Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Muataz Salam Al-Daweri,Khairul Akram Zainol Ariffin,Salwani Abdullah,Mohamad Firham Efendy Md. Senan

DOI: https://doi.org/10.3390/sym12101666

2020-10-13

Symmetry

Abstract:The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies.

Solane Duque,Mohd. Nizam bin Omar

DOI: https://doi.org/10.1016/j.procs.2015.09.145

2015-01-01

Procedia Computer Science

Abstract:A common problem shared by current IDS is the high false positives and low detection rate. An unsupervised machine learning using k-means was used to propose a model for Intrusion Detection System (IDS) with higher efficiency rate and low false positives and false negatives. The NSL-KD data set was used which consisted of 25,192 entries with 22 different types of data. Results of the study using 11, 22, 44, 66 and 88 clusters, showed an efficiency rate of 70.75%, 81.61%, 65.40%, 61.30% and 55.43% respectively; false positive rates of 0.74%, 4.03%, 15.55%, 21.47% and 31.91% respectively; and false negative rates of 99.82%, 98.14%, 97.76%, 96.32% and 95.70%, respectively. Interestingly, the best results were generated when the number of clusters matches the number of data types in the data set. In the light of the findings, it is recommended that other data mining techniques be explored; a study using k-means data mining algorithm followed by signature-based approach is proposed in order to lessen the false negative rate; and a system for automatically identifying the number of clusters may be developed.

Shweta More,Moad Idrissi,Haitham Mahmoud,A. Taufiq Asyhari

DOI: https://doi.org/10.3390/a17020064

2024-02-01

Algorithms

Abstract:The rapid proliferation of new technologies such as Internet of Things (IoT), cloud computing, virtualization, and smart devices has led to a massive annual production of over 400 zettabytes of network traffic data. As a result, it is crucial for companies to implement robust cybersecurity measures to safeguard sensitive data from intrusion, which can lead to significant financial losses. Existing intrusion detection systems (IDS) require further enhancements to reduce false positives as well as enhance overall accuracy. To minimize security risks, data analytics and machine learning can be utilized to create data-driven recommendations and decisions based on the input data. This study focuses on developing machine learning models that can identify cyber-attacks and enhance IDS system performance. This paper employed logistic regression, support vector machine, decision tree, and random forest algorithms on the UNSW-NB15 network traffic dataset, utilizing in-depth exploratory data analysis, and feature selection using correlation analysis and random sampling to compare model accuracy and effectiveness. The performance and confusion matrix results indicate that the Random Forest model is the best option for identifying cyber-attacks, with a remarkable F1 score of 97.80%, accuracy of 98.63%, and low false alarm rate of 1.36%, and thus should be considered to improve IDS system security.

Abhishek Divekar,Meet Parekh,Vaibhav Savla,Rudra Mishra,Mahesh Shirole

DOI: https://doi.org/10.1109/CCCS.2018.8586840

2018-11-13

Abstract:Machine Learning has been steadily gaining traction for its use in Anomaly-based Network Intrusion Detection Systems (A-NIDS). Research into this domain is frequently performed using the KDD~CUP~99 dataset as a benchmark. Several studies question its usability while constructing a contemporary NIDS, due to the skewed response distribution, non-stationarity, and failure to incorporate modern attacks. In this paper, we compare the performance for KDD-99 alternatives when trained using classification models commonly found in literature: Neural Network, Support Vector Machine, Decision Tree, Random Forest, Naive Bayes and K-Means. Applying the SMOTE oversampling technique and random undersampling, we create a balanced version of NSL-KDD and prove that skewed target classes in KDD-99 and NSL-KDD hamper the efficacy of classifiers on minority classes (U2R and R2L), leading to possible security risks. We explore UNSW-NB15, a modern substitute to KDD-99 with greater uniformity of pattern distribution. We benchmark this dataset before and after SMOTE oversampling to observe the effect on minority performance. Our results indicate that classifiers trained on UNSW-NB15 match or better the Weighted F1-Score of those trained on NSL-KDD and KDD-99 in the binary case, thus advocating UNSW-NB15 as a modern substitute to these datasets.

Machine Learning,Artificial Intelligence,Cryptography and Security

Jiadong Ren,Jiawei Guo,Wang Qian,Huang Yuan,Xiaobing Hao,Hu Jingjing

DOI: https://doi.org/10.1155/2019/7130868

IF: 1.968

2019-06-16

Security and Communication Networks

Abstract:Intrusion detection system (IDS) can effectively identify anomaly behaviors in the network; however, it still has low detection rate and high false alarm rate especially for anomalies with fewer records. In this paper, we propose an effective IDS by using hybrid data optimization which consists of two parts: data sampling and feature selection, called DO_IDS. In data sampling, the Isolation Forest (iForest) is used to eliminate outliers, genetic algorithm (GA) to optimize the sampling ratio, and the Random Forest (RF) classifier as the evaluation criteria to obtain the optimal training dataset. In feature selection, GA and RF are used again to obtain the optimal feature subset. Finally, an intrusion detection system based on RF is built using the optimal training dataset obtained by data sampling and the features selected by feature selection. The experiment will be carried out on the UNSW-NB15 dataset. Compared with other algorithms, the model has obvious advantages in detecting rare anomaly behaviors.

computer science, information systems,telecommunications

Sudhanshu Sekhar Tripathy,Bichitrananda Behera

2023-10-01

Abstract:The escalation of hazards to safety and hijacking of digital networks are among the strongest perilous difficulties that must be addressed in the present day. Numerous safety procedures were set up to track and recognize any illicit activity on the network's infrastructure. IDS are the best way to resist and recognize intrusions on internet connections and digital technologies. To classify network traffic as normal or anomalous, Machine Learning (ML) classifiers are increasingly utilized. An IDS with machine learning increases the accuracy with which security attacks are detected. This paper focuses on intrusion detection systems (IDSs) analysis using ML techniques. IDSs utilizing ML techniques are efficient and precise at identifying network assaults. In data with large dimensional spaces, however, the efficacy of these systems degrades. correspondingly, the case is essential to execute a feasible feature removal technique capable of getting rid of characteristics that have little effect on the classification process. In this paper, we analyze the KDD CUP-'99' intrusion detection dataset used for training and validating ML models. Then, we implement ML classifiers such as Logistic Regression, Decision Tree, K-Nearest Neighbour, Naive Bayes, Bernoulli Naive Bayes, Multinomial Naive Bayes, XG-Boost Classifier, Ada-Boost, Random Forest, SVM, Rocchio classifier, Ridge, Passive-Aggressive classifier, ANN besides Perceptron (PPN), the optimal classifiers are determined by comparing the results of Stochastic Gradient Descent and back-propagation neural networks for IDS, Conventional categorization indicators, such as "accuracy, precision, recall, and the f1-measure, have been used to evaluate the performance of the ML classification algorithms.

Cryptography and Security

QIAN Qin,ZHANG Jian,ZHANG Kun,FU Xiao,MAO Bing

2014-01-01

Computer Science

Abstract:For the past few years,the amount of computer crime has been increasing year by year,and it is threatening various aspects of human society such as national politics,economy,and culture,etc.In modern society,the research on intrusion forensics and intrusion detection plays a significant role for fighting against computer crime,tracing intrusion,patching vulnerability and improving security system of computer network.However,with the popularity of Internet and the improving capacity of computers' storage,we often need to handle mass data about GB size,even up to TB size for intrusion forensics and intrusion detection.It inevitably makes much useful information submerge in redundant events,which brings about a huge challenge and low accuracy of analysis result.So it will be a topmost breakthrough to design a kind of technology for reducing redundant data and improving its accuracy and efficiency.This paper summarized several methods on intrusion forensics and intrusion detection.Firstly,this paper discoursed the development course of redundancy-reducing techniques and the application in traditional field such as medical domain.Then it systematically introduced all kinds of redundancy-reducing methods in intrusion forensics and intrusion detection.Finally,it figured out the existing problems and research direction in the future.It also gave some conclusions through the comparison on current situation of redundant data reducing techniques.

Avinash R. Sonule,Mukesh Kalla,Amit Jain,D.S. Chouhan,,,,

DOI: https://doi.org/10.35940/ijeat.c5809.029320

2020-02-28

International Journal of Engineering and Advanced Technology

Abstract:The network attacks become the most important security problems in the today’s world. There is a high increase in use of computers, mobiles, sensors,IoTs in networks, Big Data, Web Application/Server,Clouds and other computing resources. With the high increase in network traffic, hackers and malicious users are planning new ways of network intrusions. Many techniques have been developed to detect these intrusions which are based on data mining and machine learning methods. Machine learning algorithms intend to detect anomalies using supervised and unsupervised approaches.Both the detection techniques have been implemented using IDS datasets like DARPA98, KDDCUP99, NSL-KDD, ISCX, ISOT.UNSW-NB15 is the latest dataset. This data set contains nine different modern attack types and wide varieties of real normal activities. In this paper, a detailed survey of various machine learning based techniques applied on UNSW-NB15 data set have been carried out and suggested thatUNSW-NB15 is more complex than other datasets and is assumed as a new benchmark data set for evaluating NIDSs.

Vikash Kumar,Ayan Kumar Das,Ditipriya Sinha

DOI: https://doi.org/10.1007/978-981-13-9042-5_24

2019-08-18

Abstract:Intrusion Detection System (IDS) has been developed to protect the resources in the network from different types of threats. Existing IDS methods can be classified as either anomaly based or misuse (signature) based or sometimes combination of both. This paper proposes a novel misuse-based intrusion detection system to defend our network from five categories such as Exploit, DOS, Probe, Generic, and Normal. Most of the related works on IDS are based on KDD99 or NSL-KDD 99 dataset. These datasets are considered obsolete to detect recent types of attacks and have no significance. In this paper, UNSW-NB15 (Moustafa and Slay, Military Communications and Information Systems Conference (2015) [1]) dataset is considered as the offline dataset to design intrusion detection model for detecting malicious activities in the network. The performance evaluation of proposed work with the UNSW-NB15 (benchmark dataset) shows higher accuracy and IDR compared to other existing approaches. Performance analysis proves that clustering technique is really useful in order to analyze similarity in behavior of different categories and hence helpful to improve the performance of IDS.

P. G. V. Suresh Kumar,Shaheda Akthar

DOI: https://doi.org/10.1007/978-981-16-1866-6_28

2021-07-23

Abstract:Computer security is a significant issue in the present networking conditions. These days, with the improvement of Web advances administrations on the planet, the gatecrashers have been expanded promptly. Consequently, the need for an intrusion detection system (IDS) framework in the security of the organization field keeps interlopers from approaching the data. IDS is a gadget or programming application that screens the organization or framework for malevolent action or strategy infringement and sends caution to framework and managers at a legitimate time. IDS screens both inbound and outbound traffics and is used to recognize potential interruptions. In this article, IDSs are assembled utilizing machine learning (ML) methods. IDSs dependent on ML techniques are viable and exact in identifying network assaults. In any case, the presentation of these frameworks diminishes for high-dimensional information spaces. It is necessary to perform a fitting component extraction strategy that can prune a portion of the highlights that does not have an incredible effect in the characterization cycle. Feature choice is expected to choose the ideal subset of highlights that delivers to the whole dataset to expand the precision and the characterization execution of IDS. In this work, the UNSW-NB15 interruption discovery dataset is examined to prepare and test the models. Additionally, a covering-based element is applied to decrease the strategy by utilizing the SVM-RFE calculation for IDS to choose the best subset of highlights. At that point, the two ML approaches are executed to utilize the diminished component space such as decision tree and support vector machine (SVM). The outcomes exhibited that the support vector machine RFE-based component determination strategy takes into consideration techniques; for example, the decision tree is build to test the exactness from 98.89 to 99.99% for the twofold order plot. The investigation results affirmed the adequacy of the proposed feature determination strategy in improving organization IDS.

Ahmed Abdelkhalek,Maggie Mashaly

DOI: https://doi.org/10.1007/s11227-023-05073-x

IF: 3.3

2023-02-12

The Journal of Supercomputing

Abstract:Abstract Network intrusion detection systems (NIDS) are the most common tool used to detect malicious attacks on a network. They help prevent the ever-increasing different attacks and provide better security for the network. NIDS are classified into signature-based and anomaly-based detection. The most common type of NIDS is the anomaly-based NIDS which is based on machine learning models and is able to detect attacks with high accuracy. However, in recent years, NIDS has achieved even better results in detecting already known and novel attacks with the adoption of deep learning models. Benchmark datasets in intrusion detection try to simulate real-network traffic by including more normal traffic samples than the attack samples. This causes the training data to be imbalanced and causes difficulties in detecting certain types of attacks for the NIDS. In this paper, a data resampling technique is proposed based on Adaptive Synthetic (ADASYN) and Tomek Links algorithms in combination with different deep learning models to mitigate the class imbalance problem. The proposed model is evaluated on the benchmark NSL-KDD dataset using accuracy, precision, recall and F-score metrics. The experimental results show that in binary classification, the proposed method improves the performance of the NIDS and outperforms state-of-the-art models with an achieved accuracy of 99.8%. In multi-class classification, the results were also improved, outperforming state-of-the-art models with an achieved accuracy of 99.98%.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Mouhammad Alkasassbeh,Mohammad Almseidin

DOI: https://doi.org/10.48550/arXiv.1809.02610

2018-09-02

Abstract:Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanisms that is used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity, and availability of the services. The speed of the IDS is a very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The J48, MLP, and Bayes Network classifiers have been chosen for this study. It has been proven that the J48 classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type DOS, R2L, U2R, and PROBE.

Networking and Internet Architecture,Cryptography and Security

T N Varunram,M B Shivaprasad,K H Aishwarya,Anush Balraj,S V Savish,S Ullas

DOI: https://doi.org/10.1109/iccca52192.2021.9666265

2021-12-17

Abstract:Intrusion Detection Systems are of paramount importance in the present-day network security environment. By analyzing and predicting the behavior of incoming data, IDS helps in classifying it as either a benign or dangerous activity. In this paper, implementation of multiple Intrusion Detection Systems is done using different machine learning algorithms like KNN, AdaBoost, SVM, Logistic Regression, Random Forest, Artificial Neural Networks and Naive Bayes. The class imbalance in the dataset, caused by innate mannerisms of network analysis, is corrected using Synthetic Minority Oversampling Technique (SMOTE). The dataset is then reduced using three different Dimensionality Reduction Techniques namely PCA, t-SNE, and UMAP. The three datasets produced by these techniques are then used to build the Intrusion Detection System, using the machine learning algorithms. The models will implement binary classification to classify the incoming attacks between benign activity and DDoS Attacks.

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

Joffrey L. Leevy,Taghi M. Khoshgoftaar

DOI: https://doi.org/10.1186/s40537-020-00382-x

2020-11-23

Journal Of Big Data

Abstract:Abstract The exponential growth in computer networks and network applications worldwide has been matched by a surge in cyberattacks. For this reason, datasets such as CSE-CIC-IDS2018 were created to train predictive models on network-based intrusion detection. These datasets are not meant to serve as repositories for signature-based detection systems, but rather to promote research on anomaly-based detection through various machine learning approaches. CSE-CIC-IDS2018 contains about 16,000,000 instances collected over the course of ten days. It is the most recent intrusion detection dataset that is big data, publicly available, and covers a wide range of attack types. This multi-class dataset has a class imbalance, with roughly 17% of the instances comprising attack (anomalous) traffic. Our survey work contributes several key findings. We determined that the best performance scores for each study, where available, were unexpectedly high overall, which may be due to overfitting. We also found that most of the works did not address class imbalance, the effects of which can bias results in a big data study. Lastly, we discovered that information on the data cleaning of CSE-CIC-IDS2018 was inadequate across the board, a finding that may indicate problems with reproducibility of experiments. In our survey, major research gaps have also been identified.

Suchet Sapre,Pouyan Ahmadi,Khondkar Islam

DOI: https://doi.org/10.48550/arXiv.1912.13204

2019-12-31

Abstract:In recent years, as intrusion attacks on IoT networks have grown exponentially, there is an immediate need for sophisticated intrusion detection systems (IDSs). A vast majority of current IDSs are data-driven, which means that one of the most important aspects of this area of research is the quality of the data acquired from IoT network traffic. Two of the most cited intrusion detection datasets are the KDDCup99 and the NSL-KDD. The main goal of our project was to conduct a robust comparison of both datasets by evaluating the performance of various Machine Learning (ML) classifiers trained on them with a larger set of classification metrics than previous researchers. From our research, we were able to conclude that the NSL-KDD dataset is of a higher quality than the KDDCup99 dataset as the classifiers trained on it were on average 20.18% less accurate. This is because the classifiers trained on the KDDCup99 dataset exhibited a bias towards the redundancies within it, allowing them to achieve higher accuracies.

Machine Learning,Cryptography and Security,Networking and Internet Architecture

N. D. Patel,B. M. Mehtre,Rajeev Wankar

DOI: https://doi.org/10.1007/s41870-023-01464-8

2023-09-14

International Journal of Information Technology

Abstract:In network defence, intrusion detection is crucial to identify malicious activities such as attacks, intrusions, and malware. Intrusion Detection Systems (IDSs) are mandatory for protecting critical networks against intrusive activities. Despite advancements in IDS research, a significant challenge is finding comprehensive and valid datasets to evaluate proposed techniques. To address this, researchers have proposed eleven desirable characteristics for IDS datasets, including Attack Diversity, Complete Traffic, and Metadata. However, existing IDS datasets need to meet these characteristics. To overcome this, we propose the Offensive Defensive-Intrusion Detection System (OD-IDS2022) dataset, a comprehensive and empirical IDS dataset with the latest attacks. The dataset contains benign and twenty-eight common attacks and satisfies all eleven desirable characteristics. We evaluate the performance of four state-of-the-art Machine Learning algorithms (Random Forest, Decision Tree, Naive Bayes, and Support Vector Machine (SVM)) on OD-IDS2022 and find that SVM provides the highest prediction accuracy for both the training and validation samples.

Majdi Maabreh,Ibrahim Obeidat,Esraa Abu Elsoud,Asma Alnajjar,Rahaf Alzyoud,Omar Darwish

DOI: https://doi.org/10.3991/ijim.v16i14.30197

2022-07-26

International Journal of Interactive Mobile Technologies (iJIM)

Abstract:Cyberattacks have increased in tandem with the exponential expansion of computer networks and network applications throughout the world. In this study, we evaluate and compare four features selection methods, seven classical machine learning algorithms, and the deep learning algorithm on one million random instances of CSE-CIC-IDS2018 big data set for network intrusions. The dataset was preprocessed and cleaned and all learning algorithms were trained on the original values of features. The feature selection methods highlighted the importance of features related to forwarding direction (FWD) and two flow measures (FLOW) in predicting the binary traffic type; benign or attack. Furthermore, the results revealed that whether models are trained on all features or the top 30 features selected by any of the four features selection techniques used in this experiment, there is no significant difference in model performance. Moreover, we may be able to train ML models on only four features and have them perform similarly to models trained on all data,which may result in preferable models in terms of complexity, explainability, and scale for deployment. Furthermore, by choosing four unanimity features instead of all traffic features, training time may be reduced from 10% to 50% of the training time on all features.

Ibrahim Obeidat,Nabhan Hamadneh,Mouhammd Al-kasassbeh,Mohammad Almseidin

DOI: https://doi.org/10.48550/arXiv.1805.10458

2018-05-26

Cryptography and Security

Abstract:Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanism that used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity and availability of the services. The speed of the IDS is very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The techniques J48, Random Forest, Random Tree, MLP, Na\"ive Bayes and Bayes Network classifiers have been chosen for this study. It has been proven that the Random forest classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type (DOS, R2L, U2R, and PROBE)