Jung-Chun Liu,Chao-Tung Yang,Yu-Wei Chan,Endah Kristiani,Wei-Je Jiang

DOI: https://doi.org/10.1007/s11227-021-03715-6

IF: 3.3

2021-03-16

The Journal of Supercomputing

Abstract:Network log data is significant for network administrators, since it contains information on every event that occurs in a network, including system errors, alerts, and packets sending statuses. Effectively analyzing large volumes of diverse log data brings opportunities to identify issues before they become problems and to prevent future cyberattacks; however, processing of the diverse NetFlow data poses challenges such as volume, velocity, and veracity of log data. In this study, by means of Elasticsearch, Logstash, and Kibana, i.e., the ELK Stack, we construct an analysis and management system for network log data, which provides functions to filter, analyze, and display network log data for further applications and creates data visualization on a Web browser. In addition, an advanced cyberattack detection model is facilitated using deep neural network (DNN), recurrent neural networks (RNN), and long short-term memory (LSTM) approaches. By knowing cyberattack behaviors and cross-validating with the log analysis system, one can learn from this model the characteristics of a variety of cyberattacks. Finally, we also implement Grafana to perform metrics monitoring.

Khloud Al Jallad,Mohamad Aljnidi,Mohammad Said Desouki

DOI: https://doi.org/10.48550/arXiv.2209.13961

2022-09-28

Cryptography and Security

Abstract:With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

Chao-Tung Yang,Yu-Wei Chan,Jung-Chun Liu,Endah Kristiani,Cing-Han Lai

DOI: https://doi.org/10.1007/s00500-022-06954-8

IF: 3.732

2022-03-31

Soft Computing

Abstract:The usage of artificial intelligence and machine learning methods on cyberattacks increasing significantly recently. For the defense method of cyberattacks, it is possible to detect and identify the attack event by observing the log data and analyzing whether it has abnormal behavior or not. This paper implemented the ELK Stack network log system (NetFlow Log) to visually analyze log data and present several network attack behavior characteristics for further analysis. Additionally, this system evaluated the extreme gradient enhancement (XGBoost), Recurrent Neural Network (RNN), and Deep Neural Network (DNN) model for machine learning methods. Keras was used as a deep learning framework for building a model to detect the attack event. From the experiments, it can be confirmed that the XGBoost model has an accuracy rate of 96.01% for potential threats. The full attack dataset can achieve 96.26% accuracy, which is better than RNN and DNN models.

computer science, artificial intelligence, interdisciplinary applications

Hao Zhang,Shumin Dai,Yongdan Li,Wenjun Zhang

DOI: https://doi.org/10.1109/pccc.2018.8711068

2018-01-01

Abstract:With the rapid increase in Internet services, network traffic data has become very large and complex, increasing the possibility of intrusions. The traditional intrusion detection system (IDS) cannot detect intrusion behaviors among such high-speed traffic data. A real-time network IDS should be able to process large amounts of network traffic data as quickly as possible to detect malicious traffic as early as possible. Therefore, in this paper, we propose a network intrusion detection framework based on a distributed random forest capable of handling high-speed traffic data. This framework consists of three parts: a data capturing part based on NetFlow, a preprocessing data part and a classification-based intrusion detection part. In this paper, we apply the random forest classification algorithm and adapt it to the Apache Spark distributed processing system to realize real-time detection. To verify the effectiveness of the framework, we implement the system and perform several comparison experiments. The results show that the system has satisfactory efficiency and accuracy compared to existing systems and thus is very suitable for the real-time detection of network intrusion, with a large capacity and high speed.

Minh Hieu Nguyen,Viet Hung Nguyen,Huu Phong Pham,Ngoc Anh Tran

DOI: https://doi.org/10.1145/3628797.3628943

2023-12-07

Abstract:System logs play a vital role in upholding information security by capturing events to address potential risks. Numerous research initiatives have harnessed log data to create machine learning models geared towards spotting unusual activities within systems. In this pragmatic study, we introduce an innovative approach to detecting anomalies in log data, employing a three-step process encompassing preprocessing, advanced natural language processing (NLP) utilizing BERT, and a custom 1D-CNN classification model. During the preprocessing phase, we tokenize the data and eliminate non-essential elements, while BERT enriches log message representations. Our Sliding Window and Overlapping Mechanism ensures consistent input dimensions. The 1D-CNN model extracts temporal features for robust anomaly detection. Empirical findings on HFDS, BGL, Spirit, and Thunderbird datasets illustrate that our method outperforms prior approaches in identifying network attacks.

Computer Science

Brunel Elvire Bouya-Moko,Edward Kwadwo Boahen,Changda Wang

DOI: https://doi.org/10.3390/electronics11111675

IF: 2.9

2022-05-25

Electronics

Abstract:Strong network connections make the risk of malicious activities emerge faster while dealing with big data. An intrusion detection system (IDS) can be utilized for alerting suitable entities when hazardous actions are occurring. Most of the techniques used to classify intrusions lack the techniques executed with big data. This paper devised an optimization-driven deep learning technique for detecting the intrusion using the Spark model. The input data is fed to the data partitioning phase wherein the partitioning of data is done using the proposed fuzzy local information and Bhattacharya-based C-means (FLIBCM). The proposed FLIBCM was devised by combining Bhattacharya distance and fuzzy local information C-Means (FLICM). The feature selection was achieved with classwise info gained to select imperative features. The data augmentation was done with oversampling to make it apposite for further processing. The detection of intrusion was done using a deep Maxout network (DMN), which was trained using the proposed student psychology water cycle caviar (SPWCC) obtained by combining the water cycle algorithm (WCA), the conditional autoregressive value at risk by regression quantiles (CAViaR), and the student psychology-based optimization algorithm (SPBO). The proposed SPWCC-based DMN offered enhanced performance with the highest accuracy of 97.6%, sensitivity of 98%, and specificity of 97%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yun-Chun Chen,Yu-Jhe Li,Aragorn Tseng,Tsungnan Lin

DOI: https://doi.org/10.48550/arXiv.1802.03358

IF: 5.414

2018-02-09

Machine Learning

Abstract:Cyber security has grown up to be a hot issue in recent years. How to identify potential malware becomes a challenging task. To tackle this challenge, we adopt deep learning approaches and perform flow detection on real data. However, real data often encounters an issue of imbalanced data distribution which will lead to a gradient dilution issue. When training a neural network, this problem will not only result in a bias toward the majority class but show the inability to learn from the minority classes. In this paper, we propose an end-to-end trainable Tree-Shaped Deep Neural Network (TSDNN) which classifies the data in a layer-wise manner. To better learn from the minority classes, we propose a Quantity Dependent Backpropagation (QDBP) algorithm which incorporates the knowledge of the disparity between classes. We evaluate our method on an imbalanced data set. Experimental result demonstrates that our approach outperforms the state-of-the-art methods and justifies that the proposed method is able to overcome the difficulty of imbalanced learning. We also conduct a partial flow experiment which shows the feasibility of real-time detection and a zero-shot learning experiment which justifies the generalization capability of deep learning in cyber security.

Jia Zhanpei,Shen Chao,Yi Xiao,Chen Yufei,Yu Tianwen,Guan Xiaohong

DOI: https://doi.org/10.1109/coase.2017.8256257

2017-01-01

CASE

Abstract:Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios.

Clinton Cao,Annibale Panichella,Sicco Verwer,Agathe Blaise,Filippo Rebecchi

2023-08-04

Abstract:NetFlow data is a popular network log format used by many network analysts and researchers. The advantages of using NetFlow over deep packet inspection are that it is easier to collect and process, and it is less privacy intrusive. Many works have used machine learning to detect network attacks using NetFlow data. The first step for these machine learning pipelines is to pre-process the data before it is given to the machine learning algorithm. Many approaches exist to pre-process NetFlow data; however, these simply apply existing methods to the data, not considering the specific properties of network data. We argue that for data originating from software systems, such as NetFlow or software logs, similarities in frequency and contexts of feature values are more important than similarities in the value itself. In this work, we propose an encoding algorithm that directly takes the frequency and the context of the feature values into account when the data is being processed. Different types of network behaviours can be clustered using this encoding, thus aiding the process of detecting anomalies within the network. We train several machine learning models for anomaly detection using the data that has been encoded with our encoding algorithm. We evaluate the effectiveness of our encoding on a new dataset that we created for network attacks on Kubernetes clusters and two well-known public NetFlow datasets. We empirically demonstrate that the machine learning models benefit from using our encoding for anomaly detection.

Machine Learning

Baojun Zhou,Jie Li,Jinsong Wu,Song Guo,Yu Gu,Zhetao Li

DOI: https://doi.org/10.1109/icc.2018.8422327

2018-01-01

Abstract:In order to cope with the increasing number of cyber attacks, network operators must monitor the whole network situations in real time. Traditional network monitoring method that usually works on a single machine, however, is no longer suitable for the huge traffic data nowadays due to its poor processing ability. In this paper, we propose a machine-learning based online Internet traffic monitoring system using Spark Streaming, a stream- processing-based big data framework, to detect DDoS attacks in real time. The system consists of three parts, collector, messaging system and stream processor. We use a correlation-based feature selection method and choose 4 most necessary network features in our machine- learning-based DDoS detection algorithm. We verify the result of feature selection method by a comparative experiment and compare the detection accuracy of 3 machine learning methods - Naïve Bayes, Logistic Regression and Decision Tree. Finally, we conduct experiments in a cluster with the standalone mode, showing that our system can detect 3 typical DDoS attacks - TCP flooding, UDP flooding and ICMP flooding at the accuracy of more than 99.3%. It also shows the system performs well even for large Internet traffic.

Pengfei Han,Huakang Li,Gang Xue,Chao Zhang

DOI: https://doi.org/10.1111/coin.12573

2023-04-23

Computational Intelligence

Abstract:Anomaly detection is a key step in ensuring the security and reliability of large‐scale distributed systems. Analyzing system logs through artificial intelligence methods can quickly detect anomalies and thus help maintenance personnel to maintain system security. Most of the current works only focus on the temporal or spatial features of distributed system logs, and they cannot sufficiently extract the global features of distributed system logs to achieve a good correct rate of anomaly detection. To further address the shortcomings of existing methods, this paper proposes a deep learning model with global spatiotemporal features to detect the presence of anomalies in distributed system logs. First, we extract semi‐structured log events from log templates and model them as natural language. In addition, we focus on the temporal characteristics of logs using the bidirectional long short‐term memory network and the spatial invocation characteristics of logs using the Transformer. Extensive experimental evaluations show the advantages of our proposed model for distributed system log anomaly detection tasks. The optimal F1‐Score on three open‐source datasets and our own collected distributed system datasets reach 98.04%, 94.34%, 88.16%, and 97.40%, respectively.

computer science, artificial intelligence

Lili Gao,Xiaopeng Deng,Weimin Yang

DOI: https://doi.org/10.1007/s00521-021-05733-0

2021-01-27

Neural Computing and Applications

Abstract:The most important problems that occur during the extraction of knowledge from data streams are related to the properties characterizing "BigData," namely high speed of information flow (velocity), variety of used forms, variability of data and diversity of information accuracy diagnosis methods (veracity). The use of online or sequential learning methods offers a specialized solution for solving real-time data processing problems. Data are provided without a clear knowledge of their particular inherent characteristics. Conventional approaches focus on applying heuristic or logical analysis rules. They fail to effectively handle new patterns (produced as a function of time) and to consider the dynamic change rate of their characteristics. In most cases, these methods approximate, by creating general rather than clear imprints of knowledge, which is hidden in the flows. Moreover, their function requires significant computational resources. This paper introduces (to the best of our knowledge, for the first time in the literature) the implementation of a specialized online reservoir computing architecture for smart city infrastructure protection which has low requirements in computing resources; it is efficient and suitable for real-time data flow analysis. More specifically, it describes the development of an echo state network, comprised of analog neurons with sparse random connections at the input levels and at the dynamical reservoir. Its training at the output level is performed with the recursive least square method. A complex data set was selected for the testing of the proposed model, which fully simulates the digital attacks that can be faced by the mechatronic equipment used in smart water supply networks located in the front end of the smart cities.

computer science, artificial intelligence

Liu Bin,Lin Chuang,Qiao Jian,He Jianping,Peter Ungsunan

DOI: https://doi.org/10.1016/j.comnet.2007.12.004

IF: 5.493

2008-01-01

Computer Networks

Abstract:In this paper, a flow analysis and monitoring system based on NetFlow is introduced. The system is built on a Browser–Server framework, aimed at enterprise networks. Data collection and display are separated into two modules, which makes the system clearly demarcated and easy to deploy. The data collection module receives and analyzes NetFlow-exported packets and inserts per flow record information into the Oracle database. The display module acts as a J2EE web server, fetches real-time or history traffic information from the database and shows it to web users. In addition to the above-mentioned functions, the most important part of the system is an IDS. A real-time anomalous traffic monitoring module with a stable matching pattern algorithm and two traffic statistic based intrusion detection algorithms – one algorithm is based on variance similarity while the other is based on Euclidean distance – are embedded in the system to detect worm and other malicious attacks. With the aim of identifying anomalous network traffic simply and effectively, a proved “join” strategy is also designed along with the two traffic statistic based intrusion detection algorithms. The whole IDS module is able to run with low computational complexity and high detection accuracy. Finally, we conduct experiments to verify the performance of our system.

D. Suja Mary,L. Jaya Singh Dhas,A.R. Deepa,Mousmi Ajay Chaurasia,C. Jaspin Jeba Sheela

DOI: https://doi.org/10.1016/j.eswa.2024.123919

IF: 8.5

2024-04-23

Expert Systems with Applications

Abstract:Managing enormous amounts of data, such as big data, and detecting network traffic intrusions are inefficiently handled by current computing technologies. Traditional analytical techniques cannot manage the incursions in continuous internet traffic and the enormous log data of server activity, leading to many inaccurate results and a prolonged training period. As a result, this research provides an efficient deep learning-based approach to enhance the attack identification task by addressing the basic big data complexity linked to many heterogeneous security data types. This framework employs a novel feature selection method incorporating the Aquila Optimizer (AO) and Fuzzy Entropy Mutual Information (FEMI) algorithms to pick distinctive characteristics. Subsequently, a modified canonical correlation-based technique is applied to combine selected characteristics. Then, the intrusion identification and categorization are carried out using the optimized ResNet152V2 method. Additionally, data augmentation using Auxiliary Classifier Generative Adversarial Network (ACGAN) is performed. Finally, we used the CICDDoS2019 and ToN-IoT datasets to validate the suggested methodology. By comparing the presented approach to several baseline methods, the effectiveness of the suggested methodology is assessed using various performance measures, including F1-score, recall, precision, accuracy, confusion matrix, and ROC curve. Finally, simulation results show that the suggested strategy is superior to other existing techniques and demonstrate that it is a resilient solution for network intrusion detection.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

Martin Andreoni Lopez,Diogo M. F. Mattos,Otto Carlos M. B. Duarte,Guy Pujolle

DOI: https://doi.org/10.1002/cpe.5344

2019-05-21

Concurrency and Computation: Practice and Experience

Abstract:<p>The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a s<b>CA</b>lable <b>TR</b>Affic <b>C</b>lassifier and <b>A</b>nalyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real‐time threat‐detection service. The system presents a friendly graphical interface that provides real‐time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy.</p>

Vladimir Ciric,Marija Milosevic,Danijel Sokolovic,Ivan Milentijevic

DOI: https://doi.org/10.1016/j.simpat.2024.102916

IF: 4.199

2024-02-01

Simulation Modelling Practice and Theory

Abstract:In an increasingly digitalized world, cybersecurity has emerged as a critical component of safeguarding sensitive information and infrastructure from malicious threats. The threat actors are often in line or even one step ahead of the defense, causing the increasing reliance of security teams on artificial intelligence while trying to detect zero-day attacks. However, most of the cybersecurity solutions based on artificial intelligence that can be found in the literature are trained and tested on reference datasets that are at least five or more years old, which gives a vague insight into their security performances. Moreover, they often tend to be designed as isolated, self-focused components. The aim of this paper is to design and implement a modular network intrusion detection architecture capable of simulating cyberattacks based on real-world scenarios while evaluating its defense capabilities. The architecture is designed as a full pipeline from real-time network data collection and transformation to threat-information presentation and visualization, with a pre-trained artificial intelligence module at its core. Well-known components like CICFlowMeter, Prometheus, and Grafana are used and modified to fit our data preparation and core modules to form the proposed architecture for real-world network traffic security monitoring. For the sake of cyberattack simulation, the proposed architecture is situated within a virtual environment, surrounded by the Kali Linux-based penetration simulation agent on one side and a vulnerable agent on the other. The intrusion detection artificial intelligence module is trained on the CICIDS-2017 dataset, and it is demonstrated using the proposed architecture that, despite being trained on an outdated dataset, the trained module is still effective in detecting sophisticated modern attacks. Two case studies are given to illustrate how modular architectures and virtual environments can be valuable tools to assess the security properties of artificial intelligence-based solutions through simulation in real-world scenarios.

computer science, interdisciplinary applications, software engineering

Christian Callegari,Stefano Giordano,Michele Pagano

DOI: https://doi.org/10.1016/j.bdr.2024.100446

IF: 3.3

2024-02-29

Big Data Research

Abstract:Anomaly-based Intrusion Detection is a key research topic in network security due to its ability to face unknown attacks and new security threats. For this reason, many works on the topic have been proposed in the last decade. Nonetheless, an ultimate solution, able to provide a high detection rate with an acceptable false alarm rate, has still to be identified. In the last years big research efforts have focused on the application of Deep Learning techniques to the field, but no work has been able, so far, to propose a system achieving good detection performance, while processing raw network traffic in real time. For this reason in the paper we propose an Intrusion Detection System that, leveraging on probabilistic data structures and Deep Learning techniques, is able to process in real time the traffic collected in a backbone network, offering excellent detection performance and low false alarm rate. Indeed, the extensive experimental tests, run to validate our system and compare different Deep Learning techniques, confirm that, with a proper parameter setting, we can achieve about 92% of detection rate, with an accuracy of 0.899. Finally, with minimal changes, the proposed system can provide some information about the kind of anomaly, although in the multi-class scenario the detection rate is slightly lower (around 86%).

computer science, information systems, artificial intelligence, theory & methods

Ancy Sherin Jose,Latha R Nair,Varghese Paul

DOI: https://doi.org/10.47059/revistageintec.v11i4.2411

2021-07-29

Revista Gestão Inovação e Tecnologias

Abstract:Distributed Denial of Service Attack (DDoS) has emerged as a major threat to cyber space. A DDoS attack aims at exhausting the resources of the victim causing financial and reputational damages to it. The availability of free software make launching of DDoS attacks easy. The difficulty in differentiating a DDoS traffic from a legitimate traffic burst such as a flash crowd makes DDoS difficult to be identified. A wide range of techniques have been used in conventional networks to detect and mitigate DDoS attacks. Though the advent of Software Defined Networking (SDN) makes a network easy to be managed even SDN is vulnerable to DDoS attacks. In this case, the controller of the SDN gets overloaded with the incoming packets from the switches. In fact, a solution based on security analytics can be put in place to ward off this threat as a proactive security measure using the flow level statistics available from the SDN. Compared to the packet analysis used in traditional networks which is resource expensive the flow level statistics is relatively inexpensive. This paper focuses on the design and implementation of an attack detection system for detecting the flooding DDoS attacks TCP SYN flooding attacks, HTTP request flooding attacks, UDP flooding attacks and ICMP flooding attacks over SDN network traffic. The system uses various classification algorithms to classify a traffic into normal or attack. The feature sets for classification were arrived at using a feature selection module with ANOVA (Analysis of Variance) F-Test statistical method. Performance evaluation of each of the classifiers was carried out for the three feature sets obtained from the feature selection module using various performance measures and the results have been tabulated. The feature set which gives the best performance in detecting malicious traffic has been identified.

Dr.D.S. John Deva Prasanna,Dr.K. Punitha,Dr.M. Naga Raju,Dr.F. Rahman,Kamlesh Kumar Yadav

DOI: https://doi.org/10.58346/jisis.2024.i3.024

2024-08-30

Abstract:One crucial thing that hackers always do is gather information about the state of networks by breaking into files and systems that are used in defense models. Threats can get into these platforms. Much information is constantly coming into and going out of systems and people. To find potentially harmful security trends, the Intrusion Detection System (IDS) has to look through this growing amount of data. Our surroundings and choices now make it very hard to quickly and correctly find intrusions. To find people who try to get into a communication system without permission, creating an intrusion detection system (IDS) that uses big data techniques to handle large amounts of complex data is essential. This work uses artificial intelligence (AI), which is aware of a vast amount of data, to make an IDS that is very good at dealing with these problems. The study created a unique structure for the Long Short-Term Memory (LSTM) method, which can find complex links and long-lasting patterns in arriving at network traffic data. By using this method, the system can successfully lower the number of false warnings and improve the accuracy of the IDS that was created. Big Data Analysis (BDA) could make the AI methods discussed in this study more useful. These methods are currently slow because they are very complicated. Using these techniques makes running the complicated model go more quickly. The researchers used the tool on the Spark platform for in-depth studies. The NSL-KDD database was used to train for the tests. The results show that the algorithm is better than other IDS systems regarding how often it finds problems, how usually it sets off fake alarms, how accurate it is, how efficiently it works, and how long it takes to train.