Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Jia Liu,Wang Yinchai,Teh Chee Siong,Xinjin Li,Liping Zhao,Fengrui Wei

DOI: https://doi.org/10.1038/s41598-022-23765-x

2022-12-01

Abstract:For generating an interpretable deep architecture for identifying deep intrusion patterns, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System) and DT (Decision Tree) for interpreting the deep pattern of intrusion detection. Meanwhile, for improving the efficiency of training and predicting, Pearson Correlation analysis, standard deviation, and a new adaptive K-means are used to select attributes and make fuzzy interval decisions. The proposed algorithm was trained, validated, and tested on the NSL-KDD (National security lab-knowledge discovery and data mining) dataset. Using 22 attributes that highly related to the target, the performance of the proposed method achieves a 99.86% detection rate and 0.14% false alarm rate on the KDDTrain+ dataset, a 77.46% detection rate on the KDDTest+ dataset, which is better than many classifiers. Besides, the interpretable model can help us demonstrate the complex and overlapped pattern of intrusions and analyze the pattern of various intrusions.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1007/11576235_58

2005-01-01

Abstract:Intrusion Detection is an essential and critical component of network security systems. The key ideas are to discover useful patterns or features that describe user behavior on a system, and use the set of relevant features to build classifiers that can recognize anomalies and known intrusions, hopefully in real time. In this paper, a hybrid neural network technique is proposed, which consists of the self-organizing map (SOM) and the radial basis function (RBF) network, aiming at optimizing the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach performance especially in terms of both efficient and accuracy.

Zhang, Yanling,Liu, Haolin,Dong, Xiaoju,Li, Chenlu,Zhang, Zexi

DOI: https://doi.org/10.1007/s12650-021-00789-5

IF: 1.7

2021-01-01

Journal of Visualization

Abstract:Cyber security issues are always worthy of attention. Intrusion detection system (IDS) is one of approaches used to protect computer system and identify potential attack. However, existing methods are limited by high-dimensional computational complexity in rare or unknown attack detection task. To improve the ability of detecting anomaly intrusions, a hybrid intrusion detection framework is proposed in this paper. The proposed RuleRCD algorithm first uses fuzzy association rules based on Apriori and K -Means algorithm for normal pattern and major attack detection. The other data are then fed to an active learning-based rare category detection algorithm to identify its attack pattern. This paper also introduces an interactive visualization system, which integrates experts’ decision into intrusion detection workflow. The method improves the effectiveness and interpretability of detection process. KDD-99 dataset is used to evaluate the proposed framework. The result shows that the approach outperforms some methods, especially in terms of the rare attack.

Chao Liu,Zhaojun Gu,Jialiang Wang

DOI: https://doi.org/10.1109/access.2021.3082147

IF: 3.9

2021-01-01

IEEE Access

Abstract:Digital assets have come under various network security threats in the digital age. As a kind of security equipment to protect digital assets, intrusion detection system (IDS) is less efficient if the alert is not timely and IDS is useless if the accuracy cannot meet the requirements. Therefore, an intrusion detection model that combines machine learning with deep learning is proposed in this paper. The model uses the k-means and the random forest (RF) algorithms for the binary classification, and distributed computing of these algorithms is implemented on the Spark platform to quickly classify normal events and attack events. Then, by using the convolutional neural network (CNN), long short-term memory (LSTM), and other deep learning algorithms, the events judged as abnormal are further classified into different attack types finally. At this stage, adaptive synthetic sampling (ADASYN) is adopted to solve the unbalanced dataset. The NSL-KDD and CIS-IDS2017 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed model has better TPR for most of attack events, faster data preprocessing speed, and potentially less training time. In particular, the accuracy of multi-target classification can reach as high as 85.24% in the NSL-KDD dataset and 99.91% in the CIC-IDS2017 dataset.

computer science, information systems,telecommunications,engineering, electrical & electronic

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

Tao Ma,Yang Yu,Fen Wang,Qiang Zhang,Xiaoyun Chen

DOI: https://doi.org/10.1007/978-981-10-3187-8_13

2017-01-01

Abstract:This paper proposes a novel approach called KDSVM, which utilized the k-mean techniques and advantage of feature learning with deep neural network (DNN) model and strong classifier of support vector machines (SVM) , to detection intrusion networks. KDSVM is composed of two stages. In the first step, the dataset is divided into k subset based on every sample distance by the cluster centers of k-means approach, and in the second step, testing dataset is distanced by the same cluster center and fed into the DNN model with SVM model for intrusion detection. The experimental results show that the KDSVM not only performs better than SVM, BPNN, DBN-SVM (Salama et al., Soft computing in industrial applications, 2011 [21]) and Bayes tree models in terms of detection accuracy and abnormal types of attacks found. It also provides an effective tool for the study and analysis of intrusion detection in the large network.

Weiwu Ren,Liang Hu,Kuo Zhao,Jianfeng Chu

DOI: https://doi.org/10.12733/jcis6597

2013-01-01

Journal of Computational Information Systems

Abstract:Decision tree and hierarchical clustering in application of the field of intrusion detection have its own advantages and disadvantages. For purposes of covering up the shortcomings of each other and searching an optimal balance between them, a multiple-level hybrid intrusion detection system based on hierarchical clustering and decision tree has been proposed. Misuse modules and anomaly modules are organized by a multiple-level hybrid tree. According to the actual performance, misuse module or anomaly module is selected to be the detector. A series of experiment results on well-known KDD Cup 1999 data sets indicate that the hybrid model has good performance in both detection and real time. © 2013 by Binary Information Press.

Sahar. Soussa,T. Nazmy,M. Hashem,Sahar Selim

Abstract:Intrusion detection is a critical process in network security. Nowadays new intelligent techniques have been used to improve the intrusion detection process. This paper proposes a hybrid intelligent intrusion detection system to improve the detection rate for known and unknown attacks. We examined different neural network & decision tree techniques. The proposed model consists of multi-level based on hybrid neural network and decision tree. Each level is implemented with the technique which gave best experimental results. From our experimental results with different network data, our model achieves correct classification rate of 93.2%, average detection rate about 95.6%; 99.5% for known attacks and 87% for new unknown attacks, and 9.4% false alarm rate. Keywords-component; network intrusion detection; neural network; Decision Tree; NSL-KDD dataset

Engineering,Computer Science

Yuluo Hou,Yusheng Fu,Jinhong Guo,Jie Xu,Renting Liu,Xin Xiang

DOI: https://doi.org/10.1007/s12652-022-04350-6

IF: 3.662

2022-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:In recent years, deep learning techniques have been widely applied to network intrusion detection. However, current detection methods suffer from a low detection rate, rendering them useless in fighting unknown attacks. Thus, in this article, we proposed a hybrid detection system based on deep learning techniques. First, to understand comprehensively the pattern of normal network traffic and anomaly detection, a designed nonsymmetric autoencoder (NAE) is proposed. The NAE extracts the latent feature of network traffic with two different convolution neural networks and multiple linear layers are applied to the NAE’s decoder to reconstruct the input. Besides, a latent feature extraction scheme using the NAE encoder is proposed and a deep neural network (DNN) is trained with this latent feature to achieve detection. In addition, in order to strengthen system stability, a hybrid scheme is proposed that considers the detection results of NAE and DNN, and makes the comprehensive decision. Experiments are performed on the NSL-KDD, N-baIoT and BoT-IoT datasets respectively to evaluate the proposed hybrid model. The evaluation is carried out through classification evaluation indexes such as accuracy, precision, recall, F1-score. The results have shown that our proposed hybrid model gets the best detection ability of abnormal traffic compared with several state-of-the-art intrusion detection methods.

Mousa Alizadeh,Sadegh E Mousavi,Mohammad T H Beheshti,Ali Ostadi

DOI: https://doi.org/10.1109/icspis54653.2021.9729365

2021-12-29

Abstract:In terms of network topology, one of the extensively utilized technologies is the intrusion detection system (IDS). Despite applying numerous machine learning approaches (supervised and unsupervised) to enhance efficacy, reaching high-grade performance is still a challenging problem for existing intrusion detection algorithms. This study presents a new technique for IDS that focuses on various deep neural networks (DNNs) and their combination for data classification. The proposed model consists of three parts: (1) the feature selection is composed of an intersection of mutual information based on the transductive model (MIT-MIT), Anova F-value, and Genetic Algorithm (GA) methods, (2) the second section is a classifier network using a hybrid CNN-LSTM algorithm, and (3) the hyperparameter optimization module that puts to use Firefly, BAT, and Gray Wolf algorithms. In order to validate and verify the suggested model via accuracy, F1 score, recall, and precision criteria, a benchmark dataset, namely, NSL-KDD, is employed, which compares the proposed method with the highly developed classifiers. The comparison outcomes confirmed the surpassing of the presented strategy over contrast algorithms.

Jialiang Xie,Honghui Wang,Jonathan M. Garibaldi,Dongrui Wu

DOI: https://doi.org/10.1109/tfuzz.2021.3117441

IF: 12.253

2021-01-01

IEEE Transactions on Fuzzy Systems

Abstract:Network security requires effective detection and proper analysis of abnormal network behavior. To address the uncertainty associated with the process of network intrusion detection, this article proposes a network intrusion-detection algorithm based on dynamic intuitionistic fuzzy sets (IFSs). We use the classic network intrusion datasets KDD 99, NSL-KDD, and the massive, high-dimensional dataset UNSW-NB15 to evaluate the performance of our proposed algorithm. First, we perform data preprocessing on these three datasets and select features based on the results of a chi-square test. Second, using time-series processing, we construct dynamic intuitionistic fuzzy patterns from the feature-selected datasets. At last, we use a proposed distance measure for the dynamic IFSs to generate a classifier that facilitates the detection of network intrusion. Experimental results show that the classification performance of the proposed algorithm is superior to that of other state-of-the-art algorithms on the three aforementioned datasets. The achieved improvement in classification performance is particularly significant for large datasets.

LIU Yong,SUN Dong-hong,CHEN You,WANG Wan-shan

DOI: https://doi.org/10.3969/j.issn.1005-3026.2010.07.006

2010-01-01

Abstract:A feature selection algorithm can improve efficiently the detection speed and result, with irrelevant and redundant data eliminated and denoised in an intrusion detection system. Taking advantage of the algorithm, a new hybrid feature selection algorithm based on the principal component analysis (PCA) in combination with decision tree algorithm (C4.5) was proposed to develop a lightweight intrusion detection system. Verifying the proposed algorithm in detail via tests with the KDD 1999 dataset, the algorithm was proved that it is available to not only ensure the high detection rate and low false alarm rate but also improve obviously the training/testing time of the intrusion detection system. Furthermore, as a result of comparative tests, the algorithm is superior to GA-SVM algorithm in training/testing time, detection rate and false alarm rate.

Jianqi Zhu,Jian Mu,Da Wei,Bao Feng,Youjin Wang,Kexin Yin

DOI: https://doi.org/10.1109/iccsn.2017.8230280

2017-01-01

Abstract:In order to solve the problem of low intrusion detection rate and weak generalization ability of Intrusion Detection System (IDS), it proposes a new hybrid method based on the relationship of feature and spatial correlation for IDS. The proposed IDS reduces the dimension of network data flow by spatial correlation-based dimension reduction method (SCDR). It improves the effectiveness of intrusion detection, and the negative feedback learning method can also improve the generalization ability of IDS. Experiments show that the method in this paper can improve the detection rate notably and also enhance the detection ability of unknown attacks.

Jiadong Ren,Jiawei Guo,Wang Qian,Huang Yuan,Xiaobing Hao,Hu Jingjing

DOI: https://doi.org/10.1155/2019/7130868

IF: 1.968

2019-06-16

Security and Communication Networks

Abstract:Intrusion detection system (IDS) can effectively identify anomaly behaviors in the network; however, it still has low detection rate and high false alarm rate especially for anomalies with fewer records. In this paper, we propose an effective IDS by using hybrid data optimization which consists of two parts: data sampling and feature selection, called DO_IDS. In data sampling, the Isolation Forest (iForest) is used to eliminate outliers, genetic algorithm (GA) to optimize the sampling ratio, and the Random Forest (RF) classifier as the evaluation criteria to obtain the optimal training dataset. In feature selection, GA and RF are used again to obtain the optimal feature subset. Finally, an intrusion detection system based on RF is built using the optimal training dataset obtained by data sampling and the features selected by feature selection. The experiment will be carried out on the UNSW-NB15 dataset. Compared with other algorithms, the model has obvious advantages in detecting rare anomaly behaviors.

computer science, information systems,telecommunications

Gang Wang,Jinxing Hao,Jian Ma,Lihua Huang

DOI: https://doi.org/10.1016/j.eswa.2010.02.102

IF: 8.5

2010-01-01

Expert Systems with Applications

Abstract:Many researches have argued that Artificial Neural Networks (ANNs) can improve the performance of intrusion detection systems (IDS) when compared with traditional methods. However for ANN-based IDS, detection precision, especially for low-frequent attacks, and detection stability are still needed to be enhanced. In this paper, we propose a new approach, called FC-ANN, based on ANN and fuzzy clustering, to solve the problem and help IDS achieve higher detection rate, less false positive rate and stronger stability. The general procedure of FC-ANN is as follows: firstly fuzzy clustering technique is used to generate different training subsets. Subsequently, based on different training subsets, different ANN models are trained to formulate different base models. Finally, a meta-learner, fuzzy aggregation module, is employed to aggregate these results. Experimental results on the KDD CUP 1999 dataset show that our proposed new approach, FC-ANN, outperforms BPNN and other well-known methods such as decision tree, the naive Bayes in terms of detection precision and detection stability.

Chi Zhang

2010-01-01

Journal of Computer Applications

Abstract:A technique for intrusion detection based on Adaptive Neuro-Intuitionistic Fuzzy Inference System (ANIFIS) was proposed with intuitionistic fuzzy set theory introduced into the area of information security.First,the properties and vulnerabilities of the existing intrusion detection methods were analyzed,and a model for intrusion detection on ANIFIS with Takagi-Sugeno type was established.Then,the inference rules of the system were devised,computational relations between layers of input and output and a synthesized computational expression of system output were ascertained.Subsequently,a learning algorithm of neural network was proposed,which could adjust network structure and study network parameters.Finally,the test results verify the validity of the technique and rationality of constructed model by providing intrusion detection instances with KDD CUP 99 dataset.

Xiang Yu,Zhihong Tian,Jing Qiu,Shen Su,Xiaoran Yan

DOI: https://doi.org/10.32604/cmc.2019.05821

2019-01-01

Abstract:With the development of Information technology and the popularization of Internet, whenever and wherever possible, people can connect to the Internet optionally. Meanwhile, the security of network traffic is threatened by various of online malicious behaviors. The aim of an intrusion detection system (IDS) is to detect the network behaviors which are diverse and malicious. Since a conventional firewall cannot detect most of the malicious behaviors, such as malicious network traffic or computer abuse, some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches. However, there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph. In this paper, a novel intrusion detection approach IDBFG (Intrusion Detection Based on Feature Graph) is proposed which first filters normal connections with grid partitions, and then records the patterns of various attacks with a novel graph structure, and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors. The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM (Supprot Vector Machines) and Decision Tree which are trained and tested in original feature space in terms of detection rates, false alarm rates and run time.