Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Ramkumar Devendiran,Anil V Turukmane

DOI: https://doi.org/10.1016/j.eswa.2023.123027

IF: 8.5

2024-01-13

Expert Systems with Applications

Abstract:Network intrusion is a huge harmful activity to the privacy of the data sharing network. The activity will result in a cyber-attack, which causes damage to the system as well as the user's data. Unauthorized activities such as data tampering, illegal access to data and theft of credentials are increasing on the internet world every day. The detection of intrusion may be done by multiple methodologies; still, it is the biggest issue in the networks. Hence, an automated attack classification model is required to promote classification accuracy with fewer error possibilities based on the input parameters. To get relief from the insecurity of data, this paper presents an innovative model using deep networks. The proposed model is a deep learning based network intrusion detection system using a chaotic optimization strategy . The method is pre-processed using data cleansing and M-squared normalization. After pre-processing, the unbalanced datasets are balanced using the Extended Synthetic Sampling approach. After balancing, the features of the dataset are taken out using kernel-assisted principal component analysis. The optimal features are selected by the Chaotic Honey Badger optimization algorithm . After all required features have been extracted, the attacks are classified by the Gated Attention Dual Long Short Term Memory (Dugat-LSTM). The above process is performed using the TON-IOT and NSL-KDD datasets. The prototype is evaluated using the following metrics: accuracy, precision, recall, and F1 score. The accuracy value of the proposed model is 98.76% in the TON-IOT dataset and 99.65% in the NSL-KDD dataset. Thus, the accuracy and robustness of the model show that it outperforms other existing models.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Fangjun Kuang,Siyang Zhang,Zhong Jin,Weihong Xu

DOI: https://doi.org/10.1007/s00500-014-1332-7

IF: 3.732

2014-01-01

Soft Computing

Abstract:A novel support vector machine (SVM) model by combining kernel principal component analysis (KPCA) with improved chaotic particle swarm optimization (ICPSO) is proposed to deal with intrusion detection. The proposed method, in which multi-layer SVM classifier is employed to estimate whether the action is an attack, KPCA is applied as a preprocessor of SVM to reduce the dimension of feature vectors and shorten training time. To shorten the training time and improve the performance of SVM, N-RBF is employed to reduce the noise generated by feature differences, and ICPSO is presented to optimize the punishment factor C, kernel parameters \(\sigma \) and the tube size \(\varepsilon \) of SVM, which introduces chaos optimization and premature processing mechanism. Experimental results illustrate that the improved SVM model has faster computational time and higher predictive accuracy, and it can also shorten the training time and improve the performance of SVM.

Misra, Sanjay

DOI: https://doi.org/10.1007/s10207-023-00803-x

2024-01-10

International Journal of Information Security

Abstract:The Internet of Things (IoT) has garnered considerable attention from academic and industrial circles as a pivotal technology in recent years. The escalation of security risks is observed to be associated with the growing interest in IoT applications. Intrusion detection systems (IDS) have been devised as viable instruments for identifying and averting malicious actions in this context. Several techniques described in academic papers are thought to be very accurate, but they cannot be used in the real world because the datasets used to build and test the models do not accurately reflect and simulate the IoT network. Existing methods, on the other hand, deal with these issues, but they are not good enough for commercial use because of their lack of precision, low detection rate, receiver operating characteristic (ROC), and false acceptance rate (FAR). The effectiveness of these solutions is predominantly dependent on individual learners and is consequently influenced by the inherent limitations of each learning algorithm. This study introduces a new approach for detecting intrusion attacks in an IoT network, which involves the use of an ensemble learning technique based on gray wolf optimizer (GWO). The novelty of this study lies in the proposed voting gray wolf optimizer (GWO) ensemble model, which incorporates two crucial components: a traffic analyzer and a classification phase engine. The model employs a voting technique to combine the probability averages of the base learners. Secondly, the combination of feature selection and feature extraction techniques is to reduce dimensionality. Thirdly, the utilization of GWO is employed to optimize the parameters of ensemble models. Similarly, the approach employs the most authentic intrusion detection datasets that are accessible and amalgamates multiple learners to generate ensemble learners. The hybridization of information gain (IG) and principal component analysis (PCA) was employed to reduce dimensionality. The study utilized a novel GWO ensemble learning approach that incorporated a decision tree, random forest, K-nearest neighbor, and multilayer perceptron for classification. To evaluate the efficacy of the proposed model, two authentic datasets, namely, BoT-IoT and UNSW-NB15, were scrutinized. The GWO-optimized ensemble model demonstrates superior accuracy when compared to other machine learning-based and deep learning models. Specifically, the model achieves an accuracy rate of 99.98%, a DR of 99.97%, a precision rate of 99.94%, an ROC rate of 99.99%, and an FAR rate of 1.30 on the BoT-IoT dataset. According to the experimental results, the proposed ensemble model optimized by GWO achieved an accuracy of 100%, a DR of 99.9%, a precision of 99.59%, an ROC of 99.40%, and an FAR of 1.5 when tested on the UNSW-NB15 dataset.

computer science, information systems, theory & methods, software engineering

D. Suja Mary,L. Jaya Singh Dhas,A.R. Deepa,Mousmi Ajay Chaurasia,C. Jaspin Jeba Sheela

DOI: https://doi.org/10.1016/j.eswa.2024.123919

IF: 8.5

2024-04-23

Expert Systems with Applications

Abstract:Managing enormous amounts of data, such as big data, and detecting network traffic intrusions are inefficiently handled by current computing technologies. Traditional analytical techniques cannot manage the incursions in continuous internet traffic and the enormous log data of server activity, leading to many inaccurate results and a prolonged training period. As a result, this research provides an efficient deep learning-based approach to enhance the attack identification task by addressing the basic big data complexity linked to many heterogeneous security data types. This framework employs a novel feature selection method incorporating the Aquila Optimizer (AO) and Fuzzy Entropy Mutual Information (FEMI) algorithms to pick distinctive characteristics. Subsequently, a modified canonical correlation-based technique is applied to combine selected characteristics. Then, the intrusion identification and categorization are carried out using the optimized ResNet152V2 method. Additionally, data augmentation using Auxiliary Classifier Generative Adversarial Network (ACGAN) is performed. Finally, we used the CICDDoS2019 and ToN-IoT datasets to validate the suggested methodology. By comparing the presented approach to several baseline methods, the effectiveness of the suggested methodology is assessed using various performance measures, including F1-score, recall, precision, accuracy, confusion matrix, and ROC curve. Finally, simulation results show that the suggested strategy is superior to other existing techniques and demonstrate that it is a resilient solution for network intrusion detection.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Santosh Kumar Sahu,Durga Prasad Mohapatra,Jitendra Kumar Rout,Kshira Sagar Sahoo,Ashish Kr. Luhach

DOI: https://doi.org/10.1089/big.2020.0201

IF: 4.426

2021-08-01

Big Data

Abstract:In this study, we set up a scalable framework for large-scale data processing and analytics using the big data framework. The popular classification methods are implemented, tuned, and evaluated by using intrusion datasets. The objective is to select the best classifier after optimizing the hyper-parameters. We observed that the decision tree (DT) approach outperforms compared with other methods in terms of classification accuracy, fast training time, and improved average prediction rate. Therefore, it is selected as a base classifier in our proposed ensemble approach to study class imbalance. As the intrusion datasets are imbalanced, most of the classification techniques are biased toward the majority class. The misclassification rate is more in the case of the minority class. An ensemble-based method is proposed by using K-Means, RUSBoost, and DT approaches to mitigate the class imbalance problem; empirically investigate the impact of class imbalance on classification approaches' performance; and compare the result by using popular performance metrics such as Balanced Accuracy, Matthews Correlation Coefficient, and F-Measure, which are more suitable for the assessment of imbalanced datasets.

computer science, theory & methods, interdisciplinary applications

Mohemmed Yousuf Rahamathulla,Mangayarkarasi Ramaiah

DOI: https://doi.org/10.1007/s11042-024-20314-8

IF: 2.577

2024-10-11

Multimedia Tools and Applications

Abstract:The phenomenal rise in network traffic across various sectors, driven by advancements in network communication, has led to an explosion of connected devices. While internet-based service providers have enhanced smart environments, these environments remain highly vulnerable to security risks. Due to their resource- constrained nature, Internet of Things (IoT) systems rely on edge servers for processing. Cutting-edge machine learning algorithms have significantly improved the security of edge computing systems by enabling early intrusion detection. However, the dynamic nature of our society demands more sophisticated Network Intrusion Detection Systems (NIDS) that can balance the challenge of managing the explosive growth of network traffic data with effectively responding to attacks. This paper proposes a novel NIDS that can train and learn from massive amounts of data in a centralized environment. To identify the best subset of features for improved data representation and classification, a bio-inspired algorithm, the Improved Firefly Optimization Algorithm (IFOA), is employed. Furthermore, a hyper-tuned Extremely Randomized Trees (ERT) attack detection model is developed to accurately identify malicious behavior while minimizing false positives. The experimental results demonstrate that the proposed approach achieves superior accuracy and execution speed compared to alternative solutions and its baseline versions.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

V. Bhavya Lahari,T. Amrutha,S.N.B. Tanuja Reddy,P. Deepika Leela,Y. Venkata Narayana

DOI: https://doi.org/10.36713/epra14771

2023-11-01

EPRA International Journal of Research & Development (IJRD)

Abstract:In the rapidly evolving digital landscape, ensuring the security of computer systems and networks has become a paramount concern. Traditional methods often struggle to keep pace with the increasing complexity and diversity of cyber threats. In the context of cybersecurity and network analysis, the crucial tools for identifying and responding to unauthorized access, malicious activities, and potential threats within a network or system cannot take place. The significance of intrusion detection is underscored by the escalating frequency and sophistication of cyberattacks that can lead to data breaches, service disruptions, and financial losses. The XGBoost algorithms ability to handle complex, imbalanced datasets and its exceptional performance in various domains make it a promising candidate for improving intrusion detection accuracy. To evaluate the efficacy of the XGBoost algorithm, extensive experiments are conducted using the KDDCup99 dataset. This dataset represents diverse network traffic scenarios and intrusion types, providing a comprehensive evaluation environment. The Random Forest algorithm, known for its robustness in handling classification tasks, is selected as a baseline for comparison. The performance of the XGBoost algorithm is assessed using multiple performance metrics, including accuracy, precision, recall, F1-score. The outcomes highlight the potential advantages of utilizing XGBoost for intrusion detection. KEYWORDS: Cybersecurity, Network Analysis, Intrusion Detection, XGBoost Algorithm, Random Forest Algorithm, KDDCup99 Dataset.

Johan Note,Maaruf Ali

DOI: https://doi.org/10.33166/aetic.2022.03.003

2022-07-01

Annals of Emerging Technologies in Computing

Abstract:Attacks against computer networks, “cyber-attacks”, are now common place affecting almost every Internet connected device on a daily basis. Organisations are now using machine learning and deep learning to thwart these types of attacks for their effectiveness without the need for human intervention. Machine learning offers the biggest advantage in their ability to detect, curtail, prevent, recover and even deal with untrained types of attacks without being explicitly programmed. This research will show the many different types of algorithms that are employed to fight against the different types of cyber-attacks, which are also explained. The classification algorithms, their implementation, accuracy and testing time are presented. The algorithms employed for this experiment were the Gaussian Naïve-Bayes algorithm, Logistic Regression Algorithm, SVM (Support Vector Machine) Algorithm, Stochastic Gradient Descent Algorithm, Decision Tree Algorithm, Random Forest Algorithm, Gradient Boosting Algorithm, K-Nearest Neighbour Algorithm, ANN (Artificial Neural Network) (here we also employed the Multilevel Perceptron Algorithm), Convolutional Neural Network (CNN) Algorithm and the Recurrent Neural Network (RNN) Algorithm. The study concluded that amongst the various machine learning algorithms, the Logistic Regression and Decision tree classifiers all took a very short time to be implemented giving an accuracy of over 90% for malware detection inside various test datasets. The Gaussian Naïve-Bayes classifier, though fast to implement, only gave an accuracy between 51-88%. The Multilevel Perceptron, non-linear SVM and Gradient Boosting algorithms all took a very long time to be implemented. The algorithm that performed with the greatest accuracy was the Random Forest Classification algorithm.

Shubhra Dwivedi,Manu Vardhan,Sarsij Tripathi

DOI: https://doi.org/10.1007/s10586-020-03229-5

2021-01-13

Cluster Computing

Abstract:Intrusion detection is one of the most crucial activities for security infrastructures in network environments, and it is widely used to detect, identify and track malicious threats. A common approach in intrusion detection systems (IDSs) specifically in anomaly detection is evolutionary algorithm that works as intrusion detector. Still, it has been challenging to design a precise and reliable IDS to determine security threats due to the large capacity of network data which contains redundant and irrelevant features. It does not only decrease the process of classification but also prevents a classifier from making precise decisions. To increase the accuracy and reduce the false alarm rate, in this study integration of ensemble feature selection (EFS) and grasshopper optimization algorithm (GOA), called EFSGOA is developed. Firstly, EFS method is applied to rank the features for selecting the top subset of relevant features. Afterward, GOA is utilized to identify significant features from the obtained reduced features set produced by EFS technique that can contribute to determine the type of attack. Furthermore, GOA utilizes support vector machine (SVM) as a fitness function to obtain the noteworthy features and to optimize penalty factor, kernel parameter, and tube size parameters of SVM for maximizing the classification performance. The experimental results demonstrate that EFSGOA method has performed better and obtained high detection rate of 99.69%, accuracy of 99.98% and low false alarm rate of 0.07 in NSL-KDD and high detection rate of 99.26%, accuracy of 99.89% and low false alarm rate of 0.097 in KDD Cup 99 data. Moreover, the proposed method has succeeded in achieving higher performance compared to other state-of-art techniques in terms of accuracy, detection rate, false alarm rate, and CPU time.

Shaik Abdul Rahim,Arun Manoharan

DOI: https://doi.org/10.1109/access.2024.3479310

IF: 3.9

2024-10-25

IEEE Access

Abstract:Cyber-physical systems (CPSs) have become vital to network communication. The CPS combines numerous interconnected computing resources, networking units, and physical processes to monitor the activities of computing devices. The perception layer in the CPS is employed to gather data from the physical surroundings. Still, the interconnection of the physical and cyber worlds creates more security concerns; hence, the operations of the communication networks become more complex. Devices on the CPS perception layer are especially susceptible due to their limited resources. To resolve the issues, the Spiking Visual Geometry Group-16 is developed for intrusion detection in the CPS perception layer. The log file collected from the dataset is normalized using the Quantile Normalization (QN) approach. The major function of QN is to reduce data redundancy. The required features from the normalized data are selected using the Skill Optimization Algorithm (SOA). The proposed Spiking VGG-16 is utilized to detect intrusion. In addition, performance computing metrics like accuracy, precision, recall, F1-score, and Matthew's correlation coefficient (MCC) are utilized for validating the Spiking VGG-16-based model, in which the outcomes of 91.32%, 90.98%, 89.57%, 90.39%, and 90.51% are achieved.

computer science, information systems,telecommunications,engineering, electrical & electronic

Arindam Sarkar,Hanjabam Saratchandra Sharma,Moirangthem Marjit Singh

DOI: https://doi.org/10.1007/s41870-022-01115-4

2022-10-10

International Journal of Information Technology

Abstract:An efficient machine learning (ML) ensemble technique for categorizing Intrusion Detection (ID) is proposed in this study. The tuning of the ML model’s parameters is a critical topic since it can improve detection quality. Another area where quality might be enhanced is pre-processing. Corrections to the training dataset can help with class identification, especially for unusual attacks like R2L (Root to Local attacks), U2R (User to Root attack). When compared to existing methodologies, the proposed methodology has a number of advantages, such as (1) it proposes two methods for classifying intrusions on the two most widely used datasets using ML models. (2) The KDD Cup99 and NSL-KDD datasets are rebalanced through data augmentation. (3) Provides a 3 steps approach for improving detection of intrusion utilizing Multi Layer Perceptron (MLP) in a cascaded structure. (4) To classify each class using a specialized one, a cascaded meta-specialized classifier architecture has been developed. (5) All meta-specialists assess the dataset’s non-flagged connections. With a classification accuracy of 89.32% and an FPR of 1.95%, this approach has been shown to considerably increase detection quality. (6) Finally, to enhance detection capability, the best algorithms’ predictions are integrated by increasing their weights. On the NSL-KDD dataset, this approach has a high accuracy of 87.63% and a low FPR of 1.68%.

K. U. Abinesh Kamal,S. V. Divya

DOI: https://doi.org/10.1080/00051144.2023.2295146

IF: 1.79

2024-01-12

Automatika

Abstract:Organizations have to establish strong security operations to protect their digital assets since cyberattacks are becoming more prevalent and sophisticated. Integrating threat intelligence into security operations is a fundamental strategy for enhancing an organization's security posture. However, the precision and dependability of the underlying machine learning classifiers employed for analysis determine how successful such platforms really are. In this paper, we leverage the UNSW-NB15 dataset to propose an integrated threat intelligence platform for security operations in organizations. In order to determine which machine learning classifier performs best, we run a variety of classifiers to the dataset, including Ensemble Learning, Stochastic Gradient Descent (SGD), Logistic Regression, and Ridge Classifier. Our findings demonstrate that the Ensemble Learning classifier beats the other classifiers, with accuracy, precision, recall, and F1 score of 97.02%, 98.34%, 99.02% and 98.17% respectively. This suggests that our proposed system is quite good at detecting potential threats and may offer insightful information for security operations in organizations.

automation & control systems,engineering, electrical & electronic

Sweta Bhattacharya,Siva Rama Krishnan S,Praveen Kumar Reddy Maddikunta,Rajesh Kaluri,Saurabh Singh,Thippa Reddy Gadekallu,Mamoun Alazab,Usman Tariq

DOI: https://doi.org/10.3390/electronics9020219

IF: 2.9

2020-01-27

Electronics

Abstract:The enormous popularity of the internet across all spheres of human life has introduced various risks of malicious attacks in the network. The activities performed over the network could be effortlessly proliferated, which has led to the emergence of intrusion detection systems. The patterns of the attacks are also dynamic, which necessitates efficient classification and prediction of cyber attacks. In this paper we propose a hybrid principal component analysis (PCA)-firefly based machine learning model to classify intrusion detection system (IDS) datasets. The dataset used in the study is collected from Kaggle. The model first performs One-Hot encoding for the transformation of the IDS datasets. The hybrid PCA-firefly algorithm is then used for dimensionality reduction. The XGBoost algorithm is implemented on the reduced dataset for classification. A comprehensive evaluation of the model is conducted with the state of the art machine learning approaches to justify the superiority of our proposed approach. The experimental results confirm the fact that the proposed model performs better than the existing machine learning models.

engineering, electrical & electronic,computer science, information systems,physics, applied

A. Devendhiran,I. Vasudevan,S. Saravanan,P. Preethi,R. Krishna Prakash

DOI: https://doi.org/10.1109/ICOTL59758.2023.10435119

2023-12-07

Abstract:In the current interconnected and susceptible digital environment, the demand for reliable network attack prediction systems has reached a critical level. This research paper presents a novel approach for network intrusion detection utilizing the Improved Import Vector Machine (IVM) classification algorithm combined with feature selection using Cuckoo Search based Grey Wolf Optimization (CS-GWO). The aim is to improve the accuracy and effectiveness of intrusion detection systems by selecting the most relevant features and employing a powerful classification algorithm. The proposed methodology begins with data preprocessing, ensuring the dataset is appropriately cleaned and normalized. Subsequently, the CS-GWO algorithm is applied for feature selection, leveraging the strengths of both Cuckoo Search and Grey Wolf Optimization. This hybrid approach efficiently explores the search space to identify the optimal feature subset that contributes to accurate intrusion detection. Once the feature selection process is completed, the IVM classification algorithm is employed to classify network instances into intrusion or normal categories. The IVM algorithm is chosen for its ability to handle high-dimensional data and its robustness in dealing with imbalanced datasets commonly encountered in network intrusion detection. To evaluate the performance of the proposed approach, extensive experiments are conducted using benchmark datasets. Various evaluation metrics such as accuracy, precision, recall, and F1 score are utilized to assess the effectiveness of the system in detecting network intrusions. The results demonstrate that the combination of IVM classification and CS-GWO feature selection significantly improves the accuracy and efficiency of network intrusion detection. The selected features obtained through CS-GWO contribute to enhanced classification performance, enabling the system to accurately identify and respond to potential intrusions in real-time scenarios.

Engineering,Computer Science

Durgesh Srivastava,Rajeshwar Singh,Chinmay Chakraborty,Sunil Kumar,Aaisha Makkar,Deepak Sinwar

DOI: https://doi.org/10.1016/j.micpro.2023.104964

IF: 3.503

2023-10-23

Microprocessors and Microsystems

Abstract:Recognition of the consequence for advanced tools and techniques to secure the network infrastructure from the security risks has prompted the advancement of many machine learning-based intrusion detection strategies. However, it is a big challenge for the researchers to make improvements in an Intrusion Detection System with desired advantages and constraints. This paper has developed a proficient soft computing framework using Grey Wolf Optimization and Entropy-Based Graph (GWO-EBG) to classify intrusion detection datasets to reduce the false rate. In the proposed scheme, initially, the input data is preprocessed by the data transformation and normalization procedure. After the preprocessing, optimal features have been chosen for the dimension reduction from the preprocessed data using the grey wolf optimization (GWO) algorithm. Then, the Entropy value has estimated from the idyllically selected features. Lastly, an Entropy-Based Graph (EBG) has been constructed to classify data into intrusion or normal data. The experimental results demonstrate that the developed method outperforms other existing methods in various performance measures. The detection rate of the developed GWO-EBG is found to be 94.6 %, which is higher than 91.24% of EBG, 75.60% K-Nearest Neighbors (KNN), 73.36% of Support Vector Machine (SVM), and 74.88% of Generalized Regression Neural Network (GRNN) on 5000 connection vectors data obtained from KDD CUP'99 testing dataset. The false-positive rate of developed strategy (GWO-EBG) is 0.35% %, which is lower than 2.18% of EBG, 7.32% KNN, 8.15% of SVM, and 8.13% of GRNN with 5000 testing datasets.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Sumaiya Thaseen Ikram,Aswani Kumar Cherukuri,Babu Poorva,Pamidi Sai Ushasree,Yishuo Zhang,Xiao Liu,Gang Li

DOI: https://doi.org/10.2478/cait-2021-0037

2021-09-01

Cybernetics and Information Technologies

Abstract:Abstract Intrusion Detection Systems (IDSs) utilise deep learning techniques to identify intrusions with maximum accuracy and reduce false alarm rates. The feature extraction is also automated in these techniques. In this paper, an ensemble of different Deep Neural Network (DNN) models like MultiLayer Perceptron (MLP), BackPropagation Network (BPN) and Long Short Term Memory (LSTM) are stacked to build a robust anomaly detection model. The performance of the ensemble model is analysed on different datasets, namely UNSW-NB15 and a campus generated dataset named VIT_SPARC20. Other types of traffic, namely unencrypted normal traffic, normal encrypted traffic, encrypted and unencrypted malicious traffic, are captured in the VIT_SPARC20 dataset. Encrypted normal and malicious traffic of VIT_SPARC20 is categorised by the deep learning models without decrypting its contents, thus preserving the confidentiality and integrity of the data transmitted. XGBoost integrates the results of each deep learning model to achieve higher accuracy. From experimental analysis, it is inferred that UNSW_ NB results in a maximal accuracy of 99.5%. The performance of VIT_SPARC20 in terms of accuracy, precision and recall are 99.4%. 98% and 97%, respectively.

Muhammad Bisri Musthafa,Samsul Huda,Yuta Kodera,Md Arshad Ali,Shunsuke Araki,Jedidah Mwaura,Yasuyuki Nogami

DOI: https://doi.org/10.3390/s24134293

2024-07-01

Abstract:Internet of Things (IoT) devices are leading to advancements in innovation, efficiency, and sustainability across various industries. However, as the number of connected IoT devices increases, the risk of intrusion becomes a major concern in IoT security. To prevent intrusions, it is crucial to implement intrusion detection systems (IDSs) that can detect and prevent such attacks. IDSs are a critical component of cybersecurity infrastructure. They are designed to detect and respond to malicious activities within a network or system. Traditional IDS methods rely on predefined signatures or rules to identify known threats, but these techniques may struggle to detect novel or sophisticated attacks. The implementation of IDSs with machine learning (ML) and deep learning (DL) techniques has been proposed to improve IDSs' ability to detect attacks. This will enhance overall cybersecurity posture and resilience. However, ML and DL techniques face several issues that may impact the models' performance and effectiveness, such as overfitting and the effects of unimportant features on finding meaningful patterns. To ensure better performance and reliability of machine learning models in IDSs when dealing with new and unseen threats, the models need to be optimized. This can be done by addressing overfitting and implementing feature selection. In this paper, we propose a scheme to optimize IoT intrusion detection by using class balancing and feature selection for preprocessing. We evaluated the experiment on the UNSW-NB15 dataset and the NSL-KD dataset by implementing two different ensemble models: one using a support vector machine (SVM) with bagging and another using long short-term memory (LSTM) with stacking. The results of the performance and the confusion matrix show that the LSTM stacking with analysis of variance (ANOVA) feature selection model is a superior model for classifying network attacks. It has remarkable accuracies of 96.92% and 99.77% and overfitting values of 0.33% and 0.04% on the two datasets, respectively. The model's ROC is also shaped with a sharp bend, with AUC values of 0.9665 and 0.9971 for the UNSW-NB15 dataset and the NSL-KD dataset, respectively.

Arushi Agarwal,Purushottam Sharma,Mohammed Alshehri,Ahmed A. Mohamed,Osama Alfarraj

DOI: https://doi.org/10.7717/peerj-cs.437

2021-04-07

PeerJ Computer Science

Abstract:In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

computer science, information systems, artificial intelligence, theory & methods

Saikat Das,Sajal Saha,Annita Tahsin Priyoti,Etee Kawna Roy,Frederick T. Sheldon,Anwar Haque,Sajjan Shiva

DOI: https://doi.org/10.1109/tnsm.2021.3138457

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:Proper security solutions in the cyber world are crucial for enforcing network security by providing real-time network protection against network vulnerabilities and data exploitation. An effective intrusion detection strategy is capable of taking a holistic approach for protecting critical systems against unauthorized access or attack. In this paper, we describe a machine learning (ML) based comprehensive security solution for network intrusion detection using ensemble supervised ML framework and ensemble feature selection methods. In addition, we provide a comparative analysis of several ML models and feature selection methods. The goal of this research is to design a generic detection mechanism and achieve higher accuracy with minimal false positive rates (FPR). NSL-KDD, UNSW-NB15, and CICIDS2017 datasets are used in the experiment, and results show that our detection model can identify 99.3% of intrusions successfully with the lowest 0.5% of false alarms, which depicts better performance metrics compared to existing solutions.

computer science, information systems