AMBAREEN SIRAJ,RAYFORD B. VAUGHN,SUSAN M. BRIDGES

DOI: https://doi.org/10.1142/s0219622004001057

2004-06-01

Abstract:This paper describes the use of artificial intelligence techniques in the creation of a network-based decision engine for decision support in an Intelligent Intrusion Detection System (IIDS). In order to assess overall network health, the decision engine fuses outputs from different intrusion detection sensors serving as "experts" and then analyzes the integrated information to present an overall security view of the system for the security administrator. This paper reports on the workings of a decision engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research, Mississippi State University. The decision engine uses Fuzzy Cognitive Maps (FCM)s and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process.

computer science, information systems, artificial intelligence, interdisciplinary applications,operations research & management science

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

Rasheed Ahmad,Izzat Alsmadi,Ahmad, Rasheed

DOI: https://doi.org/10.1007/s10586-024-04365-y

2024-03-27

Cluster Computing

Abstract:The increasing frequency and sophistication of cyber-attacks pose significant threats to organizational entities and critical national infrastructure, leading to substantial financial and operational consequences. Detecting such attacks early and accurately remains a complex endeavour, compounded by challenges in intrusion detection system (IDS) design, the exploitation of zero-day attacks, and issues of reliability and resiliency in physical systems. This research addresses these challenges through a two-fold approach: firstly, implementing input data fusion from diverse and heterogeneous sources, and secondly, fusing classifiers from multiple deep learning (DL)-based algorithms. The success of machine learning (ML) and DL models for IDS relies on meticulous data collection and classifier selection. The paper underscores the limitations of relying on single datasets and ML/DL algorithms, emphasizing potential biases and training restrictions. Rigorous experiments were conducted to identify optimal DL architectures, ensuring the creation of models that exhibit robust generalization on new traffic instances, leading to trusted and unbiased results. The study demonstrates the efficacy of the proposed models through comprehensive evaluations and metrics. Results indicate that the fusion of data and classifiers significantly improves model generalization. The paper also outlines key challenges and future trends in data fusion, emphasizing its role in enhancing IDS performance for securing critical infrastructure.

computer science, information systems, theory & methods

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Ahlem Abid,Farah Jemili,Ouajdi Korbaa

DOI: https://doi.org/10.1007/s10586-023-04087-7

2023-06-25

Cluster Computing

Abstract:Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks.

computer science, information systems, theory & methods

Manal Abdullah Alohali,Fahd N Al-Wesabi,Anwer Mustafa Hilal,Shalini Goel,Deepak Gupta,Ashish Khanna

DOI: https://doi.org/10.1007/s11571-022-09780-8

Abstract:In recent days, Cognitive Cyber-Physical System (CCPS) has gained significant interest among interdisciplinary researchers which integrates machine learning (ML) and artificial intelligence (AI) techniques. This era is witnessing a rapid transformation in digital technology and AI where brain-inspired computing-based solutions will play a vital role in industrial informatics. The application of CCPS with brain-inspired computing in Industry 4.0 will create a significant impact on industrial evolution. Though the CCPSs in industrial environment offer several merits, security remains a challenging design issue. The rise of artificial intelligence AI techniques helps to address cybersecurity issues related to CCPS in industry 4.0 environment. With this motivation, this paper presents a new AI-enabled multimodal fusion-based intrusion detection system (AIMMF-IDS) for CCPS in industry 4.0 environment. The proposed model initially performs the data pre-processing technique in two ways namely data conversion and data normalization. In addition, improved fish swarm optimization based feature selection (IFSO-FS) technique is used for the appropriate selection of features. The IFSO technique is derived by the use of Levy Flight (LF) concept into the searching mechanism of the conventional FSO algorithm to avoid the local optima problem. Since the single modality is not adequate to accomplish enhanced detection performance, in this paper, a weighted voting based ensemble model is employed for the multimodal fusion process using recurrent neural network (RNN), bi-directional long short term memory (Bi-LSTM), and deep belief network (DBN), depicts the novelty of the work. The simulation analysis of the presented model highlighted the improved performance over the recent state of art techniques interms of different measures.

Abhijeet Sahu,Katherine Davis

DOI: https://doi.org/10.3390/s22062100

2022-03-09

Abstract:False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster-Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector's performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.

李辉,蔡忠闽,韩崇昭,管晓宏

DOI: https://doi.org/10.3969/j.issn.1000-1220.2003.09.008

2003-01-01

Abstract:State of the art of the Intrusion Detection technology is investigated and a new IDS inference framework and prototype based on information fusion is proposed. The new framework is to solve the problems of existing IDS——high false positive rate and incapable of detection of coordinated attacks. The prototype employ Bayesian Network to do information fusion and goal-tree to analyze intensions of coordinated attacks and quantify the security risk of system. The prototype is more integral than existing IDS and easier to find coordinated attacks with lower false positive rate.

Ansam Khraisat,Ammar Alazab,Sarabjot Singh,Tony Jan,Alfredo Jr. Gomez

DOI: https://doi.org/10.1145/3687124

IF: 16.6

2024-10-09

ACM Computing Surveys

Abstract:Intrusion Detection Systems (IDS) are essential for securing computer networks by identifying and mitigating potential threats. However, traditional IDS face challenges related to scalability, privacy, and computational demands as network data complexity increases. Federated Learning (FL) has emerged as a promising solution, enabling collaborative model training on decentralized data sources while preserving data privacy. Each participant retains local data repositories, ensuring data sovereignty and precluding data sharing. Leveraging the FL framework, participants locally train machine learning models on their respective datasets, subsequently transmitting model updates to a central server for aggregation. The central server then disseminates the aggregated model updates to individual participants, collectively striving to bolster intrusion detection capabilities. This article presents a comprehensive survey of FL applications in IDS, covering core concepts, architectural approaches, and aggregation strategies. We evaluate the strengths and limitations of various FL methodologies for IDS, addressing privacy and security concerns and exploring privacy-preserving techniques and security protocols. Our examination of aggregation strategies within the FL framework for IDS aims to highlight their effectiveness, limitations, and potential enhancements.

computer science, theory & methods

Li-zhong Geng,Hui-bo Jia

DOI: https://doi.org/10.1109/CIS.2009.262

2009-01-01

Abstract:There are many researches which focus on the security of network-attached storages. The cryptology tools can protect the storages against non-authorized access, but turned out ineffective when malicious authenticated users attack inside. Also the intrusion detection methods are applied in the network-attached storages, such as, storage-based intrusion detection method and the intrusion detection method based on system calls. However, these methods couldn't obtain higher Detection Rates with lower False Positive Rates. This paper proposes a novel intrusion detection scheme to merge the two methods with multi-source information fusion technology. The fusion optimization strategy is provided to guarantee that the fusion scheme can make a more accuracy decision for the suspicious behaviors with more information gathered from different levels of the system. Also the intrusion detection modules in the new scheme can be "self-learning" and update the profiles by themselves. Experimental results demonstrate that the over capability of new fusion intrusion detection scheme increased by 15%. © 2009 IEEE.

Qishi Wu,Mengxia Zhu,Nageswara S.V. Rao

DOI: https://doi.org/10.1016/j.pmcj.2008.04.010

IF: 3.848

2009-04-01

Pervasive and Mobile Computing

Abstract:We propose an intelligent decision support system based on sensor and computer networks that incorporates various component techniques for sensor deployment, data routing, distributed computing, and information fusion. The integrated system is deployed in a distributed environment composed of both wireless sensor networks for data collection and wired computer networks for data processing in support of homeland security defense. We present the system framework and formulate the analytical problems and develop approximate or exact solutions for the subtasks: (i) sensor deployment strategy based on a two-dimensional genetic algorithm to achieve maximum coverage with cost constraints; (ii) data routing scheme to achieve maximum signal strength with minimum path loss, high energy efficiency, and effective fault tolerance; (iii) network mapping method to assign computing modules to network nodes for high-performance distributed data processing; and (iv) binary decision fusion rule that derive threshold bounds to improve system hit rate and false alarm rate. These component solutions are implemented and evaluated through either experiments or simulations in various application scenarios. The extensive results demonstrate that these component solutions imbue the integrated system with the desirable and useful quality of intelligence in decision making.

computer science, information systems,telecommunications

Gou Jin,Yang Jiangang,Chen Qian

2005-01-01

Abstract:This paper presents a compound intrusion detection model based on a knowledge fusion algorithm. The proposed method suggests a set of related pattern knowledge objects with a well-defined structure, which instructs that pattern knowledge can be used for misuse detection or anomaly detection or both of them. Fusion algorithm is used to fuse original or real time knowledge objects to generate new useful ones and destroy those who may lead to miscar-riage of justice. In contrast with the conventional intrusion detection models, process in the paper combines anomaly and misuse detection so that it eliminates the flaws of a narrow definition for intrusion patterns and extends the known intrusions patterns to novel intrusions patterns. The experimental results show the feasibility of design rationale.

Vrushank Shah,Akshai K. Aggarwal,Nirbhay Chaubey

DOI: https://doi.org/10.1007/s40747-016-0033-5

2016-11-22

Abstract:Intrusion detection has become a challenging task with the rapid growth in numbers of computer users. The present-day technology requires an efficient method to detect intrusion in the computer network system. Intrusion detection system is a classifier which collects evidences for the presence of intrusion and raises an alarm for any abnormalities present. However, the use of intrusion detection system encounters two major drawbacks: higher false alarm rate and lower detection rate; these limit the detection performance of intrusion detection system. A prospective approach for improving performance is through the use of multiple sensors/intrusion detection system. Evidence theory is a mathematical theory of evidence which is used to fuse evidences from multiple sources of evidence and outputs a global decision. The work in this paper discusses the limitations and issues with evidence theory and proposes a modified framework for fusion of alarms of multiple intrusion detection systems.

computer science, artificial intelligence

Mhamad Bakro,Rakesh Ranjan Kumar,Amerah A. Alabrah,Zubair Ashraf,Sukant K. Bisoy,Nikhat Parveen,Souheil Khawatmi,Ahmed Abdelsalam

DOI: https://doi.org/10.3390/electronics12112427

IF: 2.9

2023-05-27

Electronics

Abstract:The application of cloud computing has increased tremendously in both public and private organizations. However, attacks on cloud computing pose a serious threat to confidentiality and data integrity. Therefore, there is a need for a proper mechanism for detecting cloud intrusions. In this paper, we have proposed a cloud intrusion detection system (IDS) that is focused on boosting the classification accuracy by improving feature selection and weighing the ensemble model with the crow search algorithm (CSA). The feature selection is handled by combining both filter and automated models to obtain improved feature sets. The ensemble classifier is made up of machine and deep learning models such as long short-term memory (LSTM), support vector machine (SVM), XGBoost, and a fast learning network (FLN). The proposed ensemble model's weights are generated with the CSA to obtain better prediction results. Experiments are executed on the NSL-KDD, Kyoto, and CSE-CIC-IDS-2018 datasets. The simulation shows that the suggested system attained more satisfactory results in terms of accuracy, recall, precision, and F-measure than conventional approaches. The detection rate and false alarm rate (FAR) of different attack types was more efficient for each dataset. The classifiers' performances were also compared individually to the ensemble model in terms of the false positive rate (FPR) and false negative rate (FNR) to demonstrate the ensemble model's robustness.

engineering, electrical & electronic,computer science, information systems,physics, applied

Feilu Hang,Linjiang Xie,Zhenhong Zhang,Jian Hu

DOI: https://doi.org/10.12694/scpe.v25i4.2862

2024-06-16

Abstract:This paper proposes an adaptive Wedman intrusion detection algorithm (AID-DFS) for data fusion. Firstly, feature extraction of abnormal text detection is carried out using a BI-gated loop (Bi-GRU). Multi-branch convolutional recurrent neural network (CNN-RNN) extracts hierarchical features from abnormal images. The multi-mode dynamic fusion uses the intermodal and intramodal attention mechanisms. In this way, a joint representation of multiple modes is obtained. The visual perception mechanism is used to realize multichannel integration and strengthen the function of original information in multichannel. The experimental results show that the proposed method has 99.6% accuracy and 94.9% accuracy. Compared with other algorithms, the proposed method can improve the performance of the intrusion system by about 10.2%.

Ajay Modi,Zhibo Sun,Anupam Panwar,Tejas Khairnar,Ziming Zhao,Adam Doupe,Gail-Joon Ahn,Paul Black

DOI: https://doi.org/10.1109/cic.2016.060

2016-01-01

Abstract:The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.

Ozgur Depren,Murat Topallar,Emin Anarim,M. Kemal Ciliz

DOI: https://doi.org/10.1016/j.eswa.2005.05.002

IF: 8.5

2005-11-01

Expert Systems with Applications

Abstract:In this paper, we propose a novel Intrusion Detection System (IDS) architecture utilizing both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of an anomaly detection module, a misuse detection module and a decision support system combining the results of these two detection modules. The proposed anomaly detection module uses a Self-Organizing Map (SOM) structure to model normal behavior. Deviation from the normal behavior is classified as an attack. The proposed misuse detection module uses J.48 decision tree algorithm to classify various types of attacks. The principle interest of this work is to benchmark the performance of the proposed hybrid IDS architecture by using KDD Cup 99 Data Set, the benchmark dataset used by IDS researchers. A rule-based Decision Support System (DSS) is also developed for interpreting the results of both anomaly and misuse detection modules. Simulation results of both anomaly and misuse detection modules based on the KDD 99 Data Set are given. It is observed that the proposed hybrid approach gives better performance over individual approaches.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Jia Liu,Wang Yinchai,Teh Chee Siong,Xinjin Li,Liping Zhao,Fengrui Wei

DOI: https://doi.org/10.21203/rs.3.rs-1770107/v1

2022-01-01

Abstract:Abstract Intrusion detection is a fuzzy classification problem. Intrusion detection can detect the attack behaviors of hackers in advance. For generating a visualizing architecture for identifying intrusions, this study proposes an approach that combines ANFIS (Adaptive Network-based Fuzzy Inference System), DT (Decision Tree), and K-means clustering algorithm for visualizing the deep pattern of intrusion detection. The ANFIS generates complex and fuzzy combinations of selected attributes. To reduce the rules generation of ANFIS, Pearson Correlation analysis is used to select attributes that highly relate to the target. Meanwhile, standard deviation analysis and a proposed adaptive K-means algorithm are used for determining the interval division of selected attributes. Then, the CART (classification and regression tree) is used to identify the deep mode in generated rules and selected attributes. The architecture of the proposed algorithm is a hybrid visualizing approach. The architecture can identify deep and hybrid features in intrusion detection. The proposed algorithm was trained, validated, and tested on the NSL-KDD dataset. Using 22 attributes that highly relate to the target, the performance of the proposed method achieved a 99.86% detection rate and 0.14% false alarm rate, which is better than many classifiers. Besides, the visualizing model can help us visually identify the complex pattern of intrusions and analyze the pattern of various intrusions.

Kumar, Prabhat,Islam, A. K. M. Najmul

DOI: https://doi.org/10.1007/s12559-024-10309-w

IF: 4.89

2024-06-11

Cognitive Computation

Abstract:Industrial Cyber-Physical Systems (ICPSs) are becoming more and more networked and essential to modern infrastructure. This has led to an increase in the complexity of their dynamics and the challenges of protecting them from advanced cyber threats have escalated. Conventional intrusion detection systems (IDS) often struggle to interpret high-dimensional, sequential data efficiently and extract meaningful features. They are characterized by low accuracy and a high rate of false positives. In this article, we adopt the computational design science approach to design an IDS for ICPS, driven by Generative AI and cognitive computing. Initially, we designed a Long Short-Term Memory-based Sparse Variational Autoencoder (LSTM-SVAE) technique to extract relevant features from complex data patterns efficiently. Following this, a Bidirectional Recurrent Neural Network with Hierarchical Attention (BiRNN-HAID) is constructed. This stage focuses on proficiently identifying potential intrusions by processing data with enhanced focus and memory capabilities. Next, a Cognitive Enhancement for Contextual Intrusion Awareness (CE-CIA) is designed to refine the initial predictions by applying cognitive principles. This enhances the system's reliability by effectively balancing sensitivity and specificity, thereby reducing false positives. The final stage, Interpretive Assurance through Activation Insights in Detection Models (IAA-IDM), involves the visualizations of mean activations of LSTM and GRU layers for providing in-depth insights into the decision-making process for cybersecurity analysts. Our framework undergoes rigorous testing on two publicly accessible industrial datasets, ToN-IoT and Edge-IIoTset, demonstrating its superiority over both baseline methods and recent state-of-the-art approaches.

computer science, artificial intelligence,neurosciences

Bo Chen,Pindi Weng,Daniel W.C. Ho,Li Yu

DOI: https://doi.org/10.48550/arXiv.2212.14755

2022-12-30

Abstract:This paper is concerned with the problem of secure multi-sensors fusion estimation for cyber-physical systems, where sensor measurements may be tampered with by false data injection (FDI) attacks. In this work, it is considered that the adversary may not be able to attack all sensors. That is, several sensors remain not being attacked. In this case, new local reorganized subsystems including the FDI attack signals and un-attacked sensor measurements are constructed by the augmentation method. Then, a joint Kalman fusion estimator is designed under linear minimum variance sense to estimate the system state and FDI attack signals simultaneously. Finally, illustrative examples are employed to show the effectiveness and advantages of the proposed methods.

Systems and Control