piracy numbers have increased, also a lot of modern systems were penetrated, so the developing information security technologies to detect the new attack become an important requirement. One of the most important information security technologies is an Intrusion Detection System (IDS) that uses machine learning and deep learning techniques to detect anomalies in the network. The main idea of this paper is to use an advanced intrusion detection system with high network performance to detect the unknown attack package, by using a deep neural network algorithm, also in this model, the attack detection is done by two ways (binary classification and multiclass classification). The proposed system has shown encouraging results in terms of the high accuracy (99.98% with multiclass classification and with binary classification).

Soulaiman Moualla,Khaldoun Khorzom,Assef Jafar

DOI: https://doi.org/10.1155/2021/5557577

2021-06-15

Abstract:Networks are exposed to an increasing number of cyberattacks due to their vulnerabilities. So, cybersecurity strives to make networks as safe as possible, by introducing defense systems to detect any suspicious activities. However, firewalls and classical intrusion detection systems (IDSs) suffer from continuous updating of their defined databases to detect threats. The new directions of the IDSs aim to leverage the machine learning models to design more robust systems with higher detection rates and lower false alarm rates. This research presents a novel network IDS, which plays an important role in network security and faces the current cyberattacks on networks using the UNSW-NB15 dataset benchmark. Our proposed system is a dynamically scalable multiclass machine learning-based network IDS. It consists of several stages based on supervised machine learning. It starts with the Synthetic Minority Oversampling Technique (SMOTE) method to solve the imbalanced classes problem in the dataset and then selects the important features for each class existing in the dataset by the Gini Impurity criterion using the Extremely Randomized Trees Classifier (Extra Trees Classifier). After that, a pretrained extreme learning machine (ELM) model is responsible for detecting the attacks separately, "One-Versus-All" as a binary classifier for each of them. Finally, the ELM classifier outputs become the inputs to a fully connected layer in order to learn from all their combinations, followed by a logistic regression layer to make soft decisions for all classes. Results show that our proposed system performs better than related works in terms of accuracy, false alarm rate, Receiver Operating Characteristic (ROC), and Precision-Recall Curves (PRCs).

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Arushi Agarwal,Purushottam Sharma,Mohammed Alshehri,Ahmed A. Mohamed,Osama Alfarraj

DOI: https://doi.org/10.7717/peerj-cs.437

2021-04-07

PeerJ Computer Science

Abstract:In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

computer science, information systems, artificial intelligence, theory & methods