Shangqing Cui,Dongqin Feng

DOI: https://doi.org/10.1109/icpeca56706.2023.10076096

2023-01-01

Abstract:With the application of Internet technologies in the industrial field, industrial control systems (ICS) have the possibility of suffering malicious network attacks. Because ICS is widely used in critical infrastructure, designing attack detection algorithms for it can effectively reduce losses. Many papers have built physical models for cyber-attacks against ICS and the corresponding detection algorithms have been proposed. However, the detection performance can be further improved. This paper establishes the simulation attack on the Tennessee Eastman (TE) process and proposes an improved support vector machine (SVM) method to detect integrity attacks. This algorithm uses contribution plots and recursive feature elimination to select features. Compared with the principal component analysis (PCA) feature extraction, the detection accuracy is improved. After adding system dynamics to the algorithm, the time to detect attacks is advanced.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

M. Wasim Abbas Ashraf,Arvind R. Singh,A. Pandian,Rajkumar Singh Rathore,Mohit Bajaj,Ievgen Zaitsev

DOI: https://doi.org/10.1038/s41598-024-78976-1

IF: 4.6

2024-11-09

Scientific Reports

Abstract:While the proliferation of the Internet of Things (IoT) has revolutionized several industries, it has also created severe data security concerns. The security of these network devices and the dependability of IoT networks depend on efficient threat detection. Device heterogeneity, computing resource constraints, and the ever-changing nature of cyber threats are a few of the obstacles that make detecting cyber threats in IoT systems difficult. Complex threats often go undetected by conventional security measures, requiring more sophisticated, adaptive detection methods. Therefore, this study presents the Hybrid approach based on the Support Vector Machines Rule-Based Detection (HSVMR-D) method for an all-encompassing approach to identifying cyber threats to the IoT. The HSVMR-D employs SVM to categorize known and unknown threats using attributes acquired from IoT data. Identifying known attack signatures and patterns using rule-based approaches improves detection efficiency without retraining by adapting pre-trained models to new IoT contexts. Moreover, protecting vital infrastructure and sensitive data, HSVMR-D provides a thorough and adaptable solution to improve the security posture of IoT deployments. Comprehensive experiment analysis and simulation results compared to the baseline study have confirmed the efficiency of the proposed HSVMR-D. Furthermore, increased resilience to completely novel changing threats, fewer false positives, and improved accuracy in threat detection are all outcomes that show the proposed work outperforms others. The HSVMR-D approach is helpful where the primary objective is a secure environment in the Internet of Things (IoT) when resources are limited.

multidisciplinary sciences

Zhang Lian-hua,Zhang Guan-hua,Lang Yu,Zhang Jie,Bai Ying-cai

DOI: https://doi.org/10.1631/jzus.2004.1076

2004-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of “IF-THEN” rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).

Mikel K. Ngueajio,Gloria Washington,Danda B. Rawat,Yolande Ngueabou

DOI: https://doi.org/10.48550/arXiv.2209.05579

2022-09-12

Cryptography and Security

Abstract:With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.

Myo Myint Oo,Sinchai Kamolphiwong,Thossaporn Kamolphiwong,Sangsuree Vasupongayya

DOI: https://doi.org/10.1155/2019/8012568

2019-03-04

Journal of Computer Networks and Communications

Abstract:Software Defined Networking (SDN) has many advantages over a traditional network. The great advantage of SDN is that the network control is physically separated from forwarding devices. SDN can solve many security issues of a legacy network. Nevertheless, SDN has many security vulnerabilities. The biggest issue of SDN vulnerabilities is Distributed Denial of Service (DDoS) attack. The DDoS attack on SDN becomes an important problem, and varieties of methods had been applied for detection and mitigation purposes. The objectives of this paper are to propose a detection method of DDoS attacks by using SDN based technique that will disturb the legitimate user's activities at the minimum and to propose Advanced Support Vector Machine (ASVM) technique as an enhancement of existing Support Vector Machine (SVM) algorithm to detect DDoS attacks. ASVM technique is a multiclass classification method consisting of three classes. In this paper, we can successfully detect two types of flooding-based DDoS attacks. Our detection technique can reduce the training time as well as the testing time by using two key features, namely, the volumetric and the asymmetric features. We evaluate the results by measuring a false alarm rate, a detection rate, and accuracy. The detection accuracy of our detection technique is approximately 97% with the fastest training time and testing time.

Ping Wang,Hsiao-Chung Lin,Wen-Hui Lin,Kuo-Ming Chao,Chi-Chun Lo

DOI: https://doi.org/10.1109/icebe.2016.020

2016-01-01

Abstract:Most existing approaches for solving the network threat problems focus on the specific security mechanisms, for example, network intrusion detection system (NIDS) detection, firewall configuration, rather than on flow management approaches to defend network threats with an SDN (Software Defined Networking) architecture. Accordingly, this study proposes an improved behaviour-based SVM (support vector machine) with learning algorithm for use in the security monitoring system (SMS) to categorize network threats for network intrusion detection system. The model also adopted the ID3 decision tree theory to outrank raw features and determine the most qualified features to train support vector classifier (SVC) considering the overall detection precision rate of experiments which speeds up the learning of normal and intrusive patterns and and increases the accuracy of detecting intrusion. By using sFlow collector and analyzer associated with sFlow-RT toolset, the experimental results proved that the SMS enables a defender to classify the network threats with defence strategies and defend network threats.

Xiao Yun,Han Chongzhao,Zheng Qinghua,Zhang Junjie

DOI: https://doi.org/10.1007/s11767-005-0078-x

2006-01-01

Abstract:A new method called RS-MSVM (Rough Set and Multi-class Support Vector Machine) is proposed for network intrusion detection. This method is based on rough set followed by MSVM for attribute reduction and classification respectively. The number of attributes of the network data used in this paper is reduced from 41 to 30 using rough set theory. The kernel function of HVDM-RBF (Heterogeneous Value Difference Metric Radial Basis Function), based on the heterogeneous value difference metric of heterogeneous datasets, is constructed for the heterogeneous network data. HVDM-RBF and one-against-one method are applied to build MSVM. DARPA (Defense Advanced Research Projects Agency) intrusion detection evaluating data were used in the experiment. The testing results show that our method outperforms other methods mentioned in this paper on six aspects: detection accuracy, number of support vectors, false positive rate, false negative rate, training time and testing time.

Wen-Lin Chu,Chih-Jer Lin,Ke-Neng Chang

DOI: https://doi.org/10.3390/app9214579

2019-10-28

Applied Sciences

Abstract:Traditional network attack and hacking models are constantly evolving to keep pace with the rapid development of network technology. Advanced persistent threat (APT), usually organized by a hacker group, is a complex and targeted attack method. A long period of strategic planning and information search usually precedes an attack on a specific goal. Focus is on a targeted object and customized specific methods are used to launch the attack and obtain confidential information. This study offers an attack detection system that enables early discovery of the APT attack. The system uses the NSL-KDD database for attack detection and verification. The main method uses principal component analysis (PCA) for feature sampling and the enhancement of detection efficiency. The advantages and disadvantages of using the classifiers are then compared to detect the dataset, the classifier supports the vector machine, naive Bayes classification, the decision tree and neural networks. Results of the experiments show the support vector machine (SVM) to have the highest recognition rate, reaching 97.22% (for the trained subdata A). The purpose of this study was to establish an APT early warning model mechanism, that could be used to reduce the impact and influence of APT attacks.

张连华,张冠华,张洁,白英彩

DOI: https://doi.org/10.3321/j.issn:1006-2467.2004.z1.047

2004-01-01

Abstract:This paper presented an intelligent intrusion detection mechanism using Rough Set Classification (RSC). Given some attacks, the intrusion detection mechanism using RSC can get both explainable detection rules and high detection rate. Furthermore, RSC can also accomplish fast feature ranking for the intrusion detection system. The performance of RSC was compared with that of Support Vector Machine (SVM), which is a classical intrusion detection algorithm. Experiments were carried out based on a set of benchmark DARPA data. It is observed that both RSC and SVM obtain high accurate results (with accuracy greater than 99% on testing set) for Probe and DoS attacks. However, RSC has a higher training time in comparison with the SVM. To solve this problem, an improved hybrid genetic algorithm was proposed here to expedite the convergence speed of computing the rough set reducts and decrease the training time of RSC.

Zhang Xue-qin,Gu Chun-hua,Lin Jia-jin

DOI: https://doi.org/10.1109/chinacom.2006.344739

2006-01-01

Abstract:Support vector machine (SVM) has been applied to intrusion detection system (IDS) for its abilities to perform classification and regression. But for large-scale network intrusion detection problem, since solving a support vector machine is a typical quadratic optimization problem, which is influenced by the dimension and quantity of examples, many problems arise. KDDCUP'99 was used as the experiment dataset in this paper. A feature selection technology based on Fisher score was presented and used to construct a reduced feature subset of KDDCUP'99 dataset. SVM was used as a classifier. Experiment was run. The experiment results show, using Fisher score combined with SVM to select the important features is an effective method to reduce the dimension of the example feature space, and the classification accuracy has not dramatically decreased comparing to the original feature space.

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

Bhoopesh Singh Bhati,C. S. Rai

DOI: https://doi.org/10.1007/s13369-019-03970-z

IF: 2.807

2019-07-02

Arabian Journal for Science and Engineering

Abstract:From the last few decades, people do various transaction activities like air ticket reservation, online banking, distance learning, group discussion and so on using the internet. Due to explosive growth of information exchange and electronic commerce in the recent decade, there is a need to implement some security mechanisms in order to protect sensitive information. Detection of any intrusive behavior is one of the most important activity for protecting our data and assets. Various intrusion detection systems are incorporated in the network for detecting intrusive behavior. In this paper, an analytical study of support vector machine (SVM)-based intrusion detection techniques is presented. Here, the methodology involves four major steps, namely, data collection, preprocessing, SVM technique for training and testing and decision. The simulated results have been analyzed based on overall detection accuracy, Receiver Operating Characteristic and (ROC) Confusion Matrix. NSL-KDD dataset is used to analyze the performance of SVM techniques. NSL-KDD dataset is a benchmark for intrusion detection technique and contains huge amount of network records. The analyzed results show that Linear SVM, Quadratic SVM, Fine Gaussian SVM and Medium Gaussian SVM give 96.1%, 98.6%, 98.7% and 98.5% overall detection accuracy, respectively.

multidisciplinary sciences

Zhang, Yanling,Liu, Haolin,Dong, Xiaoju,Li, Chenlu,Zhang, Zexi

DOI: https://doi.org/10.1007/s12650-021-00789-5

IF: 1.7

2021-01-01

Journal of Visualization

Abstract:Cyber security issues are always worthy of attention. Intrusion detection system (IDS) is one of approaches used to protect computer system and identify potential attack. However, existing methods are limited by high-dimensional computational complexity in rare or unknown attack detection task. To improve the ability of detecting anomaly intrusions, a hybrid intrusion detection framework is proposed in this paper. The proposed RuleRCD algorithm first uses fuzzy association rules based on Apriori and K -Means algorithm for normal pattern and major attack detection. The other data are then fed to an active learning-based rare category detection algorithm to identify its attack pattern. This paper also introduces an interactive visualization system, which integrates experts’ decision into intrusion detection workflow. The method improves the effectiveness and interpretability of detection process. KDD-99 dataset is used to evaluate the proposed framework. The result shows that the approach outperforms some methods, especially in terms of the rare attack.

Nadeem Ahmed,Fayaz Hassan,Khursheed Aurangzeb,Arif Hussain Magsi,Musaed Alhussein

DOI: https://doi.org/10.1016/j.heliyon.2024.e28844

IF: 3.776

2024-03-29

Heliyon

Abstract:Recent years have witnessed security as a great concern in vehicular networks (VANET). Particularly, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks can jeopardize the network by broadcasting a storm of packets. Correspondingly, the network resources are jammed with malicious traffic. In this connection, the existing research presented various techniques to cope with DoS and DDoS attacks. Different from those traditional approaches, this study proposes an Intelligent Intrusion Detection System (IDS) by leveraging Machine Learning (ML). The proposed IDS utilizes a publicly available dataset on the application layer for mitigating DDoS attacks. The designed ML-based IDS relies on combining both the Random Projection (RP) and Randomized Matrix Factorization (RMF) methods to achieve the best results for enhancing the detection capabilities of the IDS. This amalgamation enhances the system's detection capabilities by extracting and analyzing meaningful features from network traffic data. Experimental validation of our approach involves a comprehensive evaluation of various ML models, including Extra Tree Classifier (ETC), Logistic Regression (LR), and Random Forest (RF). Remarkably, the combined accuracy of these models yields an average system accuracy of 0.98, surpassing existing methods. Unlike conventional approaches, our proposed IDS excels in efficiency and exhibits notable performance in detecting DoS and DDoS attacks in VANET. This proficiency ensures the integrity and safety of vehicle communications. Thus, our research substantially contributes to the vehicular network security field. The presented findings establish a foundation for future advancements in securing connected vehicles.

Khadija M Abuali,Liyth Nissirat,Aida Al-Samawi

DOI: https://doi.org/10.3390/s23218959

2023-11-03

Abstract:With the rapid growth of social media networks and internet accessibility, most businesses are becoming vulnerable to a wide range of threats and attacks. Thus, intrusion detection systems (IDSs) are considered one of the most essential components for securing organizational networks. They are the first line of defense against online threats and are responsible for quickly identifying potential network intrusions. Mainly, IDSs analyze the network traffic to detect any malicious activities in the network. Today, networks are expanding tremendously as the demand for network services is expanding. This expansion leads to diverse data types and complexities in the network, which may limit the applicability of the developed algorithms. Moreover, viruses and malicious attacks are changing in their quantity and quality. Therefore, recently, several security researchers have developed IDSs using several innovative techniques, including artificial intelligence methods. This work aims to propose a support vector machine (SVM)-based deep learning system that will classify the data extracted from servers to determine the intrusion incidents on social media. To implement deep learning-based IDSs for multiclass classification, the CSE-CIC-IDS 2018 dataset has been used for system evaluation. The CSE-CIC-IDS 2018 dataset was subjected to several preprocessing techniques to prepare it for the training phase. The proposed model has been implemented in 100,000 instances of a sample dataset. This study demonstrated that the accuracy, true-positive recall, precision, specificity, false-positive recall, and F-score of the proposed model were 100%, 100%, 100%, 100%, 0%, and 100%, respectively.

Li Zou,Xuemei Luo,Yan Zhang,Xiao Yang,Xiangwen Wang

DOI: https://doi.org/10.1109/access.2023.3251354

IF: 3.9

2023-01-01

IEEE Access

Abstract:Network intrusion detection is an important technology in national cyberspace security strategy and has become a research hotspot in various cyberspace security issues in recent years. The development of effective and efficient intelligent network intrusion detection methods using advanced machine learning algorithms is of great importance for defending against various network intrusions in complex network environments. In this study, a network intrusion detection method based on decision tree twin support vector machine and hierarchical clustering, named HC-DTTWSVM, is proposed, which can effectively detect different categories of network intrusion. First, the hierarchical clustering algorithm is applied to construct the decision tree for network traffic data, where the bottom-up merging approach is used to maximize the separation of the upper nodes of the decision tree, which reduces the error accumulation in the construction of the decision tree. Then, twin support vector machines are embedded in the constructed decision tree to implement the network intrusion detection model, which can effectively detect the network intrusion category in a top-down manner. The detection performance of the proposed HC-DTTWSVM method is evaluated on NSL-KDD and UNSW-NB15 intrusion detection benchmark datasets. Experimental results show that HC-DTTWSVM can effectively detect different categories of network intrusion and achieves comparable detection performance compared to some of the recently proposed network intrusion detection methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fazila Malik,Qazi Waqas Waqas Khan,Atif Rizwan,Rana Alnashwan,Ghada Atteia

DOI: https://doi.org/10.3390/math12121799

IF: 2.4

2024-06-10

Mathematics

Abstract:Intrusion Detection Systems (IDSs) play a crucial role in safeguarding network infrastructures from cyber threats and ensuring the integrity of highly sensitive data. Conventional IDS technologies, although successful in achieving high levels of accuracy, frequently encounter substantial model bias. This bias is primarily caused by imbalances in the data and the lack of relevance of certain features. This study aims to tackle these challenges by proposing an advanced machine learning (ML) based IDS that minimizes misclassification errors and corrects model bias. As a result, the predictive accuracy and generalizability of the IDS are significantly improved. The proposed system employs advanced feature selection techniques, such as Recursive Feature Elimination (RFE), sequential feature selection (SFS), and statistical feature selection, to refine the input feature set and minimize the impact of non-predictive attributes. In addition, this work incorporates data resampling methods such as Synthetic Minority Oversampling Technique and Edited Nearest Neighbor (SMOTE_ENN), Adaptive Synthetic Sampling (ADASYN), and Synthetic Minority Oversampling Technique–Tomek Links (SMOTE_Tomek) to address class imbalance and improve the accuracy of the model. The experimental results indicate that our proposed model, especially when utilizing the random forest (RF) algorithm, surpasses existing models regarding accuracy, precision, recall, and F Score across different data resampling methods. Using the ADASYN resampling method, the RF model achieves an accuracy of 99.9985% for botnet attacks and 99.9777% for Man-in-the-Middle (MITM) attacks, demonstrating the effectiveness of our approach in dealing with imbalanced data distributions. This research not only improves the abilities of IDS to identify botnet and MITM attacks but also provides a scalable and efficient solution that can be used in other areas where data imbalance is a recurring problem. This work has implications beyond IDS, offering valuable insights into using ML techniques in complex real-world scenarios.

mathematics

G. Logeswari,S. Bose,T. Anitha

DOI: https://doi.org/10.32604/iasc.2023.026769

2023-01-01

Intelligent Automation & Soft Computing

Abstract:Software Defined Networking (SDN) has emerged as a promising and exciting option for the future growth of the internet. SDN has increased the flexibility and transparency of the managed, centralized, and controlled network. On the other hand, these advantages create a more vulnerable environment with substantial risks, culminating in network difficulties, system paralysis, online banking frauds, and robberies. These issues have a significant detrimental impact on organizations, enterprises, and even economies. Accuracy, high performance, and real-time systems are necessary to achieve this goal. Using a SDN to extend intelligent machine learning methodologies in an Intrusion Detection System (IDS) has stimulated the interest of numerous research investigators over the last decade. In this paper, a novel HFS-LGBM IDS is proposed for SDN. First, the Hybrid Feature Selection algorithm consisting of two phases is applied to reduce the data dimension and to obtain an optimal feature subset. In the first phase, the Correlation based Feature Selection (CFS) algorithm is used to obtain the feature subset. The optimal feature set is obtained by applying the Random Forest Recursive Feature Elimination (RF-RFE) in the second phase. A LightGBM algorithm is then used to detect and classify different types of attacks. The experimental results based on NSL-KDD dataset show that the proposed system produces outstanding results compared to the existing methods in terms of accuracy, precision, recall and f-measure.

automation & control systems,computer science, artificial intelligence