Haibin Shen

2008-01-01

Abstract:In order to prevent the huge damage caused by computer worms,an innovative approach using support vector machine(SVM) classifier for detecting unknown computer worm based on the measurement of computer performance was proposed to alarm Internet users.In the experiment,system features were monitored from window performance counters with different applications running on and bayesian network theorem was applied on selecting features from which the judging rule is deduced by SVM.As proved by the result from testing experiment,the system can detect the presence of an unknown worm by reaching high accuracy,so that it can be well known that the model using SVM active learning the less prior knowledge has a good performance on detecting unknown computer worms.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Yue Shen,Fei Yu,Ling-Fen Zhang,Ji-Yao An,Miao-Liang Zhu

DOI: https://doi.org/10.1109/CANET.2005.1598184

2005-01-01

Abstract:Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA for the functions in the program. Then the FSA is used to detect the attack. Moreover, It can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.

Qian Huang,Zhen Wang,Tao Wei,Yu Chen

2006-01-01

Abstract:This paper presents an algorithm for intrusion detection, based on one-class support vector machine (SVM) and online training of SVM. The algorithm formulates intrusion detection as a one-class classification problem. The model-building part of the algorithm works even when the training data is noisy, and therefore compared with regular SVM algorithms, it imposes fewer requirements on the training set and has a higher detection rate. For the testing data containing new types of attack, the algorithm can add such data to the training set and update the training result real-time. It tests the algorithm on KDD CUP' 99 benchmark data set for intrusion detection and the result shows that the algorithm is able to shorten the training time, and in the same time, obtain a high detection rate.

Shangqing Cui,Dongqin Feng

DOI: https://doi.org/10.1109/icpeca56706.2023.10076096

2023-01-01

Abstract:With the application of Internet technologies in the industrial field, industrial control systems (ICS) have the possibility of suffering malicious network attacks. Because ICS is widely used in critical infrastructure, designing attack detection algorithms for it can effectively reduce losses. Many papers have built physical models for cyber-attacks against ICS and the corresponding detection algorithms have been proposed. However, the detection performance can be further improved. This paper establishes the simulation attack on the Tennessee Eastman (TE) process and proposes an improved support vector machine (SVM) method to detect integrity attacks. This algorithm uses contribution plots and recursive feature elimination to select features. Compared with the principal component analysis (PCA) feature extraction, the detection accuracy is improved. After adding system dynamics to the algorithm, the time to detect attacks is advanced.

Yu Fei,Zhu Miao-liang,Chen Yu-feng,Li Ren-fa,Xu Cheng

DOI: https://doi.org/10.1007/bf02828642

2005-01-01

Abstract:Intrusion detection system can make effective alarm for illegality of network users, which is absolutely necessarily and important to build security environment of communication base service. According to the principle that the number of network traffic can affect the degree of self-similar traffic, the paper investigates the variety of self-similarity resulted from unconventional network traffic. A network traffic model based on normal behaviors of user is proposed and the Hurst parameter of this model can be calculated. By comparing the Hurst parameter of normal traffic and the self-similar parameter, we can judge whether the network is normal or not and alarm in time.

Ruixi Yuan,Zhu Li,Xiaohong Guan,Li Xu

DOI: https://doi.org/10.1007/s10796-008-9131-2

2008-01-01

Information Systems Frontiers

Abstract:Accurate and timely traffic classification is critical in network security monitoring and traffic engineering. Traditional methods based on port numbers and protocols have proven to be ineffective in terms of dynamic port allocation and packet encapsulation. The signature matching methods, on the other hand, require a known signature set and processing of packet payload, can only handle the signatures of a limited number of IP packets in real-time. A machine learning method based on SVM (supporting vector machine) is proposed in this paper for accurate Internet traffic classification. The method classifies the Internet traffic into broad application categories according to the network flow parameters obtained from the packet headers. An optimized feature set is obtained via multiple classifier selection methods. Experimental results using traffic from campus backbone show that an accuracy of 99.42% is achieved with the regular biased training and testing samples. An accuracy of 97.17% is achieved when un-biased training and testing samples are used with the same feature set. Furthermore, as all the feature parameters are computable from the packet headers, the proposed method is also applicable to encrypted network traffic.

Xu ZHENG,Jian YUAN

DOI: https://doi.org/10.3969/j.issn.1009-8054.2014.09.080

2014-01-01

Abstract:The methods of virtual machine detection are veried,but the remote virtual machine detection always lacks effective means. This paper describes an improved time-relied method based on virtual machine. Taking advantage of the connection between TCP timestamp and real time and by integrating the study of machine,this paper proposes a remote virtual detection based on SVM.

Wu Liu,Ping Ren,Ke Liu,Duan Hai-xin

DOI: https://doi.org/10.1109/wicom.2011.6040153

2011-01-01

Abstract:This paper considers anomaly detection using an improved probabilistic neural networks. We first introduce a Basic Adaptive Boost Algorithm (BABA) and analysis its drawbacks and then introduce an Improved Adaptive Boost Algorithm (IABA) to classify the detected event as normal or intrusive. © 2011 IEEE.

Bhoopesh Singh Bhati,C. S. Rai

DOI: https://doi.org/10.1007/s13369-019-03970-z

IF: 2.807

2019-07-02

Arabian Journal for Science and Engineering

Abstract:From the last few decades, people do various transaction activities like air ticket reservation, online banking, distance learning, group discussion and so on using the internet. Due to explosive growth of information exchange and electronic commerce in the recent decade, there is a need to implement some security mechanisms in order to protect sensitive information. Detection of any intrusive behavior is one of the most important activity for protecting our data and assets. Various intrusion detection systems are incorporated in the network for detecting intrusive behavior. In this paper, an analytical study of support vector machine (SVM)-based intrusion detection techniques is presented. Here, the methodology involves four major steps, namely, data collection, preprocessing, SVM technique for training and testing and decision. The simulated results have been analyzed based on overall detection accuracy, Receiver Operating Characteristic and (ROC) Confusion Matrix. NSL-KDD dataset is used to analyze the performance of SVM techniques. NSL-KDD dataset is a benchmark for intrusion detection technique and contains huge amount of network records. The analyzed results show that Linear SVM, Quadratic SVM, Fine Gaussian SVM and Medium Gaussian SVM give 96.1%, 98.6%, 98.7% and 98.5% overall detection accuracy, respectively.

multidisciplinary sciences

Li Zou,Xuemei Luo,Yan Zhang,Xiao Yang,Xiangwen Wang

DOI: https://doi.org/10.1109/access.2023.3251354

IF: 3.9

2023-01-01

IEEE Access

Abstract:Network intrusion detection is an important technology in national cyberspace security strategy and has become a research hotspot in various cyberspace security issues in recent years. The development of effective and efficient intelligent network intrusion detection methods using advanced machine learning algorithms is of great importance for defending against various network intrusions in complex network environments. In this study, a network intrusion detection method based on decision tree twin support vector machine and hierarchical clustering, named HC-DTTWSVM, is proposed, which can effectively detect different categories of network intrusion. First, the hierarchical clustering algorithm is applied to construct the decision tree for network traffic data, where the bottom-up merging approach is used to maximize the separation of the upper nodes of the decision tree, which reduces the error accumulation in the construction of the decision tree. Then, twin support vector machines are embedded in the constructed decision tree to implement the network intrusion detection model, which can effectively detect the network intrusion category in a top-down manner. The detection performance of the proposed HC-DTTWSVM method is evaluated on NSL-KDD and UNSW-NB15 intrusion detection benchmark datasets. Experimental results show that HC-DTTWSVM can effectively detect different categories of network intrusion and achieves comparable detection performance compared to some of the recently proposed network intrusion detection methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhihan Li,Rui Yuan,Xiaohong Guan

DOI: https://doi.org/10.1109/icc.2007.231

2007-01-01

Abstract:The need to quickly and accurately classify Internet traffic for security and QoS control has been increasing significantly with the growing Internet traffic and applications over the past decade. Pattern recognition by learning the features in the training samples to classify the unknown flows is one of the main methods. However, many methods developed in the previous works are too complicated to be applied in real-time, and the prior probabilities based on the training samples are severely biased. This paper uses the SVM (support vector machine) method to train 7 classes of applications of different characteristics, captured from a campus network backbone. A discriminator selection algorithm is developed to obtain the best combination of the features for classification. Our optimized method yields approximately 96.9% accuracy for un-biased training and testing samples. For regular biased samples, the accuracy is about 99.4%. Furthermore, all the feature parameters are computable in real time from captured packet headers, suggesting real time network traffic classification with high accuracy is achievable.

Qiushi Mi,Houdan Yu,Qian Xiao,Hongyan Wu

DOI: https://doi.org/10.1364/oe.415929

IF: 3.8

2021-01-01

Optics Express

Abstract:A distributed optic fiber perimeter security system is proved to be an effective strategy for the security monitoring of some vital targets, such as power plants, power substations and telecommunication base stations. However, this method can hardly distinguish different categories of the intrusion behavior and is easily mis-triggered by different kinds of environmental interference. To distinguish different intrusion patterns and different interference events effectively, a vibration pattern recognition algorithm is proposed and demonstrated based on the merged Sagnac interferometer structure. The method consists of two parts: the pre-processing algorithm and the multi-layer perceptron neural networks (MLP-NNs). The pre-processing algorithm is applied to retrieve and extract the vibration signal from the captured source signal, and the MLP-NN is used to realize pattern recognition from each type of input. Typically, a high-dimensional vector group which contains hundreds of orders of vibration signal's power frequency is obtained to cover as many signalized features as possible. Moreover, results of the experiment deployed on a 10 kilometer long perimeter fence in the transformer substation show that the proposed classification-based model achieves 97.6% classification accuracy in the test. Through multiple comparison tests, the proposed model gives a solid performance in the subsequent integrated evaluation to classify each intrusion pattern.

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

Iftikhar Ahmad,Qazi Emad Ul Haq,Muhammad Imran,Madini O. Alassafi,Rayed A. AlGhamdi

DOI: https://doi.org/10.3390/math10030530

IF: 2.4

2022-02-08

Mathematics

Abstract:Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains.

mathematics

Jiaqi Li,Zhifeng Zhao,Rongpeng Li

DOI: https://doi.org/10.48550/arxiv.1708.04571

2017-01-01

Abstract:As an inevitable trend of future 5G networks, Software Defined architecture has many advantages in providing central- ized control and flexible resource management. But it is also confronted with various security challenges and potential threats with emerging services and technologies. As the focus of network security, Intrusion Detection Systems (IDS) are usually deployed separately without collaboration. They are also unable to detect novel attacks with limited intelligent abilities, which are hard to meet the needs of software defined 5G. In this paper, we propose an intelligent intrusion system taking the advances of software defined technology and artificial intelligence based on Software Defined 5G architecture. It flexibly combines security function mod- ules which are adaptively invoked under centralized management and control with a globle view. It can also deal with unknown intrusions by using machine learning algorithms. Evaluation results prove that the intelligent intrusion detection system achieves a better performance.

Wen-Lin Chu,Chih-Jer Lin,Ke-Neng Chang

DOI: https://doi.org/10.3390/app9214579

2019-10-28

Applied Sciences

Abstract:Traditional network attack and hacking models are constantly evolving to keep pace with the rapid development of network technology. Advanced persistent threat (APT), usually organized by a hacker group, is a complex and targeted attack method. A long period of strategic planning and information search usually precedes an attack on a specific goal. Focus is on a targeted object and customized specific methods are used to launch the attack and obtain confidential information. This study offers an attack detection system that enables early discovery of the APT attack. The system uses the NSL-KDD database for attack detection and verification. The main method uses principal component analysis (PCA) for feature sampling and the enhancement of detection efficiency. The advantages and disadvantages of using the classifiers are then compared to detect the dataset, the classifier supports the vector machine, naive Bayes classification, the decision tree and neural networks. Results of the experiments show the support vector machine (SVM) to have the highest recognition rate, reaching 97.22% (for the trained subdata A). The purpose of this study was to establish an APT early warning model mechanism, that could be used to reduce the impact and influence of APT attacks.

Hamed Ghasemi,Shahram Babaie

DOI: https://doi.org/10.1007/s11276-023-03637-6

IF: 2.701

2024-02-02

Wireless Networks

Abstract:Internet of Things (IoT) as an emerging technology is widely used in various applications such as remote healthcare, smart environment, and intelligent transportation systems. It is necessary to address users' concerns about cost, ease of use, privacy, and comprehensive security to grow the popularity of this technology. Intrusion Detection System (IDS) plays an indispensable role in security and preventing unauthorized users to access authorized network resources through analyzing network patterns. Several techniques such as metaheuristic algorithms, machine learning, fuzzy logic, and artificial intelligence algorithms can be applied to increase the accuracy of IDS, feature selection, and network patterns classification. In this paper, a hybrid intrusion detection system based on Support Vector Machine (SVM) and Grey Wolf Optimization (GWO) is presented that utilizes the advantages of these algorithms. In the proposed approach, the support vector machine has been used to train and differentiate anomaly records from normal records and grey wolf optimization has been used to find the kernel function, feature selection, and adjust optimal parameters for the SVM in order to improve the classification. The conducted simulations prove that the proposed approach outperforms in terms of detection accuracy, precision, recall, and F-score on both NSL-KDD and TON_IoT datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mikel K. Ngueajio,Gloria Washington,Danda B. Rawat,Yolande Ngueabou

DOI: https://doi.org/10.48550/arXiv.2209.05579

2022-09-12

Cryptography and Security

Abstract:With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.