张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

李辉,蔡忠闽,韩崇昭,管晓宏

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.09.008

2003-01-01

Abstract:State of the art of the Intrusion Detection technology is investigated and a new IDS inference framework and prototype based on information fusion is proposed. The new framework is to solve the problems of existing IDS——high false positive rate and incapable of detection of coordinated attacks. The prototype employ Bayesian Network to do information fusion and goal-tree to analyze intensions of coordinated attacks and quantify the security risk of system. The prototype is more integral than existing IDS and easier to find coordinated attacks with lower false positive rate.

Yong ZHANG,De-yun ZHANG,Sheng-lei LI,Xu-xian IANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2001.01.011

2001-01-01

Abstract:In this paper the traditional intrusion detection technology is analyzed . analys and presents a intrusion detection framework based on hierarchical structure . The technologies such as agent、expert system、computer immunology、distributed system are integrated to construct a strong intrusion detection framework.

TAN Min,HU Xiao-long,LIU Lian-chen

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.07.055

2008-01-01

Abstract:In view of the weakness of current intrusion detection system and intrusion analysis method,a distributed fusing multi detection technology intrusion detection system model based on multi-Agent is brought forward.Apart from traditional analysis technology,file integrity analysis method based on mobile agent is added to the analysis Agent too.The model realizes the dist-ribution of intrusion detection,owns good scalability,improves the accuracy of intrusion detection,enhances the intrusion detection system's capability by using multi detection technology.So it can meet extensive security demand of the distributed network envi-ronment.

Ambareen Siraj,Rayford B. Vaughn,Susan M. Bridges,A. Siraj,R.B. Vaughn,S.M. Bridges

DOI: https://doi.org/10.1109/hicss.2004.1265658

2004-01-01

Abstract:Most modern intrusion detection systems employ multiple intrusion sensors to maximize their trustworthiness. The overall security view of the multi-sensor intrusion detection system can serve as an aid to appraise the trustworthiness in the system. This paper presents our research effort in that direction by describing a Decision Engine for an Intelligent Intrusion Detection System (IIDS) that fuses information from different intrusion detection sensors using an artificial intelligence technique. The Decision Engine uses Fuzzy Cognitive Maps (FCMs) and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process. In this paper, we report on the workings of the Decision Engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research (CCSR), Mississippi State University.

Rasheed Ahmad,Izzat Alsmadi,Ahmad, Rasheed

DOI: https://doi.org/10.1007/s10586-024-04365-y

2024-03-27

Cluster Computing

Abstract:The increasing frequency and sophistication of cyber-attacks pose significant threats to organizational entities and critical national infrastructure, leading to substantial financial and operational consequences. Detecting such attacks early and accurately remains a complex endeavour, compounded by challenges in intrusion detection system (IDS) design, the exploitation of zero-day attacks, and issues of reliability and resiliency in physical systems. This research addresses these challenges through a two-fold approach: firstly, implementing input data fusion from diverse and heterogeneous sources, and secondly, fusing classifiers from multiple deep learning (DL)-based algorithms. The success of machine learning (ML) and DL models for IDS relies on meticulous data collection and classifier selection. The paper underscores the limitations of relying on single datasets and ML/DL algorithms, emphasizing potential biases and training restrictions. Rigorous experiments were conducted to identify optimal DL architectures, ensuring the creation of models that exhibit robust generalization on new traffic instances, leading to trusted and unbiased results. The study demonstrates the efficacy of the proposed models through comprehensive evaluations and metrics. Results indicate that the fusion of data and classifiers significantly improves model generalization. The paper also outlines key challenges and future trends in data fusion, emphasizing its role in enhancing IDS performance for securing critical infrastructure.

computer science, information systems, theory & methods

Ming Liu,Zhi Xue,Xiangjian He

DOI: https://doi.org/10.1109/mce.2020.3048314

2020-01-01

IEEE Consumer Electronics Magazine

Abstract:The embedded system is an essential component of the Internet of Everything. Recently, host-based intrusion detection techniques have been widely applied to embedded systems effectively. However, the traditional standalone intrusion detection system has several shortcomings in terms of efficiency and scalability. In this article, a two-tier scalable intrusion detection framework is designed for embedded systems to address these shortcomings. The framework is based on Spark and is deployed in the cloud environment. The experiments show that the proposed framework can effectively improve the detection efficiency and scalability.

Feilu Hang,Linjiang Xie,Zhenhong Zhang,Jian Hu

DOI: https://doi.org/10.12694/scpe.v25i4.2862

2024-06-16

Abstract:This paper proposes an adaptive Wedman intrusion detection algorithm (AID-DFS) for data fusion. Firstly, feature extraction of abnormal text detection is carried out using a BI-gated loop (Bi-GRU). Multi-branch convolutional recurrent neural network (CNN-RNN) extracts hierarchical features from abnormal images. The multi-mode dynamic fusion uses the intermodal and intramodal attention mechanisms. In this way, a joint representation of multiple modes is obtained. The visual perception mechanism is used to realize multichannel integration and strengthen the function of original information in multichannel. The experimental results show that the proposed method has 99.6% accuracy and 94.9% accuracy. Compared with other algorithms, the proposed method can improve the performance of the intrusion system by about 10.2%.

CAO Zhigang,WANG Shenkang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.058

2005-01-01

Abstract:The framework model proposed in this paper is a distributed intrusion detecting system based on a tridimensional agent.The framework is an open system, which has good scalability. It adopts a central controlling module and a detecting module for side-by-side agent, which can dependently control and process. It also can track in and note the intrusing data, then test it. The state-checking mechanism and policy of authentication in this model ensure the security of the agents themselves and the communication among them.

Chongzhen Zhang,Yanli Chen,Yang Meng,Fangming Ruan,Runze Chen,Yidan Li,Yaru Yang

DOI: https://doi.org/10.1155/2021/6610675

IF: 1.968

2021-01-25

Security and Communication Networks

Abstract:Traditional machine learning-based intrusion detection often only considers a single algorithm to identify intrusion data, lack of the flexibility method, low detection rate, no handing high-dimensional data, and cannot solve these problems well. In order to improve the performance of intrusion detection system, a novel general intrusion detection framework was proposed in this paper, which consists of five parts: preprocessing module, autoencoder module, database module, classification module, and feedback module. The data processed by the preprocessing module are compressed by the autoencoder module to obtain a lower-dimensional reconstruction feature, and the classification result is obtained through the classification module. Compressed features of each traffic are stored in the database module which can both provide retraining and testing for the classification module and restore these features to the original traffic for postevent analysis and forensics. For evaluation of the framework performance proposed, simulation was conducted with the CICIDS2017 dataset to the real traffic of the network. As the experimental results, the accuracy of binary classification and multiclass classification is better than previous work, and high-level accuracy was reached for the restored traffic. At the last, the possibility was discussed on applying the proposed framework to edge/fog networks.

computer science, information systems,telecommunications

耿立中,贾惠波

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2011.04.010

2011-01-01

Abstract:The bottleneck formation of intrusion detection leaning in the network-attached storage（NAS） application was analyzed to increase the NAS security framework efficiency and show that the learning cost of intrusion detection methods shows exponential growth with increasing knowledge and the bottleneck seriously restricts the detection performance,which can be solved using information fusion technologies.A NAS security framework was then designed and implemented by fusing two different intrusion detection methods,the storage based intrusion detection method and the system call based intrusion detection method.The experimental results demonstrate that the framework can more effectively retard intrusion with the overall detection capability increasing by 15%.

JIANG Jia-tao,LIU Zhi-jie,XIE Xiao-yao

2011-01-01

Abstract:With increasing serious situation of network security and network defects in the agreement itself,it is incompetent to use the traditional way of a firewall.A fuzzy neural network model of integrated intrusion detection is proposed to improve the ability of intrusion prevention in a network.First,the data stream is obtained from the network,and the fuzzy approach is used to perform data pre-processing on characteristics of invasion.Then,the training and testing data is received by the integrated fuzzy neural network module from the data pre-processing module.Through repeated training and learning,the weights of nodes in the sub-trees converge to determine values.When training is completed,the model is used to detect the network data.The response module receives the results of the fuzzy neural network module and makes the appropriate response.In the experiment,the network intrusion detection datasets,a part of KDDCUP99,are used to evaluate the integrated fuzzy neural network,and are compared to a single neural network model.On the whole,the result shows that the fuzzy neural network ensemble method results are more stable.It slightly reduces the false alarm rate,false negative rate and false positive rate and significantly improves on accuracy and ability of datasets generalization.

Jingyi Zhu,Xiufeng Liu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109113

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Gou Jin,Yang Jiangang,Chen Qian

2005-01-01

Abstract:This paper presents a compound intrusion detection model based on a knowledge fusion algorithm. The proposed method suggests a set of related pattern knowledge objects with a well-defined structure, which instructs that pattern knowledge can be used for misuse detection or anomaly detection or both of them. Fusion algorithm is used to fuse original or real time knowledge objects to generate new useful ones and destroy those who may lead to miscar-riage of justice. In contrast with the conventional intrusion detection models, process in the paper combines anomaly and misuse detection so that it eliminates the flaws of a narrow definition for intrusion patterns and extends the known intrusions patterns to novel intrusions patterns. The experimental results show the feasibility of design rationale.

Ahlem Abid,Farah Jemili,Ouajdi Korbaa

DOI: https://doi.org/10.1007/s10586-023-04087-7

2023-06-25

Cluster Computing

Abstract:Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks.

computer science, information systems, theory & methods

Li-zhong Geng,Hui-bo Jia

DOI: https://doi.org/10.1109/CIS.2009.262

2009-01-01

Abstract:There are many researches which focus on the security of network-attached storages. The cryptology tools can protect the storages against non-authorized access, but turned out ineffective when malicious authenticated users attack inside. Also the intrusion detection methods are applied in the network-attached storages, such as, storage-based intrusion detection method and the intrusion detection method based on system calls. However, these methods couldn't obtain higher Detection Rates with lower False Positive Rates. This paper proposes a novel intrusion detection scheme to merge the two methods with multi-source information fusion technology. The fusion optimization strategy is provided to guarantee that the fusion scheme can make a more accuracy decision for the suspicious behaviors with more information gathered from different levels of the system. Also the intrusion detection modules in the new scheme can be "self-learning" and update the profiles by themselves. Experimental results demonstrate that the over capability of new fusion intrusion detection scheme increased by 15%. © 2009 IEEE.

Qing Ye,Xiaoping Wu,Gaofeng Huang

DOI: https://doi.org/10.1109/ICFCC.2010.5497340

2010-01-01

Abstract:An intrusion is defined as any set of actions that compromise the integrity, confidentiality or availability of a resource. Data mining is to identify valid, novel, potentially useful, and ultimately understandable patterns in massive data. It is demanding to apply data mining techniques to detect various intrusions. This paper presents an approach to detect intrusion based on data mining frame work. In the framework, intrusion detection is thought of as clustering. The reduction algorithm is presented to cancel the redundant attribute set and obtain the optimal attribute set to form the input of the FCM. To find the reasonable initial centers easily, the advanced FCM is established, which improves the performance of intrusion detection since the traffic is large and the types of attack are various. In the illustrative example, the number of attributes is reduced greatly and the detection is in a high precision for the attacks of DoS and Probe, a low false positive rate in all types of attacks. ©2010 IEEE.

Peifeng Liang,Lina Yang,Zenggang Xiong,Xuemin Zhang,Gang Liu

DOI: https://doi.org/10.1109/jiot.2024.3369034

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) technology and systems have penetrated every aspect of our lives and generated enormous economic benefits. At the same time, research on the data security of IoT systems has been one of the key topics in IoT fields. Network attacks and intrusions have become the main threats to the data security of the IoTs, which have become the main obstacles to the development and application of the IoTs. In this article, we propose an intrusions and attack detection model to ensure the data security of IoT systems by using the Transformer model and multiwavelets learning. Based on the architecture of IoT systems, we first proposed a multi-level intrusion detection model to detect attack data in the cloud layer and edge terminal layer. In this detection model, a Transformer model and discrete wavelet transform (DWT) based approach is proposed to ensure the effectiveness and accuracy of the model. To extract and make full use of frequency information of traffic data in an IoT network, we embed DWT technique and multiwavelets learning into the Transformer model to propose a novel DWT-based Transformer architecture, which achieves outstanding performance in detecting intrusion actions. Simulating on IoT system in laboratory environment, the proposed security prediction model achieves pretty good performance in predicting intrusion actions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Muneeba Nasir,Abdul Rehman Javed,Muhammad Adnan Tariq,Muhammad Asim,Thar Baker

DOI: https://doi.org/10.1007/s11227-021-04250-0

IF: 3.3

2022-01-13

The Journal of Supercomputing

Abstract:Devices belonging to the realm of edge Internet of Things (IoT) are becoming highly susceptible to intrusion attacks. The large-scale development in edge IoT, ease of availability, and affordability have drastically increased its usage in the real world. The business market revolves around producing better, innovative, and appealing products every day. However, security is often left unchecked to achieve these standards. Therefore, vulnerabilities present in these devices make them susceptible to various intrusion attacks. We devised a model named DF-IDS for detecting intrusions in IoT traffic. DF-IDS consists of two main phases: In the 1stdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$1^{st}$$end{document} phase, it comparatively selects the best features from the feature matrix using SpiderMonkey (SM), principle component analysis (PCA), information gain (IG), and correlation attribute evaluation (CAE). In the 2nddocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$2^{nd}$$end{document} phase, these features along with assigned labels are used to train a deep neural network for intrusion detection. DF-IDS achieves an accuracy of 99.23% with an F1-score of 99.27%. It shows improvement not only in accuracy but also in F1 score as compared to the other comparative models and existing studies.