Jie Li,Yanpeng Qu,Fei Chao,Hubert P. H. Shum,Edmond S. L. Ho,Longzhi Yang

DOI: https://doi.org/10.1007/978-3-319-98842-9_6

2019-01-01

Abstract:Network intrusion is a growing threat with potentially severe impacts, which can be damaging in multiple ways to network infrastructures and digital/intellectual assets in the cyberspace. The approach most commonly employed to combat network intrusion is the development of attack detection systems via machine learning and data mining techniques. These systems can identify and disconnect malicious network traffic, thereby helping to protect networks. This chapter systematically reviews two groups of common intrusion detection systems using fuzzy logic and artificial neural networks, and evaluates them by utilizing the widely used KDD 99 benchmark dataset. Based on the findings, the key challenges and opportunities in addressing cyberattacks using artificial intelligence techniques are summarized and future work suggested.

Zhang Yirong,Xiao Shunping,Xian Ming,Wang Guoyu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.02.002

2006-01-01

Abstract:Intrusion detection techniques based on machine learning is one of the key technologies to be applied to intelligent intrusion detection under the circumstance of large scale and bandwidth network.Many kinds of currently popular intrusion detection techniques based on machine learning are generally introduced and reviewed in this paper,meanwhile,the development prospect of its is presented as well according to the tendency of network attack.

Chunying Zhang,Donghao Jia,Liya Wang,Wenjie Wang,Fengchun Liu,Aimin Yang

DOI: https://doi.org/10.1016/j.cose.2022.102861

IF: 5.105

2022-01-01

Computers & Security

Abstract:Network intrusion detection system is an essential part of network security research. It detects intrusion behaviors through active defense technology and takes emergency measures such as alerting and terminating intrusions. With the rapid development of machine learning technology, more and more researchers apply machine learning algorithms to network intrusion detection to improve detection efficiency and accuracy. Due to the different principles of various algorithms, they also have their advantages and disadvantages. To construct the dominant algorithm model in the field of network intrusion detection and provide the accuracy value, this paper systematically combs the application literature of machine learning algorithms in intrusion detection in the past ten years. A review is made from three categories: traditional machine learning, ensemble learning, and deep learning. Then, this paper selects the KDD CUP99 and NSL-KDD datasets to conduct comparative experiments on decision trees, Naive Bayes, support vector machines, random forests, XGBoost, convolutional neural networks, and recurrent neural networks. The detection accuracy, F1, AUC, and other indicators of these algorithms on different data sets are compared. The experimental results show that the effect of the ensemble learning algorithm is generally better. The Naive Bayes algorithm has low accuracy in recognizing the learned data, but it has obvious advantages when facing new types of attacks, and the training speed is faster. The deep learning algorithm is not particularly prominent in this experiment, but its optimal results are affected by the structure, hyperparameters, and the number of training iterations, which need further in-depth study. Finally, the main challenges facing the current network intrusion detection field are summarized, and the future research directions have been prospected.

Zhen-wei HU,Yong SHI,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.12.027

2017-01-01

Abstract:Traditional intrusion detection method is unable to meet the needs of big-data era in accuracy and effectiveness, while the machine-learning algorithm is becoming main-stream. Now the main research focuses on machine-learning algorithm in support vector machines, and however it also has its own defects. Therefore, other excellent classification algorithms in machine learning are introduced. In addition, the classical NSL-KDD data set is used to compare the accuracy of the algorithm, and the applicable environment analyzed, thus to provide a basis for intrusion detection analysis in different scenarios in the future. After using the data set to complete the model training, the ROC curve, accuracy and other indicators are used to evaluate the model, and fairly good results are acquired.

Hua Tang,Zhuolin Cao

2009-01-01

Journal of Computational Information Systems

Abstract:Machine learning-based intrusion detection approaches have attracted increasing attention in the network intrusion detection research area because of their intrinsic capabilities in discovering novel attacks. In this paper we propose a new approach to detect network attacks, which aims to study the efficiency of the method based on machine learning in intrusion detection, including artificial neural networks and support vector machine. It will provide an important reference for the future research. The experimental results obtained by applying this approach to the KDD CUP'99 data set demonstrate that the proposed approach performs high performance, especially to U2R and U2L type attacks. 1553-9105/ Copyright © 2009 Binary Information Press.

Muhammad U. Ilyas,Soltan Abed Alharbi

DOI: https://doi.org/10.1007/s00607-021-01050-5

2022-01-04

Computing

Abstract:All organizations, be they businesses, governments, infrastructure or utility providers, depend on the availability and functioning of their computers, computer networks and data centers for all or part of their operations. Network intrusion detection systems are the first line of defense that protect computing infrastructure from external attacks. In this study we develop five different Machine Learning classifiers for a number of attacks. We used the CSE-CIC-IDS2018 dataset, developed in a collaborative effort between the Communications Security Establishment and the Canadian Institute for Cybersecurity. It is an extensive network traffic trace dataset that captures multiple attacks and has become available relatively recently. The previous major dataset used for the development of network intrusion detection systems is the KDD Cup’99 dataset, now going on 22 years, which predates mobile computing, Web 2.0/3.0, social media, streaming video and widespread use of SSL. These significant Internet trends of the last two decades demand a reevaluation and redevelopment of intrusion detectors. Prior studies that designed Machine Learning classifiers using the CSE-CIC-IDS2018 dataset use a large and rich set of features, of which at least one is not dataset-invariant. Almost none have explored the appropriateness of using all available features with datasets containing only a few hundred attack class samples. The classifiers developed in this study rely on a justifiable number of features and their performance is reviewed for stability and generalization by reporting not just average performance over 10 fold cross-validation but also the degree of variation from one fold to the next.

computer science, theory & methods

Hongyu Liu,Bo Lang

DOI: https://doi.org/10.3390/app9204396

2019-10-17

Applied Sciences

Abstract:Networks play important roles in modern life, and cyber security has become a vital research area. An intrusion detection system (IDS) which is an important cyber security technique, monitors the state of software and hardware running in the network. Despite decades of development, existing IDSs still face challenges in improving the detection accuracy, reducing the false alarm rate and detecting unknown attacks. To solve the above problems, many researchers have focused on developing IDSs that capitalize on machine learning methods. Machine learning methods can automatically discover the essential differences between normal data and abnormal data with high accuracy. In addition, machine learning methods have strong generalizability, so they are also able to detect unknown attacks. Deep learning is a branch of machine learning, whose performance is remarkable and has become a research hotspot. This survey proposes a taxonomy of IDS that takes data objects as the main dimension to classify and summarize machine learning-based and deep learning-based IDS literature. We believe that this type of taxonomy framework is fit for cyber security researchers. The survey first clarifies the concept and taxonomy of IDSs. Then, the machine learning algorithms frequently used in IDSs, metrics, and benchmark datasets are introduced. Next, combined with the representative literature, we take the proposed taxonomic system as a baseline and explain how to solve key IDS issues with machine learning and deep learning techniques. Finally, challenges and future developments are discussed by reviewing recent representative studies.

Chih-Fong Tsai,Yu-Feng Hsu,Chia-Ying Lin,Wei-Yang Lin

DOI: https://doi.org/10.1016/j.eswa.2009.05.029

IF: 8.5

2009-12-01

Expert Systems with Applications

Abstract:The popularity of using Internet contains some risks of network attacks. Intrusion detection is one major research problem in network security, whose aim is to identify unusual access or attacks to secure internal networks. In literature, intrusion detection systems have been approached by various machine learning techniques. However, there is no a review paper to examine and understand the current status of using machine learning techniques to solve the intrusion detection problems. This chapter reviews 55 related studies in the period between 2000 and 2007 focusing on developing single, hybrid, and ensemble classifiers. Related studies are compared by their classifier design, datasets used, and other experimental setups. Current achievements and limitations in developing intrusion detection systems by machine learning are present and discussed. A number of future research directions are also provided.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Geeta Singh,Neelu Khare

DOI: https://doi.org/10.1080/1206212X.2021.1885150

2021-02-15

International Journal of Computers and Applications

Abstract:The evolution in the attack scenarios has been such that finding efficient and optimal Network Intrusion Detection Systems (NIDS) with frequent updates has become a big challenge. NIDS implementation using machine learning (ML) techniques and updated intrusion datasets is one of the solutions for effective modeling of NIDS. This article presents a brief description of publicly available labeled intrusion datasets and ML techniques. Later a brief explanation of the literary works is given in which machine learning techniques are applied for NIDS implementation in different networking scenarios, such as traditional networks, cloud networks, Ad-Hoc, WSNs, and IoT networks. Hence, this article brings together publicly available intrusion datasets and machine learning techniques utilized in recent intrusion detection systems to reveal present-day challenges and future directions. This article also explains problems associated with NIDS. This will help researchers to enhance the existing NIDS models as well as to develop new effective models.

Brandon Williams,Xishuang Dong,Lijun Qian

DOI: https://doi.org/10.1109/SNAMS52053.2020.9336569

2020-01-01

Abstract:With the widespread use of the Internet, cybersecurity is a significant challenge faced by the world. Because of the tremendous amount of internet traffic and increased network complexity, it becomes overwhelming for network analysts to manually monitor the traffic flows and to identify intrusions in large networks. In order to adequately and effectively analyze network traffic for intrusions, multiple machine learning based intrusion detection models were proposed to detect intruders using packet traces captured in the network. It was shown that with proper training, the machine learning models could identify malicious packets accurately. In addition, data pre-processing has been performed to mitigate the problem of unbalanced datasets. Experiments show improved performance as expected. Furthermore, a multi-class classifier was built to classify not only malicious or benign traffic but also to extend labels upon the malicious data. This insures the multiclass classifiers could classify each malicious packet as a specific type of attack such as DDOS, BOTNET, and more.

Chih-Fong Tsai,Yu-Feng Hsu,Chia-Ying Lin,Wei-Yang Lin

DOI: https://doi.org/10.1016/j.eswa.2009.05.029

2009-01-01

Abstract:The popularity of using Internet contains some risks of network attacks. Intrusion detection is one major research problem in network security, whose aim is to identify unusual access or attacks to secure internal networks. In literature, intrusion detection systems have been approached by various machine learning techniques. However, there is no a review paper to examine and understand the current status of using machine learning techniques to solve the intrusion detection problems. This chapter reviews 55 related studies in the period between 2000 and 2007 focusing on developing single, hybrid, and ensemble classifiers. Related studies are compared by their classifier design, datasets used, and other experimental setups. Current achievements and limitations in developing intrusion detection systems by machine learning are present and discussed. A number of future research directions are also provided.

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

V. O. Sosnovyy,

DOI: https://doi.org/10.31673/2412-4338.2023.040109

2023-01-01

Telecommunication and information technologies

Abstract:The right security solutions in the information and communication world are critical to network security by providing real-time network protection against network vulnerabilities and data usage. An effective intrusion detection strategy is able to use a holistic approach to protect critical systems from unauthorized access or attacks. The paper examines the latest scientific achievements and research related to the analysis of detection of network intrusions using machine learning (ML) methods. The article describes a complex security solution based on machine learning (ML) for network intrusion detection using a complex controlled ML structure and ensemble feature selection methods. In addition, a comparative analysis of several MH models and function selection methods is provided. The article develops a general mechanism for detecting and achieving higher accuracy with a minimum frequency of false positive results (FPR). The paper uses datasets and the results show that the detection model can successfully identify 99.3% of intrusions with the lowest error rate of 0.5%, which shows better performance compared to existing solutions. The article combines the selection of ensemble functions and ensemble machine learning approaches as a detection mechanism in SBB to detect network anomalies. An experimental study was conducted with feature sets obtained from nine feature selection methods, and then these feature sets were combined to obtain the minimum number of features using majority voting. A comparative analysis of sets of functions was carried out. Controlled methods are used, which are more efficient with a balanced data set. To make the training dataset balanced, the data type (benign or attacking) with the minimum number of data instances in that training dataset was first selected. An ensemble feature selection and ensemble classification algorithm is implemented to improve the overall performance of the proposed machine learning model. Prospects for the development of further research are proposed.

Mouhammad Alkasassbeh,Mohammad Almseidin

DOI: https://doi.org/10.48550/arXiv.1809.02610

2018-09-02

Abstract:Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanisms that is used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity, and availability of the services. The speed of the IDS is a very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The J48, MLP, and Bayes Network classifiers have been chosen for this study. It has been proven that the J48 classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type DOS, R2L, U2R, and PROBE.

Networking and Internet Architecture,Cryptography and Security

Yu Guangxu

DOI: https://doi.org/10.3233/jifs-189520

2021-04-12

Abstract:The 21st century is an era of rapid development of the Internet. Internet technology is widely used in various fields. With the rapid development of network, the importance of network information security is also highlighted. The traditional network information security technology has been difficult to ensure the security of network information. Therefore, we mainly study the application of machine learning feature extraction method in situational awareness system. A feature selection method based on machine learning is proposed to extract situational features.By analyzing whether the background of network information is safe or not, and according to the current research situation at home and abroad and the trend of Internet development, this paper tries out the practical application of machine learning feature extraction method in a certain perception system. Based on the above points, a selection method based on machine learning is proposed to extract situational features. The accuracy and timeliness of situational awareness system detection are seriously affected by the high dimension, noise and redundant features of massive network traffic data.Therefore, it is of great value to further study network intrusion detection technology on the basis of machine learning.

Hao Fengping,Li Yi,Wang Jingjing

DOI: https://doi.org/10.1117/12.3013387

2023-01-01

Abstract:Communication network is an important part of social life, but it is extremely vulnerable to various network attacks, and the energy of data nodes in the network is limited, and abnormal behavior in the network cannot be detected in the highdimensional traffic data mode. Therefore, an intrusion behavior detection method based on machine learning algorithm was proposed to detect attack behavior in communication network in real time. Firstly, through the restricted Boltzmann machine algorithm model of machine learning, high-dimensional traffic data features are extracted and dimension reduction operation is carried out. Then, combined with the characteristics of communication network cluster structure, a multi-layer support vector machine classification model is established to detect network abnormal state. Finally, the public intrusion detection data set is used to verify the proposed intrusion behavior detection model. The experimental results show that the detection accuracy of the model for network traffic can reach 99.63%, in order to provide reference for further research on intrusion behavior detection methods in the future.

Ameera S. Jaradat,Malek M. Barhoush,Rawan S. Bani Easa

DOI: https://doi.org/10.11591/ijeecs.v25.i2.pp1151-1158

2022-02-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The main goal of intrusion detection system (IDS) is to monitor the network performance and to investigate any signs of any abnormalities over the network. Recently, intrusion detection systems employ machine learning techniques, due to the fact that machine learning techniques proved to have the ability of learning and adapting in addition to allowing a prompt response. This work proposes a model for intrusion detection and classification using machine learning techniques. The model first acquires the data set and transforms it in the proper format, then performs feature selection to pick out a subset of attributes that worth being considered. After that, the refined data set was processed by the Konstanz information miner (KNIME). To gain better performance and a decent comparative analysis, three different classifiers were applied. The anticipated classifiers have been executed and assessed utilizing the KNIME analytics platform using (CICIDS2017) datasets. The experimental results showed an accuracy rate ranging between (98.6) as the highest obtained while the average was (90.59%), which was satisfying compared to other approaches. The gained statistics of this research inspires the researchers of this field to use machine learning in cyber security and data analysis and build intrusion detection systems with higher accuracy.

Zeeshan Ahmad,Adnan Shahid Khan,Cheah Wai Shiang,Johari Abdullah,Farhan Ahmad

DOI: https://doi.org/10.1002/ett.4150

IF: 3.6

2020-10-16

Transactions on Emerging Telecommunications Technologies

Abstract:<p>The rapid advances in the internet and communication fields have resulted in a huge increase in the network size and the corresponding data. As a result, many novel attacks are being generated and have posed challenges for network security to accurately detect intrusions. Furthermore, the presence of the intruders with the aim to launch various attacks within the network cannot be ignored. An intrusion detection system (IDS) is one such tool that prevents the network from possible intrusions by inspecting the network traffic, to ensure its confidentiality, integrity, and availability. Despite enormous efforts by the researchers, IDS still faces challenges in improving detection accuracy while reducing false alarm rates and in detecting novel intrusions. Recently, machine learning (ML) and deep learning (DL)‐based IDS systems are being deployed as potential solutions to detect intrusions across the network in an efficient manner. This article first clarifies the concept of IDS and then provides the taxonomy based on the notable ML and DL techniques adopted in designing network‐based IDS (NIDS) systems. A comprehensive review of the recent NIDS‐based articles is provided by discussing the strengths and limitations of the proposed solutions. Then, recent trends and advancements of ML and DL‐based NIDS are provided in terms of the proposed methodology, evaluation metrics, and dataset selection. Using the shortcomings of the proposed methods, we highlighted various research challenges and provided the future scope for the research in improving ML and DL‐based NIDS.</p>

telecommunications

Wen Jie Tian,Ji Cheng Liu

DOI: https://doi.org/10.1109/CAR.2010.5456628

2010-01-01

Abstract:Intrusion Detection Systems (IDS) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively in effective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. An intrusion detection method based on neural network and particle swarm optimization algorithm (PSOA) is presented in this paper. The novel structure model has higher accuracy and faster convergence speed. With the ability of strong self-learning and faster convergence, this intrusion detection method can detect various intrusion behaviors rapidly and effectively by learning the typical intrusion characteristic information. Utilizing the character that rough set can keep the discernability of original dataset after reduction, the reduces of the original dataset are calculated and used to train neural network, which increase the detection accuracy. We apply this technique on KDD99 data set and get satisfactory results. The experimental result shows that this intrusion detection method is feasible and effective.

Jiang Shan,Chen Changai

DOI: https://doi.org/10.2991/isrme-15.2015.109

2015-01-01

Abstract:The security of software applications, from web-based applications to mobile services, is always at risk because of the open society of internet. With the increase in the number of network throughput and security threats, intrusion detection system has attracted much attention in recent years. In this paper, we undertake the research on the principle techniques for network intrusion detection based on data mining and analysis approach. We adopt the prior knowledge on Bayesian network which is a directed acyclic graph, each node represents a random variable and an edge said direct probabilistic dependencies between two connected nodes. Then, we use the traditional risk assessment model to measure the possibility of being hearted. The numeric analysis and experimental illustration indicates the effectiveness of our method compared with other popular adopted state-of-the-art methodologies. In the future, we plan to introduce the graph and complex network theory into our prototype system to enhance the performance.