Yuzhao Xu,Yanjing Sun,Zhanguo Ma,Hongjie Zhao,Yanfen Wang,Nannan Lu,,,

DOI: https://doi.org/10.20965/jaciii.2022.p0671

2022-09-20

Journal of Advanced Computational Intelligence and Intelligent Informatics

Abstract:Intrusion detection, as a technology used to monitor abnormal behavior and maintain network security, has attracted many researchers’ attention in recent years. Thereinto, association rule mining is one of the mainstream methods to construct intrusion detection systems (IDS). However, the existing association rule algorithms face the challenges of high false positive rate and low detection rate. Meanwhile, too many rules might lead to the uncertainty increase that affects the performance of IDS. In order to tackle the above problems, a modified genetic network programming (GNP) is proposed for class association rule mining. Specifically, based on the property that node connections in the directed graph structure of GNP can be used to construct attribute associations, we propose to introduce information gain into GNP node selection. The most important attributes are thus selected, and the irrelevant attributes are removed before the rule is extracted. Moreover, not only the uncertainty among the class association rules is alleviated and also time consumption is reduced. The extracted rules can be applied to any classifier without affecting the detection performance. Experiment results based on NSL-KDD and KDDCup99 verify the performance of our proposed algorithm.

Lijun Zhang,Xingyu Lu,Zhaoqiang Chen,Tianwei Liu,Qun Chen,Zhanhuai Li

DOI: https://doi.org/10.1016/j.neucom.2022.04.061

IF: 6

2022-01-01

Neurocomputing

Abstract:With increasing connectedness, network intrusion has become a critical security concern for modern information systems. The state-of-the-art performance of Network Intrusion Detection (NID) has been achieved by deep learning. Unfortunately, NID remains very challenging, and deep models may still mislabel many activities in real networks. Therefore, there is a need for risk analysis, which aims to know which activities may be mislabeled and why.

Yixuan Wu,Laisen Nie,Xuanrui Xiong,Balqies Sadoun,Lin Yang,Zhaolong Ning

DOI: https://doi.org/10.1109/tce.2023.3331907

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The Industry 5.0 (I5) incorporates numerous emerging technologies that enable the perception, management, interaction, and control of real physical objects. As cyber attacks are becoming more intelligent and accessible, I5 security issues are gaining increasing prominence. An intrusion detection system plays an important role in network security by detecting and identifying various security threats. However, owing to the limited computing and storage resources of users, it is difficult for I5 nodes to support large-scale network data collection and simultaneous transmission of the collected data. To address the above problems, this study investigates an intelligent intrusion detection technology for I5 security and develops a low-loss intrusion detection algorithm based on abnormal attacks. We first establish an incremental update feature selection method, which realises feature selection using a fuzzy rough set and a fuzzy knowledge distance. Subsequently, to reduce the decision loss of the selected features, we implement feature correlation using the fuzzy knowledge distance. Based on the selected features, we achieve incremental update intrusion detection using a graph attention network and a random forest. Simultaneously, we prove the convergence of the designed graph attention network in a specific scene. Finally, the experimental results show that our designed method has higher accuracy than existing methods.

Jinping Liu,Jiezhou He,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Jean Paul Niyoyita,Weihua Gui

DOI: https://doi.org/10.1016/j.knosys.2019.04.008

IF: 8.139

2019-01-01

Knowledge-Based Systems

Abstract:This paper presents an adaptive network intrusion detection (ANID) method based on the selective ensemble of kernel extreme learning machines (KELMs) with random features (termed ANID-SEoKELM), aiming at identifying various unauthorized uses, misuses and abuses of computer systems in real time. To generate a lightweight intrusion detector, multiple KELMs are learned independently based on the Bagging strategy with sparse random feature representation (SRFR), to reduce noise and redundant or irrelevant information in network connection instances and ensure the diversity of base learners for the effective ensemble of base learners. A marginal distance minimization (MDM)-based selective ensemble (MDMbSE) method is introduced to generate the ultimate intrusion detector. To ensure the adaptability of the intrusion detector, an incremental learning-based detection-model updating procedure is also derived. Extensive validation and comparative experiments on the benchmark KDD99 dataset and a hybrid heterogeneous network simulation platform mixed with wireless networks and Ethernet networks demonstrate that the ANID-SEoKELM is able to adapt to the dynamically changing network environments hence it can achieve higher detection accuracies stably and efficiently than classic single learner-based intrusion detection methods and representative ensemble-based intrusion detection methods.

Zhongyang Xiong,Yufang Zhang,Daijie Cheng,Daoqun Liu

2006-01-01

Abstract:Intrusion Detection System (IDS), a kind of dynamic security technique, is an important means for network security. Aimed at overcoming drawbacks such as the higher false alarms rate, the higher missing alarms rate and the lower efficiency existed in most current IDS, an improved intrusion detection model based on genetic algorithm and neural network is presented. The more advanced nonlinear mode of neural network is adopted other than the general intrusion detection mode based on intrusion actions. This intrusion detection model integrates misusing detection and anomaly detection, takes the data from host and network as data sources and combines genetic algorithm and neural network in order to improve adaptability and intelligence of IDS. The new fitness function is redesigned, and cross operator and mutation operator are modified in improved genetic algorithm. These meet the intrusion detection requirement and have better adaptability. The experiments on the KDD CUP 1999 data records of network connections verified that the model put forward is better and achieved the objection.

Xianwei Gao,Chun Shan,Changzhen Hu,Zequn Niu,Zhen Liu

DOI: https://doi.org/10.1109/access.2019.2923640

IF: 3.9

2019-01-01

IEEE Access

Abstract:In recent years, advanced threat attacks are increasing, but the traditional network intrusion detection system based on feature filtering has some drawbacks which make it difficult to find new attacks in time. This paper takes NSL-KDD data set as the research object, analyses the latest progress and existing problems in the field of intrusion detection technology, and proposes an adaptive ensemble learning model. By adjusting the proportion of training data and setting up multiple decision trees, we construct a MultiTree algorithm. In order to improve the overall detection effect, we choose several base classifiers, including decision tree, random forest, kNN, DNN, and design an ensemble adaptive voting algorithm. We use NSL-KDD Test+ to verify our approach, the accuracy of the MultiTree algorithm is 84.2%, while the final accuracy of the adaptive voting algorithm reaches 85.2%. Compared with other research papers, it is proved that our ensemble model effectively improves detection accuracy. In addition, through the analysis of data, it is found that the quality of data features is an important factor to determine the detection effect. In the future, we should optimize the feature selection and preprocessing of intrusion detection data to achieve better results.

Afaq Ahmed,Muhammad Asim,Irshad Ullah,Zainulabidin,Abdelhamied A Ateya

DOI: https://doi.org/10.7717/peerj-cs.2472

2024-11-26

Abstract:In today's digital era, advancements in technology have led to unparalleled levels of connectivity, but have also brought forth a new wave of cyber threats. Network Intrusion Detection Systems (NIDS) are crucial for ensuring the security and integrity of networked systems by identifying and mitigating unauthorized access and malicious activities. Traditional machine learning techniques have been extensively employed for this purpose due to their high accuracy and low false alarm rates. However, these methods often fall short in detecting sophisticated and evolving threats, particularly those involving subtle variations or mutations of known attack patterns. To address this challenge, our study presents the "Optimized Random Forest (Opt-Forest)," an innovative ensemble model that combines decision forest approaches with genetic algorithms (GAs) for enhanced intrusion detection. The genetic algorithms based decision forest construction offers notable benefits by traversing a wider exploration space and mitigating the risk of becoming stuck in local optima, resulting in the discovery of more accurate and compact decision trees. Leveraging advanced feature selection techniques, including Best-First Search, Particle Swarm Optimization (PSO), Evolutionary Search, and Genetic Search (GS), along with contemporary dataset, this research aims to enhance the adaptability and resilience of NIDS against modern cyber threats. We conducted a comprehensive evaluation of the proposed approach against several well-known machine learning models, including AdaBoostM1 (AbM1), K-nearest neighbor (KNN), J48-Decision Tree (J48), multilayer perceptron (MLP), stochastic gradient descent (SGD), naïve Bayes (NB), and logistic model tree (LMT). The comparative analysis demonstrates the effectiveness and superiority of our method across various performance metrics, highlighting its potential to significantly enhance the capabilities of network intrusion detection systems.

JiaMing Wang,Kai Yang,MinJing Li

DOI: https://doi.org/10.1371/journal.pone.0308639

IF: 3.7

2024-10-24

PLoS ONE

Abstract:With the rapid development of Industrial Internet of Things (IIoT), network security issues have become increasingly severe, making intrusion detection one of the key technologies for ensuring IIoT security. However, existing intrusion detection systems face challenges such as incomplete data features, missing labels, parameter leakage, and high communication overhead. To address these challenges, this paper proposes a federated learning-based intrusion detection algorithm (NIDS-FGPA) that utilizes gradient similarity model aggregation. This algorithm leverages a federated learning architecture and combines it with Paillier homomorphic encryption technology to ensure the security of the training process. Additionally, the paper introduces the Gradient Similarity Model Aggregation (GSA) algorithm, which dynamically selects and weights updates from different models to reduce communication overhead. Finally, the paper designs a deep learning model based on two-dimensional convolutional neural networks and bidirectional gated recurrent units (2DCNN-BIGRU) to handle incomplete data features and missing labels in network traffic data. Experimental validation on the Edge-IIoTset and CIC IoT 2023 datasets achieves accuracies of 94.5% and 99.2%, respectively. The results demonstrate that the NIDS-FGPA model possesses the ability to identify and capture complex network attacks, significantly enhancing the overall security of the network.

Ying Zhang,Peisong Li,Xinheng Wang

DOI: https://doi.org/10.1109/access.2019.2903723

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the advent of the Internet of Things (IoT), the security of the network layer in the IoT is getting more and more attention. The traditional intrusion detection technologies cannot be well adapted in the complex Internet environment of IoT. For the deep learning algorithm of intrusion detection, a neural network structure may have fine detection accuracy for one kind of attack, but it may not have a good detection effect when facing other attacks. Therefore, it is urgent to design a self-adaptive model to change the network structure for different attack types. This paper presents an intrusion detection model based on improved genetic algorithm (GA) and deep belief network (DBN). Facing different types of attacks, through multiple iterations of the GA, the optimal number of hidden layers and number of neurons in each layer are generated adaptively, so that the intrusion detection model based on the DBN achieves a high detection rate with a compact structure. Finally, the NSL-KDD dataset was used to simulate and evaluate the model and algorithms. The experimental results show that the improved intrusion detection model combined with DBN can effectively improve the recognition rate of intrusion attacks and reduce the complexity of the neural network structure.

Omar Almomani

DOI: https://doi.org/10.3390/sym12061046

2020-06-23

Symmetry

Abstract:The network intrusion detection system (NIDS) aims to identify virulent action in a network. It aims to do that through investigating the traffic network behavior. The approaches of data mining and machine learning (ML) are extensively used in the NIDS to discover anomalies. Regarding feature selection, it plays a significant role in improving the performance of NIDSs. That is because anomaly detection employs a great number of features that require much time. Therefore, the feature selection approach affects the time needed to investigate the traffic behavior and improve the accuracy level. The researcher of the present study aimed to propose a feature selection model for NIDSs. This model is based on the particle swarm optimization (PSO), grey wolf optimizer (GWO), firefly optimization (FFA) and genetic algorithm (GA). The proposed model aims at improving the performance of NIDSs. The proposed model deploys wrapper-based methods with the GA, PSO, GWO and FFA algorithms for selecting features using Anaconda Python Open Source, and deploys filtering-based methods for the mutual information (MI) of the GA, PSO, GWO and FFA algorithms that produced 13 sets of rules. The features derived from the proposed model are evaluated based on the support vector machine (SVM) and J48 ML classifiers and the UNSW-NB15 dataset. Based on the experiment, Rule 13 (R13) reduces the features into 30 features. Rule 12 (R12) reduces the features into 13 features. Rule 13 and Rule 12 offer the best results in terms of F-measure, accuracy and sensitivity. The genetic algorithm (GA) shows good results in terms of True Positive Rate (TPR) and False Negative Rate (FNR). As for Rules 11, 9 and 8, they show good results in terms of False Positive Rate (FPR), while PSO shows good results in terms of precision and True Negative Rate (TNR). It was found that the intrusion detection system with fewer features will increase accuracy. The proposed feature selection model for NIDS is rule-based pattern recognition to discover computer network attack which is in the scope of Symmetry journal.

multidisciplinary sciences

Jialiang Xie,Honghui Wang,Jonathan M. Garibaldi,Dongrui Wu

DOI: https://doi.org/10.1109/tfuzz.2021.3117441

IF: 12.253

2021-01-01

IEEE Transactions on Fuzzy Systems

Abstract:Network security requires effective detection and proper analysis of abnormal network behavior. To address the uncertainty associated with the process of network intrusion detection, this article proposes a network intrusion-detection algorithm based on dynamic intuitionistic fuzzy sets (IFSs). We use the classic network intrusion datasets KDD 99, NSL-KDD, and the massive, high-dimensional dataset UNSW-NB15 to evaluate the performance of our proposed algorithm. First, we perform data preprocessing on these three datasets and select features based on the results of a chi-square test. Second, using time-series processing, we construct dynamic intuitionistic fuzzy patterns from the feature-selected datasets. At last, we use a proposed distance measure for the dynamic IFSs to generate a classifier that facilitates the detection of network intrusion. Experimental results show that the classification performance of the proposed algorithm is superior to that of other state-of-the-art algorithms on the three aforementioned datasets. The achieved improvement in classification performance is particularly significant for large datasets.

Longjie Li,Yang Yu,Shenshen Bai,Jianjun Cheng,Xiaoyun Chen

DOI: https://doi.org/10.1155/2018/1578314

IF: 2.336

2018-01-01

Journal of Sensors

Abstract:In order to protect computing systems from malicious attacks, network intrusion detection systems have become an important part in the security infrastructure. Recently, hybrid models that integrating several machine learning techniques have captured more attention of researchers. In this paper, a novel hybrid model was proposed with the purpose of detecting network intrusion effectively. In the proposed model, Gini index is used to select the optimal subset of features, the gradient boosted decision tree (GBDT) algorithm is adopted to detect network attacks, and the particle swarm optimization (PSO) algorithm is utilized to optimize the parameters of GBDT. The performance of the proposed model is experimentally evaluated in terms of accuracy, detection rate, precision, F1-score, and false alarm rate using the NSL-KDD dataset. Experimental results show that the proposed model is superior to the compared methods.

Yuteng Guo,Beizhan Wang,Xinxing Zhao,Xiaobiao Xie

DOI: https://doi.org/10.1109/iccse.2010.5593765

2010-01-01

Abstract:In the Network Intrusion Detection, the large number of features increases the time and space cost, besides the irrelative redundant characteristics make the detection accuracy dropped. In order to improve detection accuracy and efficiency, a new Feature Selection method based on Rough Sets and improved Genetic Algorithms is proposed for Network Intrusion Detection. Firstly, the features are filtered by virtue of the Rough Sets theory; then in the remaining feature subset, the Optimal subset will be found out through the Genetic Algorithm improved with Population Clustering approach for the best ultimate optimized results. Finally, the effectiveness of the algorithm is tested on the classical KDD CUP 99 data sets, using the SVM classifier for performance evaluation. The experiment shows that the new method improves the accuracy and efficiency in Network Intrusion Detection compared with the related researches of the intrusion detection system.

Zouhair Chiba,Noreddine Abghour,Khalid Moussaid,Amina El omri,Mohamed Rida

DOI: https://doi.org/10.1016/j.cose.2019.06.013

2019-09-01

Abstract:<p>The appealing features of Cloud Computing continue to fuel its adoption and its integration in many sectors such industry, governments, education and entertainment. Nevertheless, uploading sensitive data to public cloud storage services poses security risks such as integrity, availability and confidentiality to organizations. Moreover, the open and distributed (decentralized) structure of the cloud has resulted this class of computing, prone to cyber attackers and intruders. Thereby, it is imperative to develop an anomaly network intrusion system to detect and prevent both inside and outside assaults in cloud environment with high detection precision and low false warnings. In this work, we propose an intelligent approach to build automatically an efficient and effective Deep Neural Network (DNN) based anomaly Network IDS using a hybrid optimization framework (IGASAA) based on Improved Genetic Algorithm (IGA) and Simulated Annealing Algorithm (SAA). The IDS resulted is called "MLIDS" (Machine Learning based Intrusion Detection System). Genetic Algorithm (GA) is improved through optimization strategies, namely Parallel Processing and Fitness Value Hashing, which reduce execution time, convergence time and save processing power. Moreover, SAA was incorporated to IGA with the aim to optimize its heuristic search. Our approach consists of using IGASAA in order to search the optimal or near-optimal combination of most relevant values of the parameters included in construction of DNN based IDS or impacting its performance, like feature selection, data normalization, architecture of DNN, activation function, learning rate and Momentum term, which ensure high detection rate, high accuracy and low false alarm rate. For simulation and validation of the proposed method, CloudSim 4.0 simulator platform and three benchmark IDS datasets were used, namely CICIDS2017, NSL-KDD version 2015 and CIDDS-001. The implementation results of our model demonstrate its ability to detect intrusions with high detection accuracy and low false alarm rate, and indicate its superiority in comparison with state-of-the-art methods.</p>

computer science, information systems

Shubhra Dwivedi,Manu Vardhan,Sarsij Tripathi,Alok Kumar Shukla

DOI: https://doi.org/10.1007/s12065-019-00293-8

2019-09-21

Evolutionary Intelligence

Abstract:Intrusion detection has become important to network security because of the increasing connectivity between computers and internet. Various Intrusion Detection Systems have been investigated to protect web or networks using several evolutionary methods and classification techniques. In this study, we propose a new technique by combining Ensemble of Feature Selection (EFS) and Adaptive Grasshopper Optimization Algorithm (AGOA) methods, called EFSAGOA which can help to identify the types of attack. In the proposed approach, initially, EFS method is applied to rank the attribute for selecting the high ranked subset of attributes. Then, AGOA is employed to determine important attributes from the reduced datasets that can contribute to predict the networks traffic behavior. Furthermore, adaptive behavior of GOA uses to decide whether a record represents an anomaly or not, differing from some approaches acquainted in the literature. AGOA uses the Support Vector Machine (SVM) as a fitness function to choose the extremely efficient features and to maximize the classification performance. In addition, it is also applied to optimize the penalty factor (C), kernel parameter <span class="InlineEquation">\((\sigma )\)</span>, and tube size <span class="InlineEquation">\((\epsilon )\)</span> of SVM classifier. The performance of EFSAGOA has been evaluated on modern intrusion data as ISCX 2012. The experimental results demonstrate that the proposed method performs better and obtain high detection rate, accuracy, and low false alarm rate compared to other state-of-art techniques in ISCX 2012 data.

Jia Liu,Wang Yinchai,Teh Chee Siong,Xinjin Li,Liping Zhao,Fengrui Wei

DOI: https://doi.org/10.21203/rs.3.rs-1770107/v1

2022-01-01

Abstract:Abstract Intrusion detection is a fuzzy classification problem. Intrusion detection can detect the attack behaviors of hackers in advance. For generating a visualizing architecture for identifying intrusions, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System), DT (Decision Tree), and K-means clustering algorithm for visualizing the deep pattern of intrusion detection. The ANFIS generates complex and fuzzy combinations of selected attributes. To reduce the rules generation of ANFIS, Pearson Correlation analysis is used to select attributes that highly relate to the target. Meanwhile, standard deviation analysis and a proposed adaptive K-means algorithm are used for determining the interval division of selected attributes. Then, the CART (classification and regression tree) is used to identify the deep mode in generated rules and selected attributes. The architecture of the proposed algorithm is a hybrid visualizing approach. The architecture can identify deep and hybrid features in intrusion detection. The proposed algorithm was trained, validated, and tested on the NSL-KDD dataset. Using 22 attributes that highly relate to the target, the performance of the proposed method achieved a 99.86% detection rate and 0.14% false alarm rate, which is better than many classifiers. Besides, the visualizing model can help us visually identify the complex pattern of intrusions and analyze the pattern of various intrusions.

Zhao Yongli,Zhang Yungui,Tong Weiming,Chen Hongzhi

DOI: https://doi.org/10.1109/sns-pcs.2013.6553837

2013-01-01

Abstract:Network Intrusion Detection System (NIDS) plays an important role in providing network security. Efficient NIDS can be developed by defining a proper rule set for classifying network audit data into normal or attack patterns. Generally, each dataset is characterized by a large set of features, but not all features will be relevant or fully contribute identifying an attack. Since different attacks need different subsets to have better detection accuracy, this paper describes an improved feature selection algorithm to identify most appropriate subset of features for a certain attack. The proposed method is based on MAHALANOBIS Distance feature ranking and an improved exhaustive search to choose a better combination of features. We evaluate the approach on the KDD CUP 1999 datasets using SVM classifier and KNN classifier. The results show that classification is done with high classification rate and low misclassification rate with the reduced feature subsets.

Jia Liu,Wang Yinchai,Teh Chee Siong,Xinjin Li,Liping Zhao,Fengrui Wei

DOI: https://doi.org/10.1038/s41598-022-23765-x

2022-12-01

Abstract:For generating an interpretable deep architecture for identifying deep intrusion patterns, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System) and DT (Decision Tree) for interpreting the deep pattern of intrusion detection. Meanwhile, for improving the efficiency of training and predicting, Pearson Correlation analysis, standard deviation, and a new adaptive K-means are used to select attributes and make fuzzy interval decisions. The proposed algorithm was trained, validated, and tested on the NSL-KDD (National security lab-knowledge discovery and data mining) dataset. Using 22 attributes that highly related to the target, the performance of the proposed method achieves a 99.86% detection rate and 0.14% false alarm rate on the KDDTrain+ dataset, a 77.46% detection rate on the KDDTest+ dataset, which is better than many classifiers. Besides, the interpretable model can help us demonstrate the complex and overlapped pattern of intrusions and analyze the pattern of various intrusions.

Liang Hu,Zhen Zhang,Huanyu Tang,Nannan Xie

DOI: https://doi.org/10.1109/icnc.2015.7378148

2015-01-01

Abstract:Faced with high dimensional and large amount of data, network intrusion detection is always the focus of current research in the network security field. With the advantages of nonlinear, distributed storage and easily computing, Artificial Neural Networks (ANNs) are widely used in machine learning and pattern recognition fields. In this paper, we adopt a feature selection algorithm based on Fisher to select feature subsets, and three typical neural network algorithms for classification in order to improve the results of the intrusion detection. Experiments adopt KDD'99 as the data set, and use the accuracy, false positive rate and false negative rate, to evaluate the feasibility and effectiveness of the three neural networks. And as a result, the experiments show that the algorithms have acceptable performance in intrusion detection.

JIANG Jia-tao,LIU Zhi-jie,XIE Xiao-yao

2011-01-01

Abstract:With increasing serious situation of network security and network defects in the agreement itself,it is incompetent to use the traditional way of a firewall.A fuzzy neural network model of integrated intrusion detection is proposed to improve the ability of intrusion prevention in a network.First,the data stream is obtained from the network,and the fuzzy approach is used to perform data pre-processing on characteristics of invasion.Then,the training and testing data is received by the integrated fuzzy neural network module from the data pre-processing module.Through repeated training and learning,the weights of nodes in the sub-trees converge to determine values.When training is completed,the model is used to detect the network data.The response module receives the results of the fuzzy neural network module and makes the appropriate response.In the experiment,the network intrusion detection datasets,a part of KDDCUP99,are used to evaluate the integrated fuzzy neural network,and are compared to a single neural network model.On the whole,the result shows that the fuzzy neural network ensemble method results are more stable.It slightly reduces the false alarm rate,false negative rate and false positive rate and significantly improves on accuracy and ability of datasets generalization.