Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1007/11576235_58

2005-01-01

Abstract:Intrusion Detection is an essential and critical component of network security systems. The key ideas are to discover useful patterns or features that describe user behavior on a system, and use the set of relevant features to build classifiers that can recognize anomalies and known intrusions, hopefully in real time. In this paper, a hybrid neural network technique is proposed, which consists of the self-organizing map (SOM) and the radial basis function (RBF) network, aiming at optimizing the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach performance especially in terms of both efficient and accuracy.

Sahar. Soussa,T. Nazmy,M. Hashem,Sahar Selim

Abstract:Intrusion detection is a critical process in network security. Nowadays new intelligent techniques have been used to improve the intrusion detection process. This paper proposes a hybrid intelligent intrusion detection system to improve the detection rate for known and unknown attacks. We examined different neural network & decision tree techniques. The proposed model consists of multi-level based on hybrid neural network and decision tree. Each level is implemented with the technique which gave best experimental results. From our experimental results with different network data, our model achieves correct classification rate of 93.2%, average detection rate about 95.6%; 99.5% for known attacks and 87% for new unknown attacks, and 9.4% false alarm rate. Keywords-component; network intrusion detection; neural network; Decision Tree; NSL-KDD dataset

Engineering,Computer Science

Simon T. Powers,Jun He

DOI: https://doi.org/10.1016/j.ins.2007.11.028

2012-08-03

Abstract:Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.

Neural and Evolutionary Computing,Cryptography and Security

Kuljeet Singh,Amit Mahajan,Vibhakar Mansotra

DOI: https://doi.org/10.1504/ijsnet.2023.135851

2024-01-10

International Journal of Sensor Networks

Abstract:Due to the continued and unabated increase in the number of cyber-attacks, the need for improved network security architecture is more apparent. The deep learning approach plays a pivotal role by classifying network traffic and identifying malicious records. However, this approach is often met with twin challenges of the high dimensionality of data and imbalanced ratio of attack labels within the data. To mitigate these issues and achieve a better detection rate, this research has proposed a new intrusion detection framework based on three main components; feature selection, oversampling, and hybrid CNN-LSTM classifier. This study deployed information gain, chi-square, basic methods, L1 regularisation, and random forest classifier as five feature selection methods and SMOTE for handling class imbalance. The experimental results, conducted using the CICIDS2017 dataset, have shown that the proposed model has demonstrated better performance in the detection of network attacks with more than 99% detection rate. Results established that number of features can be significantly reduced without altering the accuracy and oversampling has helped in improving the detection rate of minority attack labels.

computer science, information systems,telecommunications

Sugata Sanyal,Manoj Rameshchandra Thakur

DOI: https://doi.org/10.48550/arXiv.1205.4457

2012-05-20

Cryptography and Security

Abstract:A number of works in the field of intrusion detection have been based on Artificial Immune System and Soft Computing. Artificial Immune System based approaches attempt to leverage the adaptability, error tolerance, self- monitoring and distributed nature of Human Immune Systems. Whereas Soft Computing based approaches are instrumental in developing fuzzy rule based systems for detecting intrusions. They are computationally intensive and apply machine learning (both supervised and unsupervised) techniques to detect intrusions in a given system. A combination of these two approaches could provide significant advantages for intrusion detection. In this paper we attempt to leverage the adaptability of Artificial Immune System and the computation intensive nature of Soft Computing to develop a system that can effectively detect intrusions in a given network.

Mohammed Saeed Alzahrani,Fawaz Waselallah Alsaade

DOI: https://doi.org/10.1155/2022/4705325

2022-03-18

Abstract:The Internet plays a fundamental part in relentless correspondence, so its applicability can decrease the impact of intrusions. Intrusions are defined as movements that unfavorably influence the focus of a computer. Intrusions may sacrifice the reputability, integrity, privacy, and accessibility of the assets attacked. A computer security system will be traded off when an intrusion happens. The novelty of the proposed intelligent cybersecurity system is its ability to protect Internet of Things (IoT) devices and any networks from incoming attacks. In this research, various machine learning and deep learning algorithms, namely, the quantum support vector machine (QSVM), k-nearest neighbor (KNN), linear discriminant and quadratic discriminant long short-term memory (LSTM), and autoencoder algorithms, were applied to detect attacks from signature databases. The correlation method was used to select important network features by finding the features with a high-percentage relationship between the dataset features and classes. As a result, nine features were selected. A one-hot encoding method was applied to convert the categorical features into numerical features. The validation of the system was verified by employing the benchmark KDD Cup database. Statistical analysis methods were applied to evaluate the results of the proposed study. Binary and multiple classifications were conducted to classify the normal and attack packets. Experimental results demonstrated that KNN and LSTM algorithms achieved better classification performance for developing intrusion detection systems; the accuracy of KNN and LSTM algorithms for binary classification was 98.55% and 97.28%, whereas the KNN and LSTM attained a high accuracy for multiple classification (98.28% and 970.7%). Finally, the KNN and LSTM algorithms are fitting-based intrusion detection systems.

M. Ali Aydın,A. Halim Zaim,K. Gökhan Ceylan

DOI: https://doi.org/10.1016/j.compeleceng.2008.12.005

2009-05-01

Abstract:Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project.The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

Guofeng He,Qing Lu,Guangqiang Yin,Hu Xiong

DOI: https://doi.org/10.1007/978-3-031-19214-2_54

2022-01-01

Abstract:The rapid development of the Internet has brought great changes and convenience to the society and people. With the development of the Internet, its security has been paid more and more attention. Intrusion detection can detect network attacks in real time and respond to them in time, which has become an essential and important security line. With the novel of network attack and the diversification of network traffic, traditional intrusion detection based on attack load matching and the intrusion detection based on machine learning has problems of inaccurate feature extraction and insufficient detection effect. To solve the above problems, this paper designs a hybrid neural network DCT-IDS model, using dense convolution neural network to achieve traffic feature fusion, reducing the number of parameters, using Transformer to extract time sequence features, and experimental tests were carried out on the latest dataset CIC-IDS2018. The experimental results show that the accuracy of the proposed DCT-IDS model reaches 98%, and all the indexes are better than the existing excellent models.

Vijay Prakash Sharma,Narendra Singh Yadav,Sundar Suhrith Adavi,D. Sikha Datta Reddy,Brij B. Gupta

DOI: https://doi.org/10.47974/jdmsc-1737

2023-01-01

Abstract:Today, almost 90% of the technology in usage is linked with IoT (Internet of Things). which brings the question, what is IoT? Internet of things is a system of co-related computers, electronic devices, and objects. IoT essentially controls almost every online service which we avail without human -to-human interaction. An IDS is a hardware or software system that automatically monitors, identifies, and alerts a computer or network against attacks and intrusions. The proposed hybrid model makes use of genetic algorithm with UNSW NB-15 dataset which contains multiple classes of attack to provide a huge variety of attacks which will help to simulate different kinds of attack which will help train the model better. We have used CNN and LSTM model for extracting features. By detecting the attacks quickly, we can identify potential intruders and limit the damage. Feature selection and classification have been performed using Generic algorithm. This hybrid model helps to check whether the alert is an attack or not, if yes what kind of attack is it. the proposed Hybrid model works better than a conventional intrusion detection system, we got 99.38% accuracy from this model.

Die Zhang,Zhen Zhang

DOI: https://doi.org/10.1109/EIECC60864.2023.10456717

2023-12-22

Abstract:Network abnormal traffic intrusion detection technology is an important research field of network security today. Hybrid intrusion detection technology overcomes the shortcomings of single detection and retains their advantages, achieving high detection rate and high accuracy, so it is widely used in existing network abnormal traffic detection. However, the optimization of the high false alarm rate of anomaly detection in existing hybrid intrusion detection is imperfect, resulting in a large room for improvement in the detection accuracy of hybrid intrusion detection. In response to the above problems, this paper proposes a hybrid intrusion detection method based on Cluster Marking-k-means. By adding a classifier to the anomaly-based detection module, the detection results are secondary classified to reduce False alarm rate, thus improving the overall detection accuracy of the method. The experiment uses NSL-KDD and CICIDS2017 datasets to verify the effectiveness of the method. The results show that the method proposed in this article improves the average F1 score by 1.19% compared to the comparative method.

Computer Science

Shaymaa Mahmood Naser,Yossra Hussain Ali,Dhiya Al-Jumeily OBE

DOI: https://doi.org/10.3991/ijoe.v18i11.33563

2022-08-31

International Journal of Online and Biomedical Engineering (iJOE)

Abstract:Nowadays, numerous attacks can be considered high risks in terms of the security of Wireless Sensor Networks (WSN). As a result, different applications are introduced to manage the data and information exchange and related security sides to be save in transmission of data. Recently, most of the security attacks are classified as cyber ones. These attacks interest in the system halting and destroying the data rather than stealing the data. In this paper, a cyber-attacks detection system is proposed based on an intelligent hybrid model that uses deep and machine learning technologies. The proposed model improves the cyber-attack detection speed. In addition, a feature reduction model is proposed using machine learning methods (PCA and SVD) to select the most related features to the adopted classes of attacks. This can positively affect the deep-learning model complexity. The obtained results demonstrate the superiority of the proposed hybrid model-based cyber detection system in comparison to the traditional ones in reaching an accuracy of 99.98%, 100%, 100%, 100% for precision, recall, and F1-measure respectively, and reducing the time to 23s for the datasets of Message Queuing Telemetry Transport-Dataset (MQTT-DS) and Wireless Sensor Networks Dataset (WSN-DS).

Jia Liu,Wang Yinchai,Teh Chee Siong,Xinjin Li,Liping Zhao,Fengrui Wei

DOI: https://doi.org/10.21203/rs.3.rs-1770107/v1

2022-01-01

Abstract:Abstract Intrusion detection is a fuzzy classification problem. Intrusion detection can detect the attack behaviors of hackers in advance. For generating a visualizing architecture for identifying intrusions, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System), DT (Decision Tree), and K-means clustering algorithm for visualizing the deep pattern of intrusion detection. The ANFIS generates complex and fuzzy combinations of selected attributes. To reduce the rules generation of ANFIS, Pearson Correlation analysis is used to select attributes that highly relate to the target. Meanwhile, standard deviation analysis and a proposed adaptive K-means algorithm are used for determining the interval division of selected attributes. Then, the CART (classification and regression tree) is used to identify the deep mode in generated rules and selected attributes. The architecture of the proposed algorithm is a hybrid visualizing approach. The architecture can identify deep and hybrid features in intrusion detection. The proposed algorithm was trained, validated, and tested on the NSL-KDD dataset. Using 22 attributes that highly relate to the target, the performance of the proposed method achieved a 99.86% detection rate and 0.14% false alarm rate, which is better than many classifiers. Besides, the visualizing model can help us visually identify the complex pattern of intrusions and analyze the pattern of various intrusions.

ZHAO Bei,HU Changzhen

DOI: https://doi.org/10.3321/j.issn:1000-7857.2007.07.002

2007-01-01

Abstract:An intrusion detection system with multi detection engines could overcome the limitations of one with a single detection engine. But up to now, the methodology dealing with network attacks lacks theoretical guidelines for the partition of the inference function. From the detector's point of view, this paper proposes a detection-centered methodology dealing with network attacks. Network attacks can, therefore, be divided into five categories: character string attack, overflow attack, repeating attack, multi-step attack and multi-stage attack. An intrusion detection system with isomerous detection engines is built on that basis. Experiments show that it can avoid the deficiencies of existing detection methods.

Dr. S. Smys,Dr. Haoxiang Wang,Dr. Abul Basar

DOI: https://doi.org/10.36548/JISMAC.2020.4.002

2020-09-30

DECEMBER

Abstract:Internet of things (IoT) is a promising solution to connect and access every device through internet. Every day the device count increases with large diversity in shape, size, usage and complexity. Since IoT drive the world and changes people lives with its wide range of services and applications. However, IoT provides numerous services through applications, it faces severe security issues and vulnerable to attacks such as sinkhole attack, eaves dropping, denial of service attacks, etc., Intrusion detection system is used to detect such attacks when the network security is breached. This research work proposed an intrusion detection system for IoT network and detect different types of attacks based on hybrid convolutional neural network model. Proposed model is suitable for wide range of IoT applications. Proposed research work is validated and compared with conventional machine learning and deep learning model. Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network.

Computer Science,Engineering

Amjad Amjad,Nizar Alhafez,Iyad Al Al-khayat,,,

DOI: https://doi.org/10.54216/jisiot.120110

2024-01-01

Journal of Intelligent Systems and Internet of Things

Abstract:In the realm of cybersecurity, the incessant evolution of network attacks necessitates advanced and robust intrusion detection systems (IDS). The major issues with these systems are numerous: false positivenegative alarms, delayed response and detection time, size of processed data, adaptability to future threats, scalability of the system, difficulty in detecting distributed attacks, and downtime (fault tolerance). We propose a system that introduces a distributed framework aimed at enhancing network security by effectively identifying subtle deviations from normal network behavior. This is achieved through transfer learning based on artificial neural networks, and support vector machine (SVM), capitalizing on their complementary strengths in recognizing complex patterns and addressing high-dimensional datasets. To validate the efficacy of the proposed approach, the NSL-KDD dataset is utilized within a distributed IDS architecture. It consists of several intrusion detection nodes representing subnetworks. A node consists of two agents that work collaboratively. A way is proposed to avoid interference between analysis agents: the network agents manager monitors the functioning of the nodes and displays the results of each vulnerability-detecting node in each subnet separately. Such communication between agents should reduce FPAS (false positive alarms) significantly. The Detection engine extracts relevant features of network attacks to solve the problem of SVM in processing huge sizes of data and detect adaptive future threats to detect famous distributed denial of services (DDOS) attacks in real-time. The system is highly scalable by increasing the number of intrusion detection system nodes if necessary. Central processing is avoided to circumvent a system failure situation, where processing and decision-making take place at the detection node level within each subnet.

D. Adhimuga Sivasakthi,A. Sathiyaraj,Ramkumar Devendiran

DOI: https://doi.org/10.1007/s10586-023-04248-8

2024-01-12

Cluster Computing

Abstract:The proliferation of Internet of Things (IoT) devices has revolutionized various domains, but it has also brought forth numerous security challenges. One of the most concerning threats is the emergence of hybrid attacks, which combine multiple attack vectors to exploit vulnerabilities in IoT networks. Existing security mechanisms often struggle to effectively predict and detect these sophisticated hybrid attacks, leading to compromised system integrity and data confidentiality. In this paper, we propose robust learning approach, named HybridRobustNet (HRN), for predicting and detecting hybrid attacks over IoT networks. HRN integrates machine learning algorithms, deep neural networks, and ensemble techniques to achieve enhanced detection accuracy and resilience against evolving hybrid attack patterns. By leveraging a diverse set of features, including network traffic patterns, device behavior, and communication characteristics, HRN effectively captures the complex relationships and dependencies between various attack components. Furthermore, the proposed approach incorporates real-time adaptive learning mechanisms, enabling it to dynamically adapt to new attack strategies and mitigate false positives. To evaluate the effectiveness of HRN, extensive experiments were conducted on a realistic IoT testbed comprising heterogeneous devices and attack scenarios. The results demonstrate that HRN outperforms state-of-the-art approaches in terms of attack detection accuracy, robustness against evasion techniques, and low false positive rates. Additionally, its computational efficiency makes it suitable for deployment in resource-constrained IoT environments. The contributions of this work are twofold. Firstly, it addresses the pressing need for robust detection mechanisms against hybrid attacks, which can have severe consequences for IoT networks. Secondly, it introduces a unique and adaptive learning approach, HRN, which exhibits superior performance and adaptability in the face of emerging attack strategies. The findings presented in this article provide valuable insights into the design of effective security mechanisms for IoT networks and pave the way for future research in the field of hybrid attack detection.

computer science, information systems, theory & methods

Ch.Kodanda Ramu,T. Srinivasa Rao,E. Uma Shankar Rao

DOI: https://doi.org/10.1007/s11042-024-18558-5

IF: 2.577

2024-02-20

Multimedia Tools and Applications

Abstract:In recent times, network-based applications have rapidly grown in the field of information and communication technology(ICT), which enables individuals and organizations to connect and share their sensitive information seamlessly. The security of these network-based applications is imperative to avoid cyber-attacks during the exchange of sensitive information. The identification of anomalies in network events can be highly challenging due to the complex nature of traffic flows. To solve the challenges, network intrusion detection system (NIDS) technology is used; any network can profit from this system because it can monitor traffic and detect any irregularities. The existing NIDS systems driven by machine learning models do not provide sufficient ability to handle heterogeneous data and realize performance degradation while detecting some types of attacks. Therefore, this paper proposes an innovative meta-heuristic optimization and deep learning-based methodology for improving the performance of NIDS systems. Initially, the raw captured traffic data is fed into the pre-processing phase to attain data standardization and data balancing. Further, an extended Pelican Optimization algorithm (Ex-Pel) is employed to select the set of features from the pre-processed data optimally. Finally, the Self-Attention Assisted Weighted Auto Encoder (SAttn_WAE) is executed to detect the attacks precisely through the set of optimal features. The execution of the proposed methodology is carried out in the Python platform, and performance evaluation is done using accuracy, precision, recall, FAR, and F1-score metrics. The proposed model achieved an accuracy of 99.23%, precision of 99.78%, FAR of 0.67%, recall of 99.13%, and F1-score of 99.32%, which is comparatively better than existing models.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering