FatimaEzzahra Laghrissi,Samira Douzi,Khadija Douzi,Badr Hssina

DOI: https://doi.org/10.1186/s40537-021-00448-4

2021-05-07

Journal Of Big Data

Abstract:Abstract An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. It scans a network or a system for a harmful activity or security breaching. IDS protects networks (Network-based intrusion detection system NIDS) or hosts (Host-based intrusion detection system HIDS), and work by either looking for signatures of known attacks or deviations from normal activity. Deep learning algorithms proved their effectiveness in intrusion detection compared to other machine learning methods. In this paper, we implemented deep learning solutions for detecting attacks based on Long Short-Term Memory (LSTM). PCA (principal component analysis) and Mutual information (MI) are used as dimensionality reduction and feature selection techniques. Our approach was tested on a benchmark data set, KDD99, and the experimental outcomes show that models based on PCA achieve the best accuracy for training and testing, in both binary and multiclass classification.

Kanna, P. Rajesh,Santhi, P.

DOI: https://doi.org/10.1007/s11277-024-11607-0

IF: 2.017

2024-10-08

Wireless Personal Communications

Abstract:Recent advancements in information and communication technologies have led to a proliferation of online systems and services. To ensure these systems' trustworthiness and prevent cybersecurity threats, Intrusion Detection Systems (IDS) are essential. Therefore, developing advanced and intelligent IDS models has become crucial. However, most existing IDS models rely on traditional machine learning algorithms with shallow learning behaviours, resulting in less efficient feature selection and classification performance for new attacks. Another issue is that these approaches are either network-based or host-based, often leading to the detection module missing many known attacks. Additionally, they struggle to handle the massive amounts of network traffic data flexible and scalable due to high model complexity. To address these challenges, an efficient hybrid IDS model is introduced, utilizing a MapReduce-based Black Widow Optimized Convolutional-Long Short-Term Memory (BWO-CONV-LSTM) network. The first stage of this IDS model involves feature selection using the Artificial Bee Colony (ABC) algorithm. The second stage employs a hybrid deep learning classifier model of BWO-CONV-LSTM on a MapReduce framework for intrusion detection from system traffic data. The proposed BWO-CONV-LSTM network combines Convolutional and LSTM neural networks, with hyper-parameters optimized by BWO to achieve the ideal architecture. The BWO-CONV-LSTM-based IDS model performance evaluations were conducted on the NSL-KDD, ISCX-IDS, UNSWNB15, and CSE-CIC-IDS2018 datasets. The results show that the proposed model achieves high intrusion detection performance, with accuracy rates of 98.67%, 97.003%, 98.667%, and 98.25% for the NSL-KDD, ISCX-IDS, UNSWNB15, and CSE-CIC-IDS2018 datasets, respectively. It also demonstrates fewer false values, reduced computation time, and improved classification coefficients.

telecommunications

N. Faruk,Stephen Ojo,J. B. Awotunde,R. Jimoh,Jesufemi Ayotomide Bamigbaye,M. B. Akanbi,A. Imoize

DOI: https://doi.org/10.1109/ITED56637.2022.10051526

2022-11-01

Abstract:A diversity of harmful software has been created as a result of the dramatic increase in internet usage, posing major risks to computer security. There is a great probability that the numerous computing operations performed through the network will be interfered with or altered, and as a result, effective intrusion detection systems are imperative. In addition, the attacks on the network are unpredictable, something that emphasizes the value of creating effective classification and prediction models. Machine learning (ML) and Deep Learning techniques have been used to evaluate datasets for intrusion detection systems (IDS). The employment of the DL-based approach enabled by feature selection helps to address challenges with data quality, handling high-dimensional data, and other related issues. Therefore, due to the large nature and volume of the IDS datasets, and the ability of DL-based models to learn categories incrementally through their hidden layer architecture to produce more accurate results in big data, this study proposes a Long-Short-Term-Memory (LSTM) model, and to further enhance the classification capacity of the projected DL method, the cuckoo search algorithm was introduced to select optimal features from the wireframe. The accuracy and subsequent detection of the suggested model positive and negative rates were evaluated. The experimental results show that the LSTM outperformed some other existing models with the highest classification accuracy of 99.7% and an error rate of 0.006.

Engineering,Computer Science

S. Kanumalli,L. K,Rajeswari A,Tejaswi M,Samyuktha P

DOI: https://doi.org/10.1109/ICAIS56108.2023.10073719

2023-02-02

Abstract:As cloud technologies are used more frequently, network intrusion detection systems are becoming increasingly well-liked. Due to ever-increasing network traffic and the regular emergence of new types of assaults, Network Intrusion Detection (NIDS) came into existence as a key aspect of network security and must be extremely effective. These kind of IDS systems employ either an anomaly detection system based on machine learning or a system for matching patterns. The False Positive Rate for pattern matching approaches is high, but AI/ML-based systems determine the possibility of an attack by identifying a metric or characteristic or a connection between a number of metrics or characteristics. The most popular models include KNN, SVM, and others, they only work on a small range of traits, are not very accurate, and have a high False Positive Rate. This study created a deep learning system to learn the temporal and spatial data properties using the advantages of CNN and Bidirectional LSTM. The system present in this paper is trained and analyzed using the openly available dataset NSL-KDD. The proposed model has a high rate of detection and a low incidence of false positives. A lot of cutting-edge Network Intrusion Detection systems that use Machine Learning/Deep Learning models perform better than the suggested model.

Engineering,Computer Science

Pramita Sree Muhuri,Prosenjit Chatterjee,Xiaohong Yuan,Kaushik Roy,Albert Esterline

DOI: https://doi.org/10.3390/info11050243

2020-05-01

Information

Abstract:An intrusion detection system (IDS) identifies whether the network traffic behavior is normal or abnormal or identifies the attack types. Recently, deep learning has emerged as a successful approach in IDSs, having a high accuracy rate with its distinctive learning mechanism. In this research, we developed a new method for intrusion detection to classify the NSL-KDD dataset by combining a genetic algorithm (GA) for optimal feature selection and long short-term memory (LSTM) with a recurrent neural network (RNN). We found that using LSTM-RNN classifiers with the optimal feature set improves intrusion detection. The performance of the IDS was analyzed by calculating the accuracy, recall, precision, f-score, and confusion matrix. The NSL-KDD dataset was used to analyze the performances of the classifiers. An LSTM-RNN was used to classify the NSL-KDD datasets into binary (normal and abnormal) and multi-class (Normal, DoS, Probing, U2R, and R2L) sets. The results indicate that applying the GA increases the classification accuracy of LSTM-RNN in both binary and multi-class classification. The results of the LSTM-RNN classifier were also compared with the results using a support vector machine (SVM) and random forest (RF). For multi-class classification, the classification accuracy of LSTM-RNN with the GA model is much higher than SVM and RF. For binary classification, the classification accuracy of LSTM-RNN is similar to that of RF and higher than that of SVM.

Jay Sinha,M. Manollas

DOI: https://doi.org/10.1145/3430199.3430224

2020-06-26

Abstract:The need for Network Intrusion Detection systems has risen since usage of cloud technologies has become mainstream. With the ever growing network traffic, Network Intrusion Detection is a critical part of network security and a very efficient NIDS is a must, given new variety of attack arises frequently. These Intrusion Detection systems are built on either a pattern matching system or AI/ML based anomaly detection system. Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack. The most common of these is KNN, SVM etc., operate on a limited set of features and have less accuracy and still suffer from higher False Positive Rates. In this paper, we propose a deep learning model combining the distinct strengths of a Convolutional Neural Network and a Bi-directional LSTM to incorporate learning of spatial and temporal features of the data. For this paper, we use publicly available datasets NSL-KDD and UNSW-NB15 to train and test the model. The proposed model offers a high detection rate and comparatively lower False Positive Rate. The proposed model performs better than many state-of-the-art Network Intrusion Detection systems leveraging Machine Learning/Deep Learning models.

Vanlalruata Hnamte,Hong Nhung-Nguyen,Jamal Hussain,Yong Hwa-Kim

DOI: https://doi.org/10.1109/access.2023.3266979

IF: 3.9

2023-01-01

IEEE Access

Abstract:Machine learning and deep learning techniques are widely used to evaluate intrusion detection systems (IDS) capable of rapidly and automatically recognizing and classifying cyber-attacks on networks and hosts. However, when destructive attacks are becoming more extensive, more challenges develop, needing a comprehensive response. Numerous intrusion detection datasets are publicly accessible for further analysis by the cybersecurity research community. However, no previous research has examined the performance of the proposed model on a variety of publicly accessible datasets in detail. Due to the dynamic nature of the attack and its rapidly changing attack techniques, the publicly accessible intrusion datasets must be updated and benchmarked regularly. The deep neural network (DNN) and convolutional neural network (CNN) are examined in this article as types of deep learning models for developing a flexible and effective IDS capable of detecting and comparing them with the proposed model in detecting cyber-attacks. The constant development of network behavior and the fast growth of attacks need the development of IDS and the evaluation of many datasets produced over time through static and dynamic methods. This kind of research enables the identification of the most efficient algorithm for identifying future cyber-attacks. We proposed a novel two-stage deep learning technique hybridizing Long-Short Term Memory (LSTM) and Auto-Encoders (AE) for detecting attacks. The CICIDS2017 and CSE-CICDIS2018 datasets are used to determine the optimum network parameters for the proposed LSTM-AE. The experimental results show that the proposed hybrid model works well and is applicable for detecting attacks in modern scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Geetha T V,Deepa A J,Mary Linda M

DOI: https://doi.org/10.1007/s10489-024-05505-y

IF: 5.3

2024-05-25

Applied Intelligence

Abstract:The Intrusion Detection System (IDS) distinguishes the harmful entries from the normal ones in network traffic data and aids in network security. Due to the emergence of new and unknown network-connected devices, a lot of modern systems were penetrated. As a result, it is critical to improve information security and to detect new cyber-attacks exploiting various application protocols such as Hyper Text Transfer Protocol (HTTP) and Domain Name System (DNS). Therefore, this paper introduced an Optimized Bidirectional Convolutional Neural Network and Long-Short term Memory (OBCLSTM) method to detect whether the protocol HTTP and DNS is attacked or not. Initially, the records are fed to data normalization and data encoding. After pre-processing, the vectors are fed to the OBCLSTM model. The Bidirectional Channel Pooling (BiCP) layer is used to learn behavior-based features (which show interactions among hosts based on ports, destinations and behavior) and flow-based features (which identify basic flows, such as IP addresses of source-destination and ports), which improves the accuracy of detecting malicious attacks. In the OBCLSTM model, the best hyper parameter configuration for Convolutional Neural Network (CNN) to learn features is tuned using Enhanced Red Fox Optimization (ERFO). Then, bidirectional long short-term memory (BiLSTM) is used to extract features in the time domain and has the ability to preserve the long-term of the information from historical context, allowing attackers to be detected early before causing widespread damage to networks. Finally, the fully connected layer utilizes these features to classify the network data as attacks (types of attacks) or normal. Tests are conducted on the NSL - KDD99, TUIDS, UNSW-NB15 and BoT-IoT datasets. The proposed OBCLSTM method attains better performance in terms of precision, accuracy, recall, and F-measure.

computer science, artificial intelligence

Muhammad Bisri Musthafa,Samsul Huda,Yuta Kodera,Md Arshad Ali,Shunsuke Araki,Jedidah Mwaura,Yasuyuki Nogami

DOI: https://doi.org/10.3390/s24134293

2024-07-01

Abstract:Internet of Things (IoT) devices are leading to advancements in innovation, efficiency, and sustainability across various industries. However, as the number of connected IoT devices increases, the risk of intrusion becomes a major concern in IoT security. To prevent intrusions, it is crucial to implement intrusion detection systems (IDSs) that can detect and prevent such attacks. IDSs are a critical component of cybersecurity infrastructure. They are designed to detect and respond to malicious activities within a network or system. Traditional IDS methods rely on predefined signatures or rules to identify known threats, but these techniques may struggle to detect novel or sophisticated attacks. The implementation of IDSs with machine learning (ML) and deep learning (DL) techniques has been proposed to improve IDSs' ability to detect attacks. This will enhance overall cybersecurity posture and resilience. However, ML and DL techniques face several issues that may impact the models' performance and effectiveness, such as overfitting and the effects of unimportant features on finding meaningful patterns. To ensure better performance and reliability of machine learning models in IDSs when dealing with new and unseen threats, the models need to be optimized. This can be done by addressing overfitting and implementing feature selection. In this paper, we propose a scheme to optimize IoT intrusion detection by using class balancing and feature selection for preprocessing. We evaluated the experiment on the UNSW-NB15 dataset and the NSL-KD dataset by implementing two different ensemble models: one using a support vector machine (SVM) with bagging and another using long short-term memory (LSTM) with stacking. The results of the performance and the confusion matrix show that the LSTM stacking with analysis of variance (ANOVA) feature selection model is a superior model for classifying network attacks. It has remarkable accuracies of 96.92% and 99.77% and overfitting values of 0.33% and 0.04% on the two datasets, respectively. The model's ROC is also shaped with a sharp bend, with AUC values of 0.9665 and 0.9971 for the UNSW-NB15 dataset and the NSL-KD dataset, respectively.

Chia-Ming Hsu,Muhammad Zulfan Azhari,He-Yen Hsieh,Setya Widyawan Prakosa,Jenq-Shiou Leu

DOI: https://doi.org/10.1007/s11036-020-01623-2

2020-07-21

Mobile Networks and Applications

Abstract:The intrusion detection system (IDS) is a crucial part in the network administration system to detect some types of cyber attack. IDS is categorized as a classifying machine thus it is likely to engage with the machine learning schemes. Many studies have demonstrated how to apply machine learning schemes to IDS even though they cannot provide optimum results. To tackle this issue, deep learning schemes can be considered as the solution due to its achievement in several fields. Therefore, in this study, we propose a deep learning model which is constructed based on convolutional neural network (CNN) layers and using Long-Short Term Memory (LSTM) layers called CNN-LSTM to classify every single traffic network. We use NSL-KDD dataset as the benchmark thus we can compare the performance of our proposed method with other existing works. This dataset includes two testing sets which are the first one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>⁺ while the second one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>^− 21 which is more difficult to be classified. The results show that our proposed method outperforms other existing works.

computer science, information systems,telecommunications, hardware & architecture

B. Padmavathi,A. Bhagyalakshmi,D. Kavitha,P. Indumathy

DOI: https://doi.org/10.1007/s00500-023-09483-0

IF: 3.732

2023-12-19

Soft Computing

Abstract:Due to the increased quantity and variety of cyber-attacks against networks, the conventional firewalls and encrypting data technologies are no longer sufficient to meet the network security requirements. As a consequence of this, the idea of using intrusion detection systems to combat network threats has been advocated. Machine learning aids common intrusion detection methods which show poor detection rates and requires wider feature engineering. This research offers the random synthetic over-sampling (RSO) Linguistic algorithm for detecting network intrusion and to identify communication anomalies. Deep learning method for network security is combined with an attention mechanism and bidirectional long short-term memory (Bi-LSTM) network. Frequent pattern stream characteristics were retrieved using CNN network and weights in each channel are changed. Hyperparameter tuning techniques like improvised elephant herding optimization algorithm is employed to increase the Bi-LSTM's efficiency. The training process, the number of hidden layers and epochs are chosen optimally using these strategies. The RSOA-IEHO-BiLSTM model's effectiveness testing showed that it outperformed the competing techniques. With NSLKDD dataset model, an accuracy of 98.36% and an F-measure of 99.05% were achieved both of which point to an increase in the accuracy of malicious node detection.

computer science, artificial intelligence, interdisciplinary applications

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Sudhanshu Sekhar Tripathy,Bichitrananda Behera

2023-10-01

Abstract:The escalation of hazards to safety and hijacking of digital networks are among the strongest perilous difficulties that must be addressed in the present day. Numerous safety procedures were set up to track and recognize any illicit activity on the network's infrastructure. IDS are the best way to resist and recognize intrusions on internet connections and digital technologies. To classify network traffic as normal or anomalous, Machine Learning (ML) classifiers are increasingly utilized. An IDS with machine learning increases the accuracy with which security attacks are detected. This paper focuses on intrusion detection systems (IDSs) analysis using ML techniques. IDSs utilizing ML techniques are efficient and precise at identifying network assaults. In data with large dimensional spaces, however, the efficacy of these systems degrades. correspondingly, the case is essential to execute a feasible feature removal technique capable of getting rid of characteristics that have little effect on the classification process. In this paper, we analyze the KDD CUP-'99' intrusion detection dataset used for training and validating ML models. Then, we implement ML classifiers such as Logistic Regression, Decision Tree, K-Nearest Neighbour, Naive Bayes, Bernoulli Naive Bayes, Multinomial Naive Bayes, XG-Boost Classifier, Ada-Boost, Random Forest, SVM, Rocchio classifier, Ridge, Passive-Aggressive classifier, ANN besides Perceptron (PPN), the optimal classifiers are determined by comparing the results of Stochastic Gradient Descent and back-propagation neural networks for IDS, Conventional categorization indicators, such as "accuracy, precision, recall, and the f1-measure, have been used to evaluate the performance of the ML classification algorithms.

Cryptography and Security

Dr.D.S. John Deva Prasanna,Dr.K. Punitha,Dr.M. Naga Raju,Dr.F. Rahman,Kamlesh Kumar Yadav

DOI: https://doi.org/10.58346/jisis.2024.i3.024

2024-08-30

Abstract:One crucial thing that hackers always do is gather information about the state of networks by breaking into files and systems that are used in defense models. Threats can get into these platforms. Much information is constantly coming into and going out of systems and people. To find potentially harmful security trends, the Intrusion Detection System (IDS) has to look through this growing amount of data. Our surroundings and choices now make it very hard to quickly and correctly find intrusions. To find people who try to get into a communication system without permission, creating an intrusion detection system (IDS) that uses big data techniques to handle large amounts of complex data is essential. This work uses artificial intelligence (AI), which is aware of a vast amount of data, to make an IDS that is very good at dealing with these problems. The study created a unique structure for the Long Short-Term Memory (LSTM) method, which can find complex links and long-lasting patterns in arriving at network traffic data. By using this method, the system can successfully lower the number of false warnings and improve the accuracy of the IDS that was created. Big Data Analysis (BDA) could make the AI methods discussed in this study more useful. These methods are currently slow because they are very complicated. Using these techniques makes running the complicated model go more quickly. The researchers used the tool on the Spark platform for in-depth studies. The NSL-KDD database was used to train for the tests. The results show that the algorithm is better than other IDS systems regarding how often it finds problems, how usually it sets off fake alarms, how accurate it is, how efficiently it works, and how long it takes to train.

Amol D. Vibhute,Minhaj Khan,Anuradha Kanade,Chandrashekhar H. Patil,Sandeep V. Gaikwad,Kanubhai K. Patel,Jatinderkumar R. Saini

DOI: https://doi.org/10.1002/cpe.8024

2024-01-20

Concurrency and Computation Practice and Experience

Abstract:Summary The Internet is connected with everyone for sharing and monitoring digital information. However, securing network resources from malicious activities is critical for several applications. Numerous studies have recently used deep learning‐based models in detecting intrusions and received relatively robust recognition outcomes. Nevertheless, most investigations have operated old datasets, so they could not detect the most delinquent attack information. Therefore, the current research proposes the long short‐term memory (LSTM)‐based near real‐time multiclass network intrusion detection system (NIDS) utilizing complex cloud CSE‐CICIDSS2018 datasets to secure and detect the network anomalous. The proposed strategy utilizes a random forest algorithm for dimensionality reduction and feature selection. In addition, the selected best suitable features were used in a deep learning‐based LSTM model developed for detecting network intrusions. The experimental outcomes reveal that the presented LSTM model obtained 99.66% testing accuracy with 0.12% loss. Thus, the suggested approach can detect network intrusions with the highest precision and lowest rate over the earlier designs.

computer science, theory & methods, software engineering

Siva Surya Narayana Chintapalli,Satya Prakash Singh,Jaroslav Frnda,Parameshachari Bidare Divakarachari,Vijaya Lakshmi Sarraju,Przemysław Falkowski-Gilski

DOI: https://doi.org/10.1016/j.heliyon.2024.e29410

IF: 3.776

2024-04-13

Heliyon

Abstract:Currently, the Internet of Things (IoT) generates a huge amount of traffic data in communication and information technology. The diversification and integration of IoT applications and terminals make IoT vulnerable to intrusion attacks. Therefore, it is necessary to develop an efficient Intrusion Detection System (IDS) that guarantees the reliability, integrity, and security of IoT systems. The detection of intrusion is considered a challenging task because of inappropriate features existing in the input data and the slow training process. In order to address these issues, an effective meta heuristic based feature selection and deep learning techniques are developed for enhancing the IDS. The Osprey Optimization Algorithm (OOA) based feature selection is proposed for selecting the highly informative features from the input which leads to an effective differentiation among the normal and attack traffic of network. Moreover, the traditional sigmoid and tangent activation functions are replaced with the Exponential Linear Unit (ELU) activation function to propose the modified Bi-directional Long Short Term Memory (Bi-LSTM). The modified Bi-LSTM is used for classifying the types of intrusion attacks. The ELU activation function makes gradients extremely large during back-propagation and leads to faster learning. This research is analysed in three different datasets such as N-BaIoT, Canadian Institute for Cybersecurity Intrusion Detection Dataset 2017 (CICIDS-2017), and ToN-IoT datasets. The empirical investigation states that the proposed framework obtains impressive detection accuracy of 99.98 %, 99.97 % and 99.88 % on the N-BaIoT, CICIDS-2017, and ToN-IoT datasets, respectively. Compared to peer frameworks, this framework obtains high detection accuracy with better interpretability and reduced processing time.

Gulab Sah,Sweety Singh,Subhasish Banerjee

DOI: https://doi.org/10.23919/jcc.fa.2022-0076.202409

2024-10-01

China Communications

Abstract:The key objective of intrusion detection systems (IDS) is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal. These IDS uses many methods of machine learning (ML) to learn from past-experience attack i.e. signatures based and identify the new ones. Even though these methods are effective, but they have to suffer from large computational costs due to considering all the traffic features, together. Moreover, emerging technologies like the Internet of Things (IoT), big data, etc. are getting advanced day by day; as a result, network traffics are also increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, firstly, the ML methods have been used with the feature selection technique (FST) to reduce the number of features by picking out only the important ones from NSL-KDD, CICIDS2017, and CIC-DDoS2019 datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network. The experimental result demonstrated that the proposed model i.e. Decision tree (DT) with Recursive feature elimination (RFE) performs better than other classifiers with RFE in terms of accuracy, specificity, precision, sensitivity, F1-score, and G-means on the investigated datasets.

telecommunications

Haiyan Xuan,Mohith Manohar

2023-12-04

Abstract:As Artificial Intelligence (AI) technologies continue to gain traction in the modern-day world, they ultimately pose an immediate threat to current cybersecurity systems via exploitative methods. Prompt engineering is a relatively new field that explores various prompt designs that can hijack large language models (LLMs). If used by an unethical attacker, it can enable an AI system to offer malicious insights and code to them. In this paper, an enhanced intrusion detection system (IDS) that utilizes machine learning (ML) and hyperparameter tuning is explored, which can improve a model's performance in terms of accuracy and efficacy. Ultimately, this improved system can be used to combat the attacks made by unethical hackers. A standard IDS is solely configured with pre-configured rules and patterns; however, with the utilization of machine learning, implicit and different patterns can be generated through the models' hyperparameter settings and parameters. In addition, the IDS will be equipped with multiple datasets so that the accuracy of the models improves. We evaluate the performance of multiple ML models and their respective hyperparameter settings through various metrics to compare their results to other models and past research work. The results of the proposed multi-dataset integration method yielded an accuracy score of 99.9% when equipped with the XGBoost and random forest classifiers and RandomizedSearchCV hyperparameter technique.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Beenish Habib,Farida Khursheed

DOI: https://doi.org/10.1002/cpe.7996

2024-02-16

Concurrency and Computation Practice and Experience

Abstract:Summary Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance.

computer science, theory & methods, software engineering