Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

Kuljeet Singh,Amit Mahajan,Vibhakar Mansotra

DOI: https://doi.org/10.1504/ijsnet.2023.135851

2024-01-10

International Journal of Sensor Networks

Abstract:Due to the continued and unabated increase in the number of cyber-attacks, the need for improved network security architecture is more apparent. The deep learning approach plays a pivotal role by classifying network traffic and identifying malicious records. However, this approach is often met with twin challenges of the high dimensionality of data and imbalanced ratio of attack labels within the data. To mitigate these issues and achieve a better detection rate, this research has proposed a new intrusion detection framework based on three main components; feature selection, oversampling, and hybrid CNN-LSTM classifier. This study deployed information gain, chi-square, basic methods, L1 regularisation, and random forest classifier as five feature selection methods and SMOTE for handling class imbalance. The experimental results, conducted using the CICIDS2017 dataset, have shown that the proposed model has demonstrated better performance in the detection of network attacks with more than 99% detection rate. Results established that number of features can be significantly reduced without altering the accuracy and oversampling has helped in improving the detection rate of minority attack labels.

computer science, information systems,telecommunications

Kanna, P. Rajesh,Santhi, P.

DOI: https://doi.org/10.1007/s11277-024-11607-0

IF: 2.017

2024-10-08

Wireless Personal Communications

Abstract:Recent advancements in information and communication technologies have led to a proliferation of online systems and services. To ensure these systems' trustworthiness and prevent cybersecurity threats, Intrusion Detection Systems (IDS) are essential. Therefore, developing advanced and intelligent IDS models has become crucial. However, most existing IDS models rely on traditional machine learning algorithms with shallow learning behaviours, resulting in less efficient feature selection and classification performance for new attacks. Another issue is that these approaches are either network-based or host-based, often leading to the detection module missing many known attacks. Additionally, they struggle to handle the massive amounts of network traffic data flexible and scalable due to high model complexity. To address these challenges, an efficient hybrid IDS model is introduced, utilizing a MapReduce-based Black Widow Optimized Convolutional-Long Short-Term Memory (BWO-CONV-LSTM) network. The first stage of this IDS model involves feature selection using the Artificial Bee Colony (ABC) algorithm. The second stage employs a hybrid deep learning classifier model of BWO-CONV-LSTM on a MapReduce framework for intrusion detection from system traffic data. The proposed BWO-CONV-LSTM network combines Convolutional and LSTM neural networks, with hyper-parameters optimized by BWO to achieve the ideal architecture. The BWO-CONV-LSTM-based IDS model performance evaluations were conducted on the NSL-KDD, ISCX-IDS, UNSWNB15, and CSE-CIC-IDS2018 datasets. The results show that the proposed model achieves high intrusion detection performance, with accuracy rates of 98.67%, 97.003%, 98.667%, and 98.25% for the NSL-KDD, ISCX-IDS, UNSWNB15, and CSE-CIC-IDS2018 datasets, respectively. It also demonstrates fewer false values, reduced computation time, and improved classification coefficients.

telecommunications

Jakrarin Therdphapiyanak,Krerk Piromsopa

DOI: https://doi.org/10.1145/2448556.2448559

2013-01-01

Abstract:In this paper, we apply Hadoop for large-scale log analysis. Our main objective is to efficiently detect an abnormal traffic from high volume data. Due to the high volume of data traffics, the size of traffic logs is usually exceed the capacity of a standalone IDS. Thus, it is practically impossible to perform useful analysis with these data. In most cases, an analysis is usually done when an attack occurred for digital forensics. We proposed applying K-Means algorithm to cluster high volume log data. The resulted clusters are useful in classifying minority as possible intruders. In addition, we proposed IP address summarization method to capture the characteristic of each cluster. Our implementation allows high volume data traffics to be analyzed with a distributed analysis system using K-Means algorithm and data mining. The eventual result is to reduce a chance of being attacked. The prominent points of our implementation are anomaly detection with large file sizes and the distributed processing. However, this paper is just a preliminary study. There exist several opportunities for optimization. Nonetheless, our implementation can point out anomaly. The K-Means Algorithm can provide a new knowledge useful for enhancing security of the system.

Khloud Al Jallad,Mohamad Aljnidi,Mohammad Said Desouki

DOI: https://doi.org/10.48550/arXiv.2209.13961

2022-09-28

Cryptography and Security

Abstract:With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

S. Nagarajan,S. Kayalvizhi,R. Subhashini,V. Anitha

DOI: https://doi.org/10.1016/j.cie.2023.109166

2023-04-23

Abstract:The security analysis has become the hotspot concern in Industrial Control Systems (ICSs) that grabs the research attention in today's era. Owing to the rapid admittance of the Industrial Internet of Things (IIoT), the superimposition of fog and cloud computing plays a pivotal role for rectifying such issues as fewer computation resources and more latency in the network. In addition to this, security issue comes first while developing the ICS in the sector of IIoT. In general, ICS is applied for various processes, such as electric utilization and water supply management, that are related to every individual's life. Though it is interlinked with the Internet, it can easily expose to different threats. To defend the model, Intrusion Detection Systems (IDS) are employed. In signature-based detection, anomaly detection is used to find out the unknown attacks in the network. Yet, the ICS is structured with many software and hardware tools. It also seems in the openness nature of the industrial environment that, it becomes vulnerable to various attacks. Hence, detecting unknown attacks is a complex task in the openness nature of the industrial environment. It causes failure to protect such systems from malicious entities that could result in more complications for humans. Hence, the detection of malicious activities is essential. In order to provide an efficient model, a new hybrid deep learning is proposed in ICS. Initially, the original data is to be collected based on the ICS industry. Secondly, the gathered data is preprocessed to clean the artifacts and clean the data. Thirdly, the optimal features are chosen directly from the gathered data with the help of a hybrid algorithm called the Hybrid Honey Badger-World Cup Algorithm (HHB-WCA). The chosen optimal features are fed to the hybrid deep learning termed as Autoencoder-Bi-directional Long Short-Term Memory (A-Bi-LSTM), where the encoded features from Autoencoder are extracted and encoded features are subjected to the Bi-LSTM classifier. Finally, the simulation outcome has shown that the developed method is compared with the other traditional algorithms to detect the unknown classes in the network.

computer science, interdisciplinary applications,engineering, industrial

Mathiyalagan Ramasamy,Pamela Vinitha Eric

DOI: https://doi.org/10.11591/eei.v11i5.4145

2022-10-01

Bulletin of Electrical Engineering and Informatics

Abstract:At present data transmission widely uses wireless network framework for transmitting large volume of data. It generates numerous security problems and privacy issues which laid a way for developing IDS. IDS act as preventive technique in securing computer networks. Previously there are numerous metaheuristic and deep learning algorithms used in IDS for detecting threats. Some are affected by dynamic growth of feature spaces and others are degraded in performance during detection of threats. One fine-grained model for intrusion detection can be developed by selecting accurate features and testing them with the intelligent algorithms. Based on these explorations, in this research IDS is implemented with intelligence from preprocessing to feature classification. At first stage, data preprocessing is done using binning concept to reduce noise. Secondly feature selection is done dynamically using dynamic tree growth algorithm with fire fly optimization techniques. Finally, these features are processed using DTB-FFNN for detecting anomalies perfectly. This DTB-FFNN is evaluated with popular KDD dataset. Our proposed model cable news network (CNN)-classification is compared with existing intelligent techniques: feed forward deep neural network, support vectors machines, decision tree, and CNN-clustering is compared with k-means, density-based spatial clustering of applications with noise (DBSCAN). The experimental outcome proves that dynamic tree based FFNN and CNN-clustering produce higher accuracy than the existing models.

T N Varunram,M B Shivaprasad,K H Aishwarya,Anush Balraj,S V Savish,S Ullas

DOI: https://doi.org/10.1109/iccca52192.2021.9666265

2021-12-17

Abstract:Intrusion Detection Systems are of paramount importance in the present-day network security environment. By analyzing and predicting the behavior of incoming data, IDS helps in classifying it as either a benign or dangerous activity. In this paper, implementation of multiple Intrusion Detection Systems is done using different machine learning algorithms like KNN, AdaBoost, SVM, Logistic Regression, Random Forest, Artificial Neural Networks and Naive Bayes. The class imbalance in the dataset, caused by innate mannerisms of network analysis, is corrected using Synthetic Minority Oversampling Technique (SMOTE). The dataset is then reduced using three different Dimensionality Reduction Techniques namely PCA, t-SNE, and UMAP. The three datasets produced by these techniques are then used to build the Intrusion Detection System, using the machine learning algorithms. The models will implement binary classification to classify the incoming attacks between benign activity and DDoS Attacks.

Johan Note,Maaruf Ali

DOI: https://doi.org/10.33166/aetic.2022.03.003

2022-07-01

Annals of Emerging Technologies in Computing

Abstract:Attacks against computer networks, “cyber-attacks”, are now common place affecting almost every Internet connected device on a daily basis. Organisations are now using machine learning and deep learning to thwart these types of attacks for their effectiveness without the need for human intervention. Machine learning offers the biggest advantage in their ability to detect, curtail, prevent, recover and even deal with untrained types of attacks without being explicitly programmed. This research will show the many different types of algorithms that are employed to fight against the different types of cyber-attacks, which are also explained. The classification algorithms, their implementation, accuracy and testing time are presented. The algorithms employed for this experiment were the Gaussian Naïve-Bayes algorithm, Logistic Regression Algorithm, SVM (Support Vector Machine) Algorithm, Stochastic Gradient Descent Algorithm, Decision Tree Algorithm, Random Forest Algorithm, Gradient Boosting Algorithm, K-Nearest Neighbour Algorithm, ANN (Artificial Neural Network) (here we also employed the Multilevel Perceptron Algorithm), Convolutional Neural Network (CNN) Algorithm and the Recurrent Neural Network (RNN) Algorithm. The study concluded that amongst the various machine learning algorithms, the Logistic Regression and Decision tree classifiers all took a very short time to be implemented giving an accuracy of over 90% for malware detection inside various test datasets. The Gaussian Naïve-Bayes classifier, though fast to implement, only gave an accuracy between 51-88%. The Multilevel Perceptron, non-linear SVM and Gradient Boosting algorithms all took a very long time to be implemented. The algorithm that performed with the greatest accuracy was the Random Forest Classification algorithm.

DOI: https://doi.org/10.1007/s12083-024-01727-6

IF: 3.488

2024-06-09

Peer-to-Peer Networking and Applications

Abstract:Due to the increase in network attacks, maintaining network security is significantly difficult, to overcome security vulnerabilities Intrusion Detection System (IDS) is utilized. IDS is a software application that monitors the network traffic and detects the malicious activity in the network. Network Intrusion Detection System (NIDS) identifies the suspicious behaviour of nodes in the network by analysing the network traffic. Most of the existing IDS suffer from achieving better feature selection with high classification accuracy with reduced false alarm rate. In the proposed system, the Principal Component Analysis (PCA) technique is utilized to reduce the dimensionality of the dataset. Improved Harris Hawks Optimizer (IHHO) is employed for effective feature selection which provides powerful global search capability. For classification, two-staged classifier is proposed which employs Support Vector Machine (SVM) for stage-1 and K-Nearest Neighbors (KNN) for stage-2. The main goal of the proposed system is to combine the advantages of SVM and KNN to enhance classification accuracy with a reduced false alarm rate. The performance of the proposed system is evaluated by using the NSL- KDD dataset and it has achieved an overall classification accuracy of 95.01%, a False alarm rate of 0.01%, and an overall detection rate of 92.01%.

computer science, information systems,telecommunications

R. S.,Kshirasagar Naik,Omar Elghalhoud,Marzia Zaman

DOI: https://doi.org/10.1109/WCNC55385.2023.10118702

2023-03-01

Abstract:Cyber-security experts often require the help of an automated process that filters and classifies network attacks. To apply specific preventive measures for securing networks, the classification of the attack type is the key. Many Machine Learning (ML) models have been proposed as a base for Network Intrusion Detection (NID) systems. However, their performance varies based on multiple factors. For instance, an ML model fitted on a highly imbalanced dataset can be biased toward over-represented attack types. On the other hand, paying attention only to the ML model’s performance in the minority classes can negatively affect its performance in the majority classes. This paper proposes an NID system that addresses the issue of imbalanced datasets and uses Convolutional Neural Networks (CNN) to classify the different attack types. We compare the performance of our proposed system to other systems that use: Random Over-Sampling (ROS), Synthetic Minority Oversampling TEchnique (SMOTE), Adaptive Synthetic Sampling (ADASYN), and Generative Adversarial Networks (GAN). Using the NSL-KDD and the BoT-IoT datasets for benchmarking, we show that our proposed system performs well in the minority classes: recall scores of 70.50% and 72.08% on the User to Root (U2R) and Remote to Local (R2L) attack classes of the NSL-KDD dataset, respectively, while maintaining an overall False Alarm Rate (FAR) of 6.50% and a recall of 90.46% on the binary classification task. Our proposed system scores a weighted average F1-Score of 99.45% on the multi-class classification task using the BoT-IoT dataset.

Engineering,Computer Science

Preeti Mishra,Vijay Varadharajan,Uday Tupakula,Emmanuel S. Pilli

DOI: https://doi.org/10.1109/comst.2018.2847722

2019-01-01

Abstract:Intrusion detection is one of the important security problems in todays cyber world. A significant number of techniques have been developed which are based on machine learning approaches. However, they are not very successful in identifying all types of intrusions. In this paper, a detailed investigation and analysis of various machine learning techniques have been carried out for finding the cause of problems associated with various machine learning techniques in detecting intrusive activities. Attack classification and mapping of the attack features is provided corresponding to each attack. Issues which are related to detecting low-frequency attacks using network attack dataset are also discussed and viable methods are suggested for improvement. Machine learning techniques have been analyzed and compared in terms of their detection capability for detecting the various category of attacks. Limitations associated with each category of them are also discussed. Various data mining tools for machine learning have also been included in the paper. At the end, future directions are provided for attack detection using machine learning techniques.

computer science, information systems,telecommunications

Mohammed Saeed Alzahrani,Fawaz Waselallah Alsaade

DOI: https://doi.org/10.1155/2022/4705325

2022-03-18

Abstract:The Internet plays a fundamental part in relentless correspondence, so its applicability can decrease the impact of intrusions. Intrusions are defined as movements that unfavorably influence the focus of a computer. Intrusions may sacrifice the reputability, integrity, privacy, and accessibility of the assets attacked. A computer security system will be traded off when an intrusion happens. The novelty of the proposed intelligent cybersecurity system is its ability to protect Internet of Things (IoT) devices and any networks from incoming attacks. In this research, various machine learning and deep learning algorithms, namely, the quantum support vector machine (QSVM), k-nearest neighbor (KNN), linear discriminant and quadratic discriminant long short-term memory (LSTM), and autoencoder algorithms, were applied to detect attacks from signature databases. The correlation method was used to select important network features by finding the features with a high-percentage relationship between the dataset features and classes. As a result, nine features were selected. A one-hot encoding method was applied to convert the categorical features into numerical features. The validation of the system was verified by employing the benchmark KDD Cup database. Statistical analysis methods were applied to evaluate the results of the proposed study. Binary and multiple classifications were conducted to classify the normal and attack packets. Experimental results demonstrated that KNN and LSTM algorithms achieved better classification performance for developing intrusion detection systems; the accuracy of KNN and LSTM algorithms for binary classification was 98.55% and 97.28%, whereas the KNN and LSTM attained a high accuracy for multiple classification (98.28% and 970.7%). Finally, the KNN and LSTM algorithms are fitting-based intrusion detection systems.

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Satyanarayana Gunupusala,Shahu Chatrapathi Kaila

DOI: https://doi.org/10.37256/cm.5220243723

2024-06-19

Contemporary Mathematics

Abstract:Computer networks rely on Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) to ensure the security, reliability, and availability of an organization. In recent years, various approaches were developed and implemented to create effective IDSs and IPSs. This paper specifically focuses on IDSs that utilize Machine Learning (ML) techniques for improved accuracy. ML-based IDSs have verified to be successful in discovering network attacks. However, their performance tends to decline when dealing with high-dimensional data spaces. It is essential to develop a suitable feature extraction strategy that could identify and remove irrelevant features that do not significantly classification process to address this issue. Additionally, many ML-based IDSs exhibit high false positive rates and poor detection accuracy when trained on unbalanced datasets. In this study, we analyze the UNSW-NB15 IDS, which will serve as the training and testing data for our models. In order to reduce the feature space and improve the efficiency of our analysis, we leverage a filter-based feature reduction method utilizing the Pearson correlation coefficient algorithm. By identifying and selecting only the most relevant features, we are able to streamline our dataset and focus on the variables that have the highest impact on our analysis. This approach not only reduces computational complexity but also improves the interpretability of our results by eliminating unnecessary noise from the data. After applying the feature reduction technique, we proceed to implement a range of machine learning methods to perform our classification task. These include well-known algorithms such as Stacking, Extra Trees, Multi-Layer Perceptron, XGBoost, K-Nearest Neighbors, Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and Decision Tree. By employing a diverse set of algorithms, we are able to explore different modeling approaches and evaluate their effectiveness in accurately classifying the various types of assaults. In order to assess the performance of our classification models, we utilize a range of specialized evaluation metrics such as Root Mean Square Error (RMSE), Mean Absolute Error (MAE), R2-Score, Mean Squared Error (MSE), Precision, F1-Score, Recall, and Accuracy. These metrics provide us with a comprehensive understanding of how well our models are performing across different dimensions, including the accuracy of predictions, the level of precision in classifying different assault types, and the overall goodness-of-fit of our models. By considering multiple evaluation metrics, we are able to gain a more nuanced understanding of the strengths and weaknesses of each algorithm and make informed decisions about their suitability for our classification task. These metrics deliver a complete evaluation of the classifiers’ effectiveness in detecting community intrusions.

Bhoopesh Singh Bhati,C. S. Rai

DOI: https://doi.org/10.1007/s13369-019-03970-z

IF: 2.807

2019-07-02

Arabian Journal for Science and Engineering

Abstract:From the last few decades, people do various transaction activities like air ticket reservation, online banking, distance learning, group discussion and so on using the internet. Due to explosive growth of information exchange and electronic commerce in the recent decade, there is a need to implement some security mechanisms in order to protect sensitive information. Detection of any intrusive behavior is one of the most important activity for protecting our data and assets. Various intrusion detection systems are incorporated in the network for detecting intrusive behavior. In this paper, an analytical study of support vector machine (SVM)-based intrusion detection techniques is presented. Here, the methodology involves four major steps, namely, data collection, preprocessing, SVM technique for training and testing and decision. The simulated results have been analyzed based on overall detection accuracy, Receiver Operating Characteristic and (ROC) Confusion Matrix. NSL-KDD dataset is used to analyze the performance of SVM techniques. NSL-KDD dataset is a benchmark for intrusion detection technique and contains huge amount of network records. The analyzed results show that Linear SVM, Quadratic SVM, Fine Gaussian SVM and Medium Gaussian SVM give 96.1%, 98.6%, 98.7% and 98.5% overall detection accuracy, respectively.

multidisciplinary sciences

Indra Kumari,Minho Lee

DOI: https://doi.org/10.1016/j.heliyon.2023.e21377

IF: 3.776

2023-10-30

Heliyon

Abstract:Advanced Persistent Threat (APT) attacks pose significant challenges for AI models in detecting and mitigating sophisticated and highly effective cyber threats. This research introduces a novel concept called Hybrid HHOSSA which is the grouping of Harris Hawk Optimization (HHO) and Sparrow Search Algorithm (SSA) characteristics for optimizing the feature selection and data balancing in the context of APT detection. In addition, the light GBM as well as the weighted average Bi-LSTM are optimized by the proposed hybrid HHOSSA optimization. The HHOSSA-based attribute selection is used to choose the most important attributes from the provided dataset in the early step of the quasi-identifier detection. The HHOSSA-SMOTE algorithm effectively balances the unbalanced data, such as the lateral movements and the data exfiltration in the DAPT 2020 database, which further improves the classifier performance. The light GBM and the Bi-LSTM classifier hyperparameters are well attuned and classified by the HHOSSA optimization for the precise classification of the attacks. The outcome of both the optimized light GBM and the Bi-LSTM classifier generates the final prediction of the attacks existing in the network. According to the research findings, the HHOSSA-hybrid classifier achieves high accuracy in detecting attacks, with an accuracy rate of 94.468 %, a sensitivity of 94.650 %, and a specificity of 95.230 % with a K-fold value of 10. Also, the HHOSSA-hybrid classifier achieves the highest AUC percentage of 97.032, highlighting its exceptional performance in detecting APT attacks.

S. Kanumalli,L. K,Rajeswari A,Tejaswi M,Samyuktha P

DOI: https://doi.org/10.1109/ICAIS56108.2023.10073719

2023-02-02

Abstract:As cloud technologies are used more frequently, network intrusion detection systems are becoming increasingly well-liked. Due to ever-increasing network traffic and the regular emergence of new types of assaults, Network Intrusion Detection (NIDS) came into existence as a key aspect of network security and must be extremely effective. These kind of IDS systems employ either an anomaly detection system based on machine learning or a system for matching patterns. The False Positive Rate for pattern matching approaches is high, but AI/ML-based systems determine the possibility of an attack by identifying a metric or characteristic or a connection between a number of metrics or characteristics. The most popular models include KNN, SVM, and others, they only work on a small range of traits, are not very accurate, and have a high False Positive Rate. This study created a deep learning system to learn the temporal and spatial data properties using the advantages of CNN and Bidirectional LSTM. The system present in this paper is trained and analyzed using the openly available dataset NSL-KDD. The proposed model has a high rate of detection and a low incidence of false positives. A lot of cutting-edge Network Intrusion Detection systems that use Machine Learning/Deep Learning models perform better than the suggested model.

Engineering,Computer Science

Shalaka Mahadik,Pranav M. Pawar,Raja Muthalagu

DOI: https://doi.org/10.1007/s10922-022-09697-x

2022-10-07

Journal of Network and Systems Management

Abstract:Moving towards a more digital and intelligent world equipped with internet-of-thing (IoT) devices creates many security issues. A distributed denial of service (DDoS) attack is one of the most formidable and challenging security threats that has taken hold with the emergence of the heterogeneous IoT (HetIoT). The massive DDoS attacks have exhibited their impact by continuously destroying a variety of infrastructures, resulting in huge losses, and endangering the overall availability of the digital world. The emphasis of this research is to identify and mitigate various DDoS attacks for HetIoT. The research proposes an intelligent intrusion detection system (IDS) using a convolutional neural network (CNN), i.e., HetIoT-CNN IDS, a novel deep learning-based convolutional neural network for the HetIoT environment. The proposed intelligent IDS successfully identifies and mitigates various DDoS attacks in the HetIoT infrastructure. The feasibility of the new proposed HetIoT-CNN IDS is assessed by considering binary and multi-class (8- and 13-classes) classification. The performance of the proposed intelligent IDS is compared with two state-of-the-art deep learning approaches for HetIoT, and the results reveal that the proposed HetIoT-CNN IDS outperforms it. The proposed HetIoT-CNN IDS successfully identifies various DDoS attacks with an accuracy rate of 99.75% for binary classes, 99.95% for 8-classes, and 99.99% for 13-classes. The work also compares the individual accuracy of binary classes, 8-classes, and 13-classes with state-of-the-art work.

computer science, information systems,telecommunications