I. Sumaiya Thaseen,J. Saira Banu,K. Lavanya,Muhammad Rukunuddin Ghalib,Kumar Abhishek

DOI: https://doi.org/10.1002/ett.4014

IF: 3.6

2020-06-08

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Serious concerns regarding vulnerability and security have been raised as a result of the constant growth of computer networks. Intrusion detection systems (IDS) have been adopted by network administrators to provide essential network security. Commercial IDS in the market do not have the capability to identify novel attacks but generate false alarms for legitimate user activities. Neural networks can be applied for the solution of these issues and for providing improved accuracy. Correlation‐based attribute selection ranks the features according to the highest correlation between the attributes and class label. In this article, the authors propose a correlation‐based feature selection integrated with neural network for identifying anomalies. Experimental analysis performed on NSL‐KDD and UNSW‐NB datasets, which are benchmark datasets of intrusion detection with current attacks. The results show that the proposed model is superior in terms of accuracy, sensitivity, and specificity in comparison with some of the state‐of‐the‐art techniques. With the emergence of the Internet of Things Technology, such IDS can be deployed for securing the IoT servers in future. Wireless payment systems can be secured by building and deploying IDS. A secure integrated network management can be achieved which is error‐free and thereby improving performance.</p>

telecommunications

Arushi Agarwal,Purushottam Sharma,Mohammed Alshehri,Ahmed A. Mohamed,Osama Alfarraj

DOI: https://doi.org/10.7717/peerj-cs.437

2021-04-07

PeerJ Computer Science

Abstract:In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

computer science, information systems, artificial intelligence, theory & methods

Sridhar Patthi,Sugandha Singh,Ila Chandana Kumari P

DOI: https://doi.org/10.1007/s11042-023-17781-w

IF: 2.577

2024-01-07

Multimedia Tools and Applications

Abstract:The proliferation of wireless networks as a primary data transmission channel has brought about a surge in data volume but also raised security threats and privacy concerns. Intrusion Detection Systems (IDS) have proven effective in safeguarding data transmission, yet they struggle to detect minor or rare attacks that mimic normal traffic. To address this challenge, we propose a novel two-layer classification model integrating K-nearest neighbor (KNN) and support vector machines (SVMs). In the first layer, KNN classifies data into Normal, Major, and Minor Attack categories, while the second layer further distinguishes Major Attacks into DoS or Probe and Minor Attacks into U2R or R2. Our framework incorporates Common Correlated Feature Selection (CCFS) to optimize feature discrimination, partitioning training data into three groups. Furthermore, we explore data preprocessing techniques to enhance data interpretation and maintain statistical normalcy in traffic connection features. Our experimental analysis utilizes the NSL-KDD dataset, demonstrating that our approach significantly improves detection rates, particularly for Minor Attacks, achieving a remarkable 92.33% detection rate for U2R and 91.33% for R2L attacks. This represents a substantial 10% enhancement over existing methods, outperforming Multi-Layer Perceptron (MLP) by 13.23%, Random Forest (RF) by 10.11%, J48- Decision Tree (DT) by 9.23%, and Naïve Bayes (NB) by 9.42% and 8.17% in terms of detection rates. These results underscore the effectiveness of our approach in enhancing intrusion detection performance.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Mouhammd Alkasassbeh

DOI: https://doi.org/10.48550/arXiv.1712.09623

2017-12-28

Abstract:Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

Networking and Internet Architecture,Cryptography and Security,Machine Learning

A S Talita,O S Nataza,Z Rustam

DOI: https://doi.org/10.1088/1742-6596/1752/1/012021

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract The security of a network might be threatened by an intrusion aim to steal classified data or to find weaknesses on the network. In general, network main security systems use a firewall to control and monitor both incoming and outgoing network traffic. Intrusion Detection System can be used to strengthen network security. Several data mining methods have been used to solve Intrusion Detection System (IDS) problem on a network. On this paper we will use Naïve Bayes Classifier along with Particle Swarm Optimization (PSO) as the feature selection method specifically on one of the benchmark dataset on IDS problem, KDD CUP’99. The dataset consists of more than 40 features with more than 400 thousands records. To solve IDS problem on the dataset, it needs a quite expensive cost either on time computation or memory usage hence the use of PSO as the feature selection method. The best classification result was reached when we use 38 features where the accuracy is 99.12%. Particle Swarm Optimization method has several parameters that may affect the classification performance. For future improvement, it is possible to use a parameter optimization method to ensure the best classifier performance.

Shadi Aljawarneh,Monther Aldwairi,Muneer Bani Yassein

DOI: https://doi.org/10.1016/j.jocs.2017.03.006

IF: 3.817

2018-03-01

Journal of Computational Science

Abstract:Efficiently detecting network intrusions requires the gathering of sensitive information. This means that one has to collect large amounts of network transactions including high details of recent network transactions. Assessments based on meta-heuristic anomaly are important in the intrusion related network transaction data’s exploratory analysis. These assessments are needed to make and deliver predictions related to the intrusion possibility based on the available attribute details that are involved in the network transaction. We were able to utilize the NSL-KDD data set, the binary and multiclass problem with a 20% testing dataset. This paper develops a new hybrid model that can be used to estimate the intrusion scope threshold degree based on the network transaction data’s optimal features that were made available for training. The experimental results revealed that the hybrid approach had a significant effect on the minimisation of the computational and time complexity involved when determining the feature association impact scale. The accuracy of the proposed model was measured as 99.81% and 98.56% for the binary class and multiclass NSL-KDD data sets, respectively. However, there are issues with obtaining high false and low false negative rates. A hybrid approach with two main parts is proposed to address these issues. First, data needs to be filtered using the Vote algorithm with Information Gain that combines the probability distributions of these base learners in order to select the important features that positively affect the accuracy of the proposed model. Next, the hybrid algorithm consists of following classifiers: J48, Meta Pagging, RandomTree, REPTree, AdaBoostM1, DecisionStump and NaiveBayes. Based on the results obtained using the proposed model, we observe improved accuracy, high false negative rate, and low false positive rule.

computer science, theory & methods, interdisciplinary applications

Gulab Sah,Sweety Singh,Subhasish Banerjee

DOI: https://doi.org/10.23919/jcc.fa.2022-0076.202409

2024-10-01

China Communications

Abstract:The key objective of intrusion detection systems (IDS) is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal. These IDS uses many methods of machine learning (ML) to learn from past-experience attack i.e. signatures based and identify the new ones. Even though these methods are effective, but they have to suffer from large computational costs due to considering all the traffic features, together. Moreover, emerging technologies like the Internet of Things (IoT), big data, etc. are getting advanced day by day; as a result, network traffics are also increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, firstly, the ML methods have been used with the feature selection technique (FST) to reduce the number of features by picking out only the important ones from NSL-KDD, CICIDS2017, and CIC-DDoS2019 datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network. The experimental result demonstrated that the proposed model i.e. Decision tree (DT) with Recursive feature elimination (RFE) performs better than other classifiers with RFE in terms of accuracy, specificity, precision, sensitivity, F1-score, and G-means on the investigated datasets.

telecommunications

Siriporn Chimphlee,Witcha Chimphlee

DOI: https://doi.org/10.11591/ijeecs.v30.i2.pp1106-1119

2023-05-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:With the rapid growth of digital technology communications are overwhelmed by network data traffic. The demand for the internet is growing every day in today's cyber world, raising concerns about network security. Big Data are a term that describes a vast volume of complicated data that is critical for evaluating network patterns and determining what has occurred in the network. Therefore, detecting attacks in a large network is challenging. Intrusion detection system (IDS) is a promising cybersecurity research field. In this paper, we proposed an efficient classification scheme for IDS, which is divided into two procedures, on the CSE-CIC-IDS-2018 dataset, data pre-processing techniques including under-sampling, feature selection, and classifier algorithms were used to assess and decide the best performing model to classify invaders. We have implemented and compared seven classifier machine learning algorithms with various criteria. This work explored the application of the random forest (RF) for feature selection in conjunction with machine learning (ML) techniques including linear regression (LR), k-Nearest Neighbor (k-NN), classification and regression trees (CART), Bayes, RF, multi layer perceptron (MLP), and XGBoost in order to implement IDSS. The experimental results show that the MLP algorithm in the most successful with best performance with evaluation matrix.

Mina Eshak Magdy,Ahmed M. Matter,Saleh Hussin,Doaa Hassan,Shaimaa Ahmed Elsaid

DOI: https://doi.org/10.11591/ijeecs.v30.i3.pp1699-1706

2023-06-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:Recently, cyberattacks have been more complex than in the past, as a new cyber-attack is initiated almost every day. Therefore, researchers should develop efficient intrusion detection systems (IDS) to detect cyber-attacks. In order to improve the detection and prevention of the aforementioned cyber-attacks, several articles developed IDSs exploiting machine learning and deep learning. In this paper, a way to find network intrusions using a combination of feature selection and adoptive voting is investigated. NSL-KDD dataset, a high-dimensional dataset that has been widely used for network intrusion detection, is applied in this approach. Feature selection plays an important role for improving accuracy and testing time as it eliminates the less significant attributes from the data set, thus saving computational power and effort. The experimental results show that the proposed approach achieves an accuracy of 86.5% on the NSL-KDD test dataset using an adoptive voting algorithm trained with the selected features. In addition, the time to process each record is 97.5 microseconds, which reflects the proposed model's superior performance. Comparing the proposed model with the existing models in the literature shows that the proposed adaptive voting approach significantly improves intrusion detection accuracy, enhances computational efficiency, and reduces false positives.

Annu Raj,Monika Poriye,,

DOI: https://doi.org/10.35940/ijeat.c5683.029320

2020-02-28

International Journal of Engineering and Advanced Technology

Abstract:In the advent of the cyber world, all know that cyber security is randomly used research area for researchers to secure host, network, and data because of increasingly complex attacks. In the advent of anomaly-based intrusion detection system, various techniques are applied to detect intrusion on system or network. This approach attains an extreme detection rate and accuracy but there may be overhead acquired to build and training them. The objective of this paper is to detect the intrusion of a system by proposing a Data mining technique which is based on supervised learning algorithm for training dataset. Artificial neural network (ANN) and Ant Colony Optimization (ACO) with feature selection are the basics of the proposed scheme. ACO work on a population-based algorithm and is motivated by the pheromone trail laying behavior of real ants, in which NSL-KDD Cup99 Dataset is used. Empirical Results clearly explain that the proposed system can attain an overall detection rate of 88% and time complexity of 0.343 sec, which is satisfactory when compared to other anomaly-based schemes.

Sumedha Seniaray,Rajni Jindal

DOI: https://doi.org/10.1007/s11277-024-11602-5

IF: 2.017

2024-10-05

Wireless Personal Communications

Abstract:Data and information, being a critical part of the Internet, are vital to network security. Intrusion Detection System (IDS) is required to preserve confidentiality, data integrity, and system availability from attacks. IDS collects network data from various places that may contain features that are redundant and irrelevant, leading to an increase in processing time and low detection rate. This study proposes a three-phase network-based IDS to counter this issue. Initially, network data is captured and preprocessed. In the second phase, we perform feature extraction, selection, and ranking to obtain the optimal feature set. A novel Dynamic Mutual Information-based Genetic Algorithm for feature selection (DMI-GA), aiming to enhance the performance of machine learning (ML) techniques by identifying an optimal set of features, is also proposed in this work. Finally, well-known ML models are employed to detect intrusions within this refined set of network traffic features. Experimental results demonstrate a significant improvement in detection accuracy when the ML models are trained and tested on an optimal set of features. It is also observed that DMI-GA combined with the Random Forest classifier, achieves the highest detection accuracy of 99.94%, surpassing the performance of existing state-of-the-art anomaly-based network intrusion detection systems. A comprehensive statistical analysis of these ML methods is also conducted using 10-fold and Leave-One-Out cross-validation strategies, as it mitigates overfitting and offers a thorough evaluation of the model's performance, resulting in an average accuracy of 99.91%.

telecommunications

Muhammad Kamil Suryadewiansyah,Teja Endra Eng Tju

DOI: https://doi.org/10.25077/teknosi.v8i2.2022.81-88

2022-08-31

Jurnal Nasional Teknologi dan Sistem Informasi

Abstract:Banyaknya malware menyebabkan IDS (Intrusion Detection System) dituntut menyesuaikan diri semakin kompleks sehingga mahal dan membebani perusahaan yang menggunakannya. Sistem yang berbasis teknologi Host-based IDS dan Signatured-based IDS sudah banyak digunakan namun hanya mampu mendeteksi serangan yang sudah diketahui sebelumnya, untuk memperbaiki kinerjanya perlu dilakukan analisa pada data log berdasarkan alert yang diberikan. Teknik klasifikasi Naïve Bayes digunakan untuk membantu meningkatkan efisisensi dan efektifitas analisa tersebut. Penelitian ini dilakukan dengan mengambil empat langkah bagian dari metodologi SKKNI (Standar Kompetensi Kerja Nasional Indonesia) No.299 tahun 2020, Artificial Intelligence, sub bidang Data Science, yaitu data understanding, data preparation, modeling, dan model evaluation. Dataset dari penyedia layanan IDS sebanyak 575 data yang dibagi menjadi 515 data latih dan 60 data uji. Hasil evaluasi data uji dengan confusion matrix diperoleh pengukuran metrik accuracy 0,87, recall 0,89, precision 0,83, dan F-Measure 0,86. Adanya FP (False Positive) dan FN (False Negatif), keduanya sangat penting bagi penguna IDS untuk meningkatkan kualitas layanan kepada pelanggan dan mengurangi resiko akibat adanya intrusi. FP dan FN menjadi fokus dalam melakukan analisa log alert dari IDS sehingga tidak perlu menganalisa keseluruhan data, berdampak memberikan hasil 85% lebih efektif dan berkontribusi pada efisiensi tenaga dan waktu bagi tim keamanan suatu peruasahaan pengguna IDS. Selain itu didapat bahwa sekitar 50% data IDS adalah intrusi atau pengganggu lainnya.

Muataz Salam Al-Daweri,Khairul Akram Zainol Ariffin,Salwani Abdullah,Mohamad Firham Efendy Md. Senan

DOI: https://doi.org/10.3390/sym12101666

2020-10-13

Symmetry

Abstract:The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies.

Satyanarayana Gunupusala,Shahu Chatrapathi Kaila

DOI: https://doi.org/10.37256/cm.5220243723

2024-06-19

Contemporary Mathematics

Abstract:Computer networks rely on Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) to ensure the security, reliability, and availability of an organization. In recent years, various approaches were developed and implemented to create effective IDSs and IPSs. This paper specifically focuses on IDSs that utilize Machine Learning (ML) techniques for improved accuracy. ML-based IDSs have verified to be successful in discovering network attacks. However, their performance tends to decline when dealing with high-dimensional data spaces. It is essential to develop a suitable feature extraction strategy that could identify and remove irrelevant features that do not significantly classification process to address this issue. Additionally, many ML-based IDSs exhibit high false positive rates and poor detection accuracy when trained on unbalanced datasets. In this study, we analyze the UNSW-NB15 IDS, which will serve as the training and testing data for our models. In order to reduce the feature space and improve the efficiency of our analysis, we leverage a filter-based feature reduction method utilizing the Pearson correlation coefficient algorithm. By identifying and selecting only the most relevant features, we are able to streamline our dataset and focus on the variables that have the highest impact on our analysis. This approach not only reduces computational complexity but also improves the interpretability of our results by eliminating unnecessary noise from the data. After applying the feature reduction technique, we proceed to implement a range of machine learning methods to perform our classification task. These include well-known algorithms such as Stacking, Extra Trees, Multi-Layer Perceptron, XGBoost, K-Nearest Neighbors, Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and Decision Tree. By employing a diverse set of algorithms, we are able to explore different modeling approaches and evaluate their effectiveness in accurately classifying the various types of assaults. In order to assess the performance of our classification models, we utilize a range of specialized evaluation metrics such as Root Mean Square Error (RMSE), Mean Absolute Error (MAE), R2-Score, Mean Squared Error (MSE), Precision, F1-Score, Recall, and Accuracy. These metrics provide us with a comprehensive understanding of how well our models are performing across different dimensions, including the accuracy of predictions, the level of precision in classifying different assault types, and the overall goodness-of-fit of our models. By considering multiple evaluation metrics, we are able to gain a more nuanced understanding of the strengths and weaknesses of each algorithm and make informed decisions about their suitability for our classification task. These metrics deliver a complete evaluation of the classifiers’ effectiveness in detecting community intrusions.

Solane Duque,Mohd. Nizam bin Omar

DOI: https://doi.org/10.1016/j.procs.2015.09.145

2015-01-01

Procedia Computer Science

Abstract:A common problem shared by current IDS is the high false positives and low detection rate. An unsupervised machine learning using k-means was used to propose a model for Intrusion Detection System (IDS) with higher efficiency rate and low false positives and false negatives. The NSL-KD data set was used which consisted of 25,192 entries with 22 different types of data. Results of the study using 11, 22, 44, 66 and 88 clusters, showed an efficiency rate of 70.75%, 81.61%, 65.40%, 61.30% and 55.43% respectively; false positive rates of 0.74%, 4.03%, 15.55%, 21.47% and 31.91% respectively; and false negative rates of 99.82%, 98.14%, 97.76%, 96.32% and 95.70%, respectively. Interestingly, the best results were generated when the number of clusters matches the number of data types in the data set. In the light of the findings, it is recommended that other data mining techniques be explored; a study using k-means data mining algorithm followed by signature-based approach is proposed in order to lessen the false negative rate; and a system for automatically identifying the number of clusters may be developed.

M. Andrecut

DOI: https://doi.org/10.48550/arXiv.2205.07323

2022-05-16

Abstract:Intrusion detection systems (IDS) are used to monitor networks or systems for attack activity or policy violations. Such a system should be able to successfully identify anomalous deviations from normal traffic behavior. Here we discuss the machine learning approach to building an anomaly-based IDS using the CSE-CIC-IDS2018 dataset. Since the publication of this dataset a relatively large number of papers have been published, most of them presenting IDS architectures and results based on complex machine learning methods, like deep neural networks, gradient boosting classifiers, or hidden Markov models. Here we show that similar results can be obtained using a very simple nearest neighbor classification approach, avoiding the inherent complications of training such complex models. The advantages of the nearest neighbor algorithm are: (1) it is very simple to implement; (2) it is extremely robust; (3) it has no parameters, and therefore it cannot overfit the data. This result also shows that currently there is a trend of developing over-engineered solutions in the machine learning community. Such solutions are based on complex methods, like deep learning neural networks, without even considering baseline solutions corresponding to simple, but efficient methods.

Cryptography and Security

Muhammad Naveed,Fahim Arif,Syed Muhammad Usman,Aamir Anwar,Myriam Hadjouni,Hela Elmannai,Saddam Hussain,Syed Sajid Ullah,Fazlullah Umar

DOI: https://doi.org/10.1155/2022/2215852

2022-08-10

Wireless Communications and Mobile Computing

Abstract:An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as "the big three." On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ameera S. Jaradat,Malek M. Barhoush,Rawan S. Bani Easa

DOI: https://doi.org/10.11591/ijeecs.v25.i2.pp1151-1158

2022-02-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The main goal of intrusion detection system (IDS) is to monitor the network performance and to investigate any signs of any abnormalities over the network. Recently, intrusion detection systems employ machine learning techniques, due to the fact that machine learning techniques proved to have the ability of learning and adapting in addition to allowing a prompt response. This work proposes a model for intrusion detection and classification using machine learning techniques. The model first acquires the data set and transforms it in the proper format, then performs feature selection to pick out a subset of attributes that worth being considered. After that, the refined data set was processed by the Konstanz information miner (KNIME). To gain better performance and a decent comparative analysis, three different classifiers were applied. The anticipated classifiers have been executed and assessed utilizing the KNIME analytics platform using (CICIDS2017) datasets. The experimental results showed an accuracy rate ranging between (98.6) as the highest obtained while the average was (90.59%), which was satisfying compared to other approaches. The gained statistics of this research inspires the researchers of this field to use machine learning in cyber security and data analysis and build intrusion detection systems with higher accuracy.

Gulab Sah,Subhasish Banerjee,Sweety Singh

DOI: https://doi.org/10.1007/s10207-022-00616-4

2022-10-08

International Journal of Information Security

Abstract:The intrusion detection system (IDS) plays an important role in extracting and analysing the network traffics to detect aberrant activity. However, emerging technologies, like cloud computing, Internet of Things, etc., generate a large volume of traffics, which may carry the irrelevant attributes that do not have any impact on classification or in detection of assaults. Hence, it's became an open challenge for the researchers to extract the meaningful data from huge amounts of traffic and also to examine whether the selected features could increase IDS performance or not. To solve these issues, features selection approaches (FSA) have been used in this research to remove non-relevant features and find the important ones. Later, the various classifiers have been used to investigate the best classifier which could increase the performance of IDS's detection-engine on the NSL-KDD datasets. However, to validate, the investigated best-performing classifier with the suitable features selection technique (FST) has also been implemented on a real-time dataset, i.e. combined CICIDS2017. The experiment results in this research suggest that the acquired subset of relevant features under the proposed model's (Decision Tree + Recursive Feature Elimination) could increase the IDS performance with average accuracy of 99.21% and 99.94% on the well-known NSL-KDD and CICIDS2017 datasets, respectively, and could also minimize the computation cost, in parallel.

computer science, information systems, theory & methods, software engineering

Zhao Yongli,Zhang Yungui,Tong Weiming,Chen Hongzhi

DOI: https://doi.org/10.1109/sns-pcs.2013.6553837

2013-01-01

Abstract:Network Intrusion Detection System (NIDS) plays an important role in providing network security. Efficient NIDS can be developed by defining a proper rule set for classifying network audit data into normal or attack patterns. Generally, each dataset is characterized by a large set of features, but not all features will be relevant or fully contribute identifying an attack. Since different attacks need different subsets to have better detection accuracy, this paper describes an improved feature selection algorithm to identify most appropriate subset of features for a certain attack. The proposed method is based on MAHALANOBIS Distance feature ranking and an improved exhaustive search to choose a better combination of features. We evaluate the approach on the KDD CUP 1999 datasets using SVM classifier and KNN classifier. The results show that classification is done with high classification rate and low misclassification rate with the reduced feature subsets.