Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Kai Peng,Lixin Zheng,Xiaolong Xu,Tao Lin,Victor C. M. Leung

DOI: https://doi.org/10.1007/978-3-030-05345-1_14

2018-01-01

Abstract:With the development of big data, mobile cloud computing, cyber security issues have become more and more critical. Thus, enabling an intrusion detection method over big data in mobile cloud environment is of paramount importance. In our previous research, we proposed an approach named Mini Batch Kmeans with Principal Component Analysis (PMBKM) for big data which can effectively solve the clustering problem for intrusion detection of big data, but it needs to preset the number of clusters. The best clustering number is selected by comparing the clustering results of different clustering values multiple times. To address the above issue, we propose a new clustering method named Balanced Iterative Reducing and Clustering Using Hierarchies with Principal Component Analysis (PBirch) in this paper. Compared to PMBKM, the experimental results show that PBirch can obtain a good clustering result without presetting clustering values, and the clustering result can be further improved by optimizing the relevant parameters. The clustering time of PBirch decreases linearly with the increasing of the cluster numbers. Thus, the larger the number of clusters, the smaller the PBirch time cost. All in all, our proposed method can be widely used for big data in mobile cloud environment.

LIN Hui,ZHU Jun-ping

2009-01-01

Abstract:On the base of discussing the basic concepts and characters of clone clustering, the advantage of IDS is explored based on clone clustering. According to the medium and small enterprise actual demand, the clone clustering algorithm is mainly presented, the intrusion detection system CCIDS (clone clustering based intrusion detection system) based on CC algorithm is designed and imple-mented. the experimental results using KDD CUP99 dataset show that this algorithm can achieve higher detection rate of known or unknown attacks and lower false positive rate.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

MA Xiao-chun,GAO Xiang,GAO De-yuan

DOI: https://doi.org/10.3969/j.issn.1000-7180.2005.04.036

2005-01-01

Abstract:Intrusion Detection System (IDS) is an important part of the computer network security. According to the analysis of two intrusion detection models, this paper presents a clustering based method for unsupervised anomaly detection, and does some experiments using the KDD99 cup dataset. This method is proved to be with high performances by the results.

Weigang Liu

DOI: https://doi.org/10.1155/2022/4927504

2022-06-10

Wireless Communications and Mobile Computing

Abstract:Attacks on network systems are becoming more and more common, the current state of increasingly sophisticated attack methods, the emergence of intrusion prevention technology is the inevitable result of the development of computer technology and network technology, and research on intrusion prevention has become a new focus of network security technology research in recent years. In order to ensure the security of computer network confidential information, the authors propose a semisupervised clustering intrusion detection algorithm. An overview of machine learning, followed by an explanation of the theory of cluster analysis, simulation experiments were carried out using the K -means algorithm and the semisupervised clustering algorithm proposed by the author, for 10,000 records, the K -means clustering algorithm and the semisupervised clustering algorithm described in this paper are used, respectively, and intrusion detection data tests were performed. At the same time, different K values were selected, three datasets were selected from "kddcup.newtestdata_10_percent_corrected," the test data were tested separately, and their average value was taken as the test result. From the simulation results, the detection rate of the semisupervised clustering algorithm is higher than that of the K -means clustering algorithm, and the false alarm rate and K -means algorithms have also been improved. Therefore, the author's semisupervised algorithm enhances the stability of the system, and the performance of the K -means algorithm is improved to a certain extent. When the value of K gradually increases, the false alarm rate also increases; however, when K is 20, the detection rate is maximized, from this, it can be known that when K is 20, its detection rate reaches 91.76%, and the false alarm rate is 8.54%. The detection rate of the author's algorithm is significantly higher than the other two algorithms, the false positive rate is slightly higher than K -means, and the false positive rate is lower than that of the other algorithm, proving the superior performance of our algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingping Song,Zhiliang Zhu,Chris J. Price

DOI: https://doi.org/10.1007/978-3-319-10975-6_21

2014-01-01

Abstract:Intrusion detection is very important to solve an increasing number of security threats. With new types of attack appearing continually, traditional approaches for detecting hazardous contents are facing a severe challenge. In this work, a new feature grouping method is proposed to select features for intrusion detection. The method is based on agglomerative hierarchical clustering method and is tested against KDD CUP 99 dataset. Agglomerative hierarchical clustering method is used to construct a hierarchical tree and it is combined with mutual information theory. Groups are created from the hierarchical tree by a given number. The largest mutual information between each feature and a class label within a certain group is then selected. The performance evaluation results show that better classification performance can be attained from such selected features.

SHI ZHONG,TAGHI M. KHOSHGOFTAAR,NAEEM SELIYA

DOI: https://doi.org/10.1142/s0218539307002568

2007-04-01

International Journal of Reliability, Quality and Safety Engineering

Abstract:Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.

S. Gokul Pran,Sivakami Raja,S. Jeyasudha

DOI: https://doi.org/10.1002/acs.3771

IF: 3.369

2024-03-14

International Journal of Adaptive Control and Signal Processing

Abstract:Summary Intrusion detection is a cyber‐security method that is significant for network security. It is utilized to detect behaviors that compromise security and privacy within a network or in the context of a computer system. To enhance the identification, an Intrusion Detection System Based on the Beetle Swarm Optimization and K‐RMS Clustering Algorithm cluster‐based hybrid classifiers is proposed in this manuscript. Here, the data is amassed from CICIDS2017 dataset. Then the data is preprocessed to eradicate the unwanted noise. After completing the preprocessed data, it can be clustered by using K‐RMS clustering algorithm. This algorithm cluster the entire data to the associated cluster set depending on the data behavior. The classification algorithm is considered to predict the data as normal or attacking behaviors. The hybrid classification is used to predict the data. The solitary predictor aims to achieve high detection rates and accuracy. The hybrid classifiers, such as support vector machines, artificial neural networks are applied to recognize the normal or intruder. The performance of the SVM‐ANN‐IDS method attains 22.05%, 15.87%, 27.25% higher accuracy, 23.90% and 28.53% higher precision, 29.29%, 19.19% and 23.27% higher specificity and 18.28%, 24.36% and 27.49% greater recall when compared to the existing models, like developing novel deep‐learning model to improve network intrusion categorization (DNN‐IDS), Intrusion identification scheme on real‐time data traffic under machine learning techniques along feature selection method (RNN‐SVM‐IDS) and recurrent deep learning basis feature fusion ensemble meta‐classifier for intellectual network intrusion identification scheme (RNN‐IDS) respectively.

automation & control systems,engineering, electrical & electronic

Binita Bohara,Jay Bhuyan,Fan Wu,Junhua Ding

DOI: https://doi.org/10.5121/ijnsa.2020.12101

2020-01-01

Abstract:In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.

Shuai Jiang,Xiaolong Xu

DOI: https://doi.org/10.1007/978-3-030-34637-9_12

2019-01-01

Abstract:In the era of network and big data, network information security has become a major issue. Intrusion Detection System (IDS) is an essential component of network security facilities, which utilizes network traffic data to detect attacks. IDS can adopt data analysis and data mining technologies to detect attacks to network systems. However, the computational overhead of IDS is too large to serve for real-time detection due to the redundancy and irrelevant features in the network traffic dataset. We hence analyze seven classification algorithms for intrusion detection, where we separately perform data preprocessing with two kinds of dimensionality reduction techniques, Principal Component Analysis (PCA) and Singular Value Decomposition (SVD), to improve the performance of IDS. The experimental results on the NSL-KDD dataset indicate that the classification algorithms with dimensionality reduction outstands in detection rate and detection speed. Meanwhile, SVD demonstrate its superiority to PCA in boosting these algorithms.

YU-FANG ZHANG,ZHONG-YANG XIONG,XIU-QIONG WANG

DOI: https://doi.org/10.1109/ICMLC.2005.1527342

2005-01-01

Abstract:The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusion detection system (IDS) techniques is increasingly unable to protect the global distributed information infrastructure. Distributed analysis employed by Agent-based DIDS is an accepted fabulous method. Clustering-based intrusion detection technique overcomes the drawbacks of relying on labeled training data which most current anomaly-based intrusion detection depend on. Clustering-based DIDS technique according to the advantages of two techniques is presented. For effectively choosing the attacks, twice clustering is employed: the first clustering is to choose the candidate anomalies at Agent IDS and the second clustering is to choose the true attack at central IDS. At last, through experiment on the KDD CUP 1999 data records of network connections verified that the methods put forward is better.

Kai Peng,Victor C. M. Leung,Lixin Zheng,Shangguang Wang,Chao Huang,Tao Lin

DOI: https://doi.org/10.1155/2018/4680867

2018-01-01

Wireless Communications and Mobile Computing

Abstract:Fog computing, as the supplement of cloud computing, can provide low-latency services between mobile users and the cloud. However, fog devices may encounter security challenges as a result of the fog nodes being close to the end users and having limited computing ability. Traditional network attacks may destroy the system of fog nodes. Intrusion detection system (IDS) is a proactive security protection technology and can be used in the fog environment. Although IDS in tradition network has been well investigated, unfortunately directly using them in the fog environment may be inappropriate. Fog nodes produce massive amounts of data at all times, and, thus, enabling an IDS system over big data in the fog environment is of paramount importance. In this study, we propose an IDS system based on decision tree. Firstly, we propose a preprocessing algorithmto digitize the strings in the given dataset and then normalize the whole data, to ensure the quality of the input data so as to improve the efficiency of detection. Secondly, we use decision tree method for our IDS system, and then we compare this method with Naive Bayesian method as well as KNN method. Both the 10% dataset and the full dataset are tested. Our proposed method not only completely detects four kinds of attacks but also enables the detection of twenty-two kinds of attacks. The experimental results show that our IDS system is effective and precise. Above all, our IDS system can be used in fog computing environment over big data.

Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

Noor Saud Abd,Kamel Karoui

2024-11-22

Abstract:In the current digital age, the volume of data generated by various cyber activities has become enormous and is constantly increasing. The data may contain valuable insights that can be harnessed to improve cyber security measures. However, much of this data is unclassified and qualitative, which poses significant challenges to traditional analysis methods. Clustering facilitates the identification of hidden patterns and structures in data through grouping similar data points, which makes it simpler to identify and address threats. Clustering can be defined as a data mining (DM) approach, which uses similarity calculations for dividing a data set into several categories. Hierarchical, density-based, along with partitioning clustering algorithms are typical. The presented work use K-means algorithm, which is a popular clustering technique. Utilizing K-means algorithm, we worked with two different types of data: first, we gathered data with the use of XG-boost algorithm following completing the aggregation with K-means algorithm. Data was gathered utilizing Kali Linux environment, cicflowmeter traffic, and Putty Software tools with the use of diverse and simple attacks. The concept could assist in identifying new attack types, which are distinct from the known attacks, and labeling them based on the characteristics they will exhibit, as the dynamic nature regarding cyber threats means that new attack types often emerge, for which labeled data might not yet exist. The model counted the attacks and assigned numbers to each one of them. Secondly, We tried the same work on the ready data inside the Kaggle repository called (Intrusion Detection in Internet of Things Network), and the clustering model worked well and detected the number of attacks correctly as shown in the results section.

Cryptography and Security,Artificial Intelligence

Solane Duque,Mohd. Nizam bin Omar

DOI: https://doi.org/10.1016/j.procs.2015.09.145

2015-01-01

Procedia Computer Science

Abstract:A common problem shared by current IDS is the high false positives and low detection rate. An unsupervised machine learning using k-means was used to propose a model for Intrusion Detection System (IDS) with higher efficiency rate and low false positives and false negatives. The NSL-KD data set was used which consisted of 25,192 entries with 22 different types of data. Results of the study using 11, 22, 44, 66 and 88 clusters, showed an efficiency rate of 70.75%, 81.61%, 65.40%, 61.30% and 55.43% respectively; false positive rates of 0.74%, 4.03%, 15.55%, 21.47% and 31.91% respectively; and false negative rates of 99.82%, 98.14%, 97.76%, 96.32% and 95.70%, respectively. Interestingly, the best results were generated when the number of clusters matches the number of data types in the data set. In the light of the findings, it is recommended that other data mining techniques be explored; a study using k-means data mining algorithm followed by signature-based approach is proposed in order to lessen the false negative rate; and a system for automatically identifying the number of clusters may be developed.

Weiwu Ren,Liang Hu,Kuo Zhao,Jianfeng Chu

DOI: https://doi.org/10.12733/jcis6597

2013-01-01

Journal of Computational Information Systems

Abstract:Decision tree and hierarchical clustering in application of the field of intrusion detection have its own advantages and disadvantages. For purposes of covering up the shortcomings of each other and searching an optimal balance between them, a multiple-level hybrid intrusion detection system based on hierarchical clustering and decision tree has been proposed. Misuse modules and anomaly modules are organized by a multiple-level hybrid tree. According to the actual performance, misuse module or anomaly module is selected to be the detector. A series of experiment results on well-known KDD Cup 1999 data sets indicate that the hybrid model has good performance in both detection and real time. © 2013 by Binary Information Press.

Hongying Zheng,Xiaofeng Liao,Lin Ni

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:In this paper, a new detection method, Intrusion detection based on unsupervised clustering and simulated annealing algorithm (IDCSA), is proposed, it can automatically establish clusters and detect intruders by labeling normal and abnormal groups, IDCSA combines partitional clustering with simulated annealing. Firstly, clustering is described as assignment problem and clusters are established using partitional clustering. Secondly, simulated annealing algorithm is used to optimize the clustering results and find a near-optimal partitioning instead of local optimizing results. The experiments with KDD cup 1999 show that IDCSA is effective for intrusion detection.

Ting Huang,Wenbo Chen,Ruisheng Zhang

DOI: https://doi.org/10.2991/amcce-17.2017.11

2017-01-01

Abstract:The rapid development of information technology generates high dimension and large scale data, which puts severer challenges to network security. Feature selection is proposed for the reduction of data dimension so that features of original data are utmostly retained and improving the effectiveness of data processing. This paper proposes a new method of feature extraction by combining two algorithms. Firstly, removes some noise and irrelevant features after researching for correlation between features and categories; Secondly, furtherly optimize subsets to select key features through feature selection algorithm, whose Evaluate Function is based on clustering algorithm. KDDCUP9910% datasets is used to testify the experiment, whose result shows the method guarantees effective detection rate and reducing the data dimension effectively at the same time , the effectiveness of data detection is improved.

Noe Elisa,Longzhi Yang,Yanpeng Qu,Fei Chao

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00254

2018-01-01

Abstract:The most daunting and challenging task in intrusion detection is to distinguishing between normal and malicious traffics effectively. In order to complete such a task, the biological danger theory has appeared to be one of the most appealing immunological models which has been converted to a computer science algorithm, named as Dendritic Cell Algorithm (DCA). To perform a binary classification, the DCA goes through four phases, preprocessing, detection, context assessment and classification. In particular, the context assessment phase is performed by comparing the signal concentration values between mature (i.e., abnormality) and semi-mature (i.e., normality) contexts. The conventional DCA requires a crisp separation between semi-mature and mature cumulative context values. This can be hard if the difference between the two contexts is marginal, which negatively affects the classification accuracy. In addition, it is technically difficult to quantify the actual meaning of semi-mature and mature in the DCA. This paper proposes an approach that integrates the K-Means clustering algorithm to the DCA to map the DCA cumulative semi-mature and mature context values into semi-mature (normal) and mature (anomaly) clusters in order to improve the classification accuracy. The KDD99 data set was utilized in this work for system validation and evaluation, and the experimental results revealed an improvement in the classification accuracy by the proposed approach.