Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Ankita Sharma,Shalli Rani,Maha Driss

DOI: https://doi.org/10.1371/journal.pone.0308206

IF: 3.7

2024-09-12

PLoS ONE

Abstract:In response to the rapidly evolving threat landscape in network security, this paper proposes an Evolutionary Machine Learning Algorithm designed for robust intrusion detection. We specifically address challenges such as adaptability to new threats and scalability across diverse network environments. Our approach is validated using two distinct datasets: BoT-IoT, reflecting a range of IoT-specific attacks, and UNSW-NB15, offering a broader context of network intrusion scenarios using GA based hybrid DT-SVM. This selection facilitates a comprehensive evaluation of the algorithm's effectiveness across varying attack vectors. Performance metrics including accuracy, recall, and false positive rates are meticulously chosen to demonstrate the algorithm's capability to accurately identify and adapt to both known and novel threats, thereby substantiating the algorithm's potential as a scalable and adaptable security solution. This study aims to advance the development of intrusion detection systems that are not only reactive but also preemptively adaptive to emerging cyber threats." During the feature selection step, a GA is used to discover and preserve the most relevant characteristics from the dataset by using evolutionary principles. Through the use of this technology based on genetic algorithms, the subset of features is optimised, enabling the subsequent classification model to focus on the most relevant components of network data. In order to accomplish this, DT-SVM classification and GA-driven feature selection are integrated in an effort to strike a balance between efficiency and accuracy. The system has been purposefully designed to efficiently handle data streams in real-time, ensuring that intrusions are promptly and precisely detected. The empirical results corroborate the study's assertion that the IDS outperforms traditional methodologies.

Soulaiman Moualla,Khaldoun Khorzom,Assef Jafar

DOI: https://doi.org/10.1155/2021/5557577

2021-06-15

Abstract:Networks are exposed to an increasing number of cyberattacks due to their vulnerabilities. So, cybersecurity strives to make networks as safe as possible, by introducing defense systems to detect any suspicious activities. However, firewalls and classical intrusion detection systems (IDSs) suffer from continuous updating of their defined databases to detect threats. The new directions of the IDSs aim to leverage the machine learning models to design more robust systems with higher detection rates and lower false alarm rates. This research presents a novel network IDS, which plays an important role in network security and faces the current cyberattacks on networks using the UNSW-NB15 dataset benchmark. Our proposed system is a dynamically scalable multiclass machine learning-based network IDS. It consists of several stages based on supervised machine learning. It starts with the Synthetic Minority Oversampling Technique (SMOTE) method to solve the imbalanced classes problem in the dataset and then selects the important features for each class existing in the dataset by the Gini Impurity criterion using the Extremely Randomized Trees Classifier (Extra Trees Classifier). After that, a pretrained extreme learning machine (ELM) model is responsible for detecting the attacks separately, "One-Versus-All" as a binary classifier for each of them. Finally, the ELM classifier outputs become the inputs to a fully connected layer in order to learn from all their combinations, followed by a logistic regression layer to make soft decisions for all classes. Results show that our proposed system performs better than related works in terms of accuracy, false alarm rate, Receiver Operating Characteristic (ROC), and Precision-Recall Curves (PRCs).

Sajad Einy,Cemil Oz,Yahya Dorostkar Navaei

DOI: https://doi.org/10.1155/2021/6648351

2021-06-15

Wireless Communications and Mobile Computing

Abstract:Given the growth of wireless networks and the increase of the advantages and applications of communication networks, especially mobile ad hoc networks (MANETs), this type of network has attracted the attention of users and researchers more than before. The benefit of these types of networks in various kinds of networks and environments is that MANET does not require to hardware infrastructure to communicate and send and receive data packets within the network. It is one of the main reasons for using these MANET in various fields. On the other hand, the increased popularity of these networks has led to many challenges, one of the most important of which is network security. In this regard, a lack of regulatory and security infrastructure in MANETs has caused some problems in sending and receiving data, where intrusion in the network has been recognized as one of the most important issues. In MANETs, wireless notes act as a link between the source and destination nodes and play the role of relays and routers in the network. Therefore, malicious node penetration and the destruction of information packages become feasible. Today, intrusion detection systems (IDSs) are used as a solution to deal with the problem through remote monitoring of the performance and behaviors of nodes existing in wireless sensor networks. In addition to detecting malicious nodes in the network, IDSs can predict the behavior of malicious nodes in the future in most cases. Therefore, the present study introduced a network IDS (NIDS) entitled MOPSO-FLN by using a combination of multiobjective particle swarm optimization algorithm- (MOPSO-) based feature subset selection (FSS) and fast-learning network (FLN). In this work, we used the KDD Cup99 and dataset to select features, train the network, and test the model. According to the simulation results, this method was able to improve the performance of the IDS in terms of evaluation criteria, compared to other previous methods, by creating a balance between the objectives of the number of representative features and training errors based on the evolutionary power of MOPSO.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shubhra Dwivedi,Manu Vardhan,Sarsij Tripathi,Alok Kumar Shukla

DOI: https://doi.org/10.1007/s12065-019-00293-8

2019-09-21

Evolutionary Intelligence

Abstract:Intrusion detection has become important to network security because of the increasing connectivity between computers and internet. Various Intrusion Detection Systems have been investigated to protect web or networks using several evolutionary methods and classification techniques. In this study, we propose a new technique by combining Ensemble of Feature Selection (EFS) and Adaptive Grasshopper Optimization Algorithm (AGOA) methods, called EFSAGOA which can help to identify the types of attack. In the proposed approach, initially, EFS method is applied to rank the attribute for selecting the high ranked subset of attributes. Then, AGOA is employed to determine important attributes from the reduced datasets that can contribute to predict the networks traffic behavior. Furthermore, adaptive behavior of GOA uses to decide whether a record represents an anomaly or not, differing from some approaches acquainted in the literature. AGOA uses the Support Vector Machine (SVM) as a fitness function to choose the extremely efficient features and to maximize the classification performance. In addition, it is also applied to optimize the penalty factor (C), kernel parameter <span class="InlineEquation">\((\sigma )\)</span>, and tube size <span class="InlineEquation">\((\epsilon )\)</span> of SVM classifier. The performance of EFSAGOA has been evaluated on modern intrusion data as ISCX 2012. The experimental results demonstrate that the proposed method performs better and obtain high detection rate, accuracy, and low false alarm rate compared to other state-of-art techniques in ISCX 2012 data.

S. Gokul Pran,Sivakami Raja,S. Jeyasudha

DOI: https://doi.org/10.1002/acs.3771

IF: 3.369

2024-03-14

International Journal of Adaptive Control and Signal Processing

Abstract:Summary Intrusion detection is a cyber‐security method that is significant for network security. It is utilized to detect behaviors that compromise security and privacy within a network or in the context of a computer system. To enhance the identification, an Intrusion Detection System Based on the Beetle Swarm Optimization and K‐RMS Clustering Algorithm cluster‐based hybrid classifiers is proposed in this manuscript. Here, the data is amassed from CICIDS2017 dataset. Then the data is preprocessed to eradicate the unwanted noise. After completing the preprocessed data, it can be clustered by using K‐RMS clustering algorithm. This algorithm cluster the entire data to the associated cluster set depending on the data behavior. The classification algorithm is considered to predict the data as normal or attacking behaviors. The hybrid classification is used to predict the data. The solitary predictor aims to achieve high detection rates and accuracy. The hybrid classifiers, such as support vector machines, artificial neural networks are applied to recognize the normal or intruder. The performance of the SVM‐ANN‐IDS method attains 22.05%, 15.87%, 27.25% higher accuracy, 23.90% and 28.53% higher precision, 29.29%, 19.19% and 23.27% higher specificity and 18.28%, 24.36% and 27.49% greater recall when compared to the existing models, like developing novel deep‐learning model to improve network intrusion categorization (DNN‐IDS), Intrusion identification scheme on real‐time data traffic under machine learning techniques along feature selection method (RNN‐SVM‐IDS) and recurrent deep learning basis feature fusion ensemble meta‐classifier for intellectual network intrusion identification scheme (RNN‐IDS) respectively.

automation & control systems,engineering, electrical & electronic

Abhilash Kayyidavazhiyil

DOI: https://doi.org/10.3233/jifs-224283

2023-09-16

Journal of Intelligent & Fuzzy Systems

Abstract:Prediction of malicious attacks and monitoring of network behaviour is significant for providing security and mitigating the loss of credential information. In order to monitor network traffic and identify different types of attacks in the network, numerous existing algorithms have been provided for classifying unauthorized access from the authorized access. However, the traditional techniques have faced complications in satisfying the accuracy while making predictions of malicious activities. Detection accuracy have been addressed as a drawback which hinders in making appropriate identification of threats. In order to overcome such challenges, the proposed work is designed with effective IDS mechanism for detecting and classifying the attacks taken from the UNSW-NB15 and NSL-KDD dataset. IDS (Intrusion Detection System) implementation is accomplished with three stages such as pre-processing is the initial phase in which scaling re-sizing of all images to similar width and height. Process of checking missing values reduces the computational complexities and enhances accuracy. Second stage is the novel feature-selection process accomplished by E-GSS (Enhanced Genetic Sine Swarm Intelligence) for selecting significant and optimal features. Finally, classification is the final phase in which intrusion is classified using novel DMH-ANN (Deep Meta-Heuristics Artificial Neural Network) which is internally being compared to three classifiers such as RF (Random Forest), NB (Naïve Bayes) and XG-Boost (Extreme Gradient). Experimental evaluation is carried out with the performance metrics such as accuracy, precision and recall and compared with existing algorithms for exhibiting the effectiveness of the proposed model. The research outcome reveals its efficiency in detecting and classifying attacks with greater accuracy.

Mouhammd Alkasassbeh

DOI: https://doi.org/10.48550/arXiv.1712.09623

2017-12-28

Abstract:Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

Networking and Internet Architecture,Cryptography and Security,Machine Learning

María Rodríguez,Álvaro Alesanco,Lorena Mehavilla,José García

DOI: https://doi.org/10.3390/s22239326

IF: 3.9

2022-12-01

Sensors

Abstract:Cybersecurity is one of the great challenges of today's world. Rapid technological development has allowed society to prosper and improve the quality of life and the world is more dependent on new technologies. Managing security risks quickly and effectively, preventing, identifying, or mitigating them is a great challenge. The appearance of new attacks, and with more frequency, requires a constant update of threat detection methods. Traditional signature-based techniques are effective for known attacks, but they are not able to detect a new attack. For this reason, intrusion detection systems (IDS) that apply machine learning (ML) techniques represent an alternative that is gaining importance today. In this work, we have analyzed different machine learning techniques to determine which ones permit to obtain the best traffic classification results based on classification performance measurements and execution times, which is decisive for further real-time deployments. The CICIDS2017 dataset was selected in this work since it contains bidirectional traffic flows (derived from traffic captures) that include benign traffic and different types of up-to-date attacks. Each traffic flow is characterized by a set of connection-related attributes that can be used to model the traffic and distinguish between attacks and normal flows. The CICIDS2017 also contains the raw network traffic captures collected during the dataset creation in a packet-based format, thus permitting to extract the traffic flows from them. Various classification techniques have been evaluated using the Weka software: naive Bayes, logistic, multilayer perceptron, sequential minimal optimization, k-nearest neighbors, adaptive boosting, OneR, J48, PART, and random forest. As a general result, methods based on decision trees (PART, J48, and random forest) have turned out to be the most efficient with F1 values above 0.999 (average obtained in the complete dataset). Moreover, multiclass classification (distinguishing between different types of attack) and binary classification (distinguishing only between normal traffic and attack) have been compared, and the effect of reducing the number of attributes using the correlation-based feature selection (CFS) technique has been evaluated. By reducing the complexity in binary classification, better results can be obtained, and by selecting a reduced set of the most relevant attributes, less time is required (above 30% of decrease in the time required to test the model) at the cost of a small performance loss. The tree-based techniques with CFS attribute selection (six attributes selected) reached F1 values above 0.990 in the complete dataset. Finally, a conventional tool like Zeek has been used to process the raw traffic captures to identify the traffic flows and to obtain a reduced set of attributes from these flows. The classification results obtained using tree-based techniques (with 14 Zeek-based attributes) were also very high, with F1 above 0.997 (average obtained in the complete dataset) and low execution times (allowing several hundred thousand flows/s to be processed). These classification results obtained on the CICIDS2017 dataset allow us to affirm that the tree-based machine learning techniques may be appropriate in the flow-based intrusion detection problem and that algorithms, such as PART or J48, may offer a faster alternative solution to the RF technique.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.3390/fi13050111

2021-04-28

Future Internet

Abstract:Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

Shubhra Dwivedi,Manu Vardhan,Sarsij Tripathi

DOI: https://doi.org/10.1007/s10586-020-03229-5

2021-01-13

Cluster Computing

Abstract:Intrusion detection is one of the most crucial activities for security infrastructures in network environments, and it is widely used to detect, identify and track malicious threats. A common approach in intrusion detection systems (IDSs) specifically in anomaly detection is evolutionary algorithm that works as intrusion detector. Still, it has been challenging to design a precise and reliable IDS to determine security threats due to the large capacity of network data which contains redundant and irrelevant features. It does not only decrease the process of classification but also prevents a classifier from making precise decisions. To increase the accuracy and reduce the false alarm rate, in this study integration of ensemble feature selection (EFS) and grasshopper optimization algorithm (GOA), called EFSGOA is developed. Firstly, EFS method is applied to rank the features for selecting the top subset of relevant features. Afterward, GOA is utilized to identify significant features from the obtained reduced features set produced by EFS technique that can contribute to determine the type of attack. Furthermore, GOA utilizes support vector machine (SVM) as a fitness function to obtain the noteworthy features and to optimize penalty factor, kernel parameter, and tube size parameters of SVM for maximizing the classification performance. The experimental results demonstrate that EFSGOA method has performed better and obtained high detection rate of 99.69%, accuracy of 99.98% and low false alarm rate of 0.07 in NSL-KDD and high detection rate of 99.26%, accuracy of 99.89% and low false alarm rate of 0.097 in KDD Cup 99 data. Moreover, the proposed method has succeeded in achieving higher performance compared to other state-of-art techniques in terms of accuracy, detection rate, false alarm rate, and CPU time.

Zi-Hang Cheng,Haopu Shang,Chao Qian

2024-06-13

Abstract:Network intrusion detection is one of the most important issues in the field of cyber security, and various machine learning techniques have been applied to build intrusion detection systems. However, since the number of features to describe the network connections is often large, where some features are redundant or noisy, feature selection is necessary in such scenarios, which can both improve the efficiency and accuracy. Recently, some researchers focus on using multi-objective evolutionary algorithms (MOEAs) to select features. But usually, they only consider the number of features and classification accuracy as the objectives, resulting in unsatisfactory performance on a critical metric, detection rate. This will lead to the missing of many real attacks and bring huge losses to the network system. In this paper, we propose DR-MOFS to model the feature selection problem in network intrusion detection as a three-objective optimization problem, where the number of features, accuracy and detection rate are optimized simultaneously, and use MOEAs to solve it. Experiments on two popular network intrusion detection datasets NSL-KDD and UNSW-NB15 show that in most cases the proposed method can outperform previous methods, i.e., lead to fewer features, higher accuracy and detection rate.

Machine Learning

Herve Kabamba Mbikayi

DOI: https://doi.org/10.48550/arXiv.1212.0170

2012-12-02

Abstract:With the increasing number of intrusions in system and network infrastructures, Intrusion Detection Systems (IDS) have become an active area of research to develop reliable and effective solutions to detect and counter them. The use of Evolutionary Algorithms in IDS has proved its maturity over the times. Although most of the research works have been based on the use of genetic algorithms in IDS, this paper presents an approach toward the generation of rules for the identification of anomalous connections using evolution strategies . The emphasis is given on how the problem can be modeled into ES primitives and how the fitness of the population can be evaluated in order to find the local optima, therefore resulting in optimal rules that can be used for detecting intrusions in intrusion detection systems.

Cryptography and Security,Neural and Evolutionary Computing

Mohammad Sazzadul Hoque,Md. Abdul Mukit,Md. Abu Naser Bikas

DOI: https://doi.org/10.5121/ijnsa.2012.4208

2012-04-05

Abstract:Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.

Cryptography and Security,Neural and Evolutionary Computing,Networking and Internet Architecture

Ch.Kodanda Ramu,T. Srinivasa Rao,E. Uma Shankar Rao

DOI: https://doi.org/10.1007/s11042-024-18558-5

IF: 2.577

2024-02-20

Multimedia Tools and Applications

Abstract:In recent times, network-based applications have rapidly grown in the field of information and communication technology(ICT), which enables individuals and organizations to connect and share their sensitive information seamlessly. The security of these network-based applications is imperative to avoid cyber-attacks during the exchange of sensitive information. The identification of anomalies in network events can be highly challenging due to the complex nature of traffic flows. To solve the challenges, network intrusion detection system (NIDS) technology is used; any network can profit from this system because it can monitor traffic and detect any irregularities. The existing NIDS systems driven by machine learning models do not provide sufficient ability to handle heterogeneous data and realize performance degradation while detecting some types of attacks. Therefore, this paper proposes an innovative meta-heuristic optimization and deep learning-based methodology for improving the performance of NIDS systems. Initially, the raw captured traffic data is fed into the pre-processing phase to attain data standardization and data balancing. Further, an extended Pelican Optimization algorithm (Ex-Pel) is employed to select the set of features from the pre-processed data optimally. Finally, the Self-Attention Assisted Weighted Auto Encoder (SAttn_WAE) is executed to detect the attacks precisely through the set of optimal features. The execution of the proposed methodology is carried out in the Python platform, and performance evaluation is done using accuracy, precision, recall, FAR, and F1-score metrics. The proposed model achieved an accuracy of 99.23%, precision of 99.78%, FAR of 0.67%, recall of 99.13%, and F1-score of 99.32%, which is comparatively better than existing models.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Shweta More,Moad Idrissi,Haitham Mahmoud,A. Taufiq Asyhari

DOI: https://doi.org/10.3390/a17020064

2024-02-01

Algorithms

Abstract:The rapid proliferation of new technologies such as Internet of Things (IoT), cloud computing, virtualization, and smart devices has led to a massive annual production of over 400 zettabytes of network traffic data. As a result, it is crucial for companies to implement robust cybersecurity measures to safeguard sensitive data from intrusion, which can lead to significant financial losses. Existing intrusion detection systems (IDS) require further enhancements to reduce false positives as well as enhance overall accuracy. To minimize security risks, data analytics and machine learning can be utilized to create data-driven recommendations and decisions based on the input data. This study focuses on developing machine learning models that can identify cyber-attacks and enhance IDS system performance. This paper employed logistic regression, support vector machine, decision tree, and random forest algorithms on the UNSW-NB15 network traffic dataset, utilizing in-depth exploratory data analysis, and feature selection using correlation analysis and random sampling to compare model accuracy and effectiveness. The performance and confusion matrix results indicate that the Random Forest model is the best option for identifying cyber-attacks, with a remarkable F1 score of 97.80%, accuracy of 98.63%, and low false alarm rate of 1.36%, and thus should be considered to improve IDS system security.

Khloud Al Jallad,Mohamad Aljnidi,Mohammad Said Desouki

DOI: https://doi.org/10.48550/arXiv.2209.13961

2022-09-28

Cryptography and Security

Abstract:With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

Deepshikha Kumari,Abhinav Sinha,Sandip Dutta,Prashant Pranav

DOI: https://doi.org/10.1038/s41598-024-68342-6

2024-07-26

Abstract:The constantly changing nature of cyber threats presents unprecedented difficulties for people, institutions, and governments across the globe. Cyber threats are a major concern in today's digital world like hacking, phishing, malware, and data breaches. These can compromise anyone's personal information and harm the organizations. An intrusion detection system plays a vital responsibility to identifying abnormal network traffic and alerts the system in real time if any malicious activity is detected. In our present research work Artificial Neural Networks (ANN) layers are optimized with the execution of Spider Monkey Optimization (SMO) to detect attacks or intrusions in the system. The developed model SMO-ANN is examined using publicly available dataset Luflow, CIC-IDS 2017, UNR-IDD and NSL -KDD to classify the network traffic as benign or attack type. In the binary Luflow dataset and the multiclass NSL-KDD dataset, the proposed model SMO-ANN has the maximum accuracy, at 100% and 99%, respectively.

Surasit Songma,Watcharakorn Netharn,Siriluck Lorpunmanee

DOI: https://doi.org/10.5121/ijcnc.2024.16404

2024-08-15

Abstract:The present research investigates how to improve Network Intrusion Detection Systems (NIDS) by combining Machine Learning (ML) and Deep Learning (DL) techniques, addressing the growing challenge of cybersecurity threats. A thorough process for data preparation, comprising activities like cleaning, normalization, and segmentation into training and testing sets, lays the framework for model training and evaluation. The study uses the CSE-CIC-IDS 2018 and LITNET-2020 datasets to compare ML methods (Decision Trees, Random Forest, XGBoost) and DL models (CNNs, RNNs, DNNs, MLP) against key performance metrics (Accuracy, Precision, Recall, and F1-Score). The Decision Tree model performed better across all measures after being fine-tuned with Enhanced Particle Swarm Optimization (EPSO), demonstrating the model's ability to detect network breaches effectively. The findings highlight EPSO's importance in improving ML classifiers for cybersecurity, proposing a strong framework for NIDS with high precision and dependability. This extensive analysis not only contributes to the cybersecurity arena by providing a road to robust intrusion detection solutions, but it also proposes future approaches for improving ML models to combat the changing landscape of network threats.

Cryptography and Security

Abdulaziz Fatani,Abdelghani Dahou,Mohamed Abd Elaziz,Mohammed A. A. Al-qaness,Songfeng Lu,Saad Ali Alfadhli,Shayem Saleh Alresheedi

DOI: https://doi.org/10.3390/s23094430

IF: 3.9

2023-05-01

Sensors

Abstract:Intrusion detection systems (IDS) play a crucial role in securing networks and identifying malicious activity. This is a critical problem in cyber security. In recent years, metaheuristic optimization algorithms and deep learning techniques have been applied to IDS to improve their accuracy and efficiency. Generally, optimization algorithms can be used to boost the performance of IDS models. Deep learning methods, such as convolutional neural networks, have also been used to improve the ability of IDS to detect and classify intrusions. In this paper, we propose a new IDS model based on the combination of deep learning and optimization methods. First, a feature extraction method based on CNNs is developed. Then, a new feature selection method is used based on a modified version of Growth Optimizer (GO), called MGO. We use the Whale Optimization Algorithm (WOA) to boost the search process of the GO. Extensive evaluation and comparisons have been conducted to assess the quality of the suggested method using public datasets of cloud and Internet of Things (IoT) environments. The applied techniques have shown promising results in identifying previously unknown attacks with high accuracy rates. The MGO performed better than several previous methods in all experimental comparisons.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation