Seshu Bhavani Mallampati,Hari Seetha

DOI: https://doi.org/10.1142/s0219649223500661

2023-11-22

Journal of Information & Knowledge Management

Abstract:Journal of Information &Knowledge Management, Ahead of Print. With advances in computer network technology, the Internet has become an integral part of our daily lives. It goes without saying that providing security to network data is crucial. To this effect, the intrusion detection system (IDS) is vital for defending networks against cyberattacks. However, the high dimensionality of data is a significant issue that impacts categorisation accuracy. Therefore, we proposed a novel integrated feature extraction method called PC-UDAE that uses principal component analysis (PCA) and Unsupervised Deep Autoencoder (UDAE) to extract linear and nonlinear relationships. Also, to address the class imbalance, synthetic minority class samples are generated using the combination of Synthetic Minority Over Sampling Technique and Edited Nearest Neighbour (SMOTE-ENN). Finally, the extracted features are trained by using supervised machine learning models like Random Forest (RF), Extreme Gradient Boosting Machine (XGBM), Decision Tree (DT), Light Gradient Boosting Machine (LGBM), Extra Tree (ET), Support Vector Machine (SVM), AdaBoost (AB), and K-Nearest Neighbour (KNN) with the original imbalanced and balanced data. We analysed our suggested model using UNSW-NB 15, NSL-KDD, Ton-IoT data sets and obtained 98.85%, 99.59%, and 99.97% accuracy, respectively. Our experimental findings show that our proposed method outperformed all other competing methods.

Chadia E. L. Asry,Ibtissam Benchaji,Samira Douzi,Bouabid E. L. Ouahidi

DOI: https://doi.org/10.1371/journal.pone.0295801

IF: 3.7

2024-01-25

PLoS ONE

Abstract:The escalating prevalence of cybersecurity risks calls for a focused strategy in order to attain efficient resolutions. This study introduces a detection model that employs a tailored methodology integrating feature selection using SHAP values, a shallow learning algorithm called PV-DM, and machine learning classifiers like XGBOOST. The efficacy of our suggested methodology is highlighted by employing the NSL-KDD and UNSW-NB15 datasets. Our approach in the NSL-KDD dataset exhibits exceptional performance, with an accuracy of 98.92%, precision of 98.92%, recall of 95.44%, and an F1-score of 96.77%. Notably, this performance is achieved by utilizing only four characteristics, indicating the efficiency of our approach. The proposed methodology achieves an accuracy of 82.86%, precision of 84.07%, recall of 77.70%, and an F1-score of 80.20% in the UNSW-NB15 dataset, using only six features. Our research findings provide substantial evidence of the enhanced performance of the proposed model compared to a traditional deep-learning model across all performance metrics.

multidisciplinary sciences

Sapna Sadhwani,Urvi Kavan Modi,Raja Muthalagu,Pranav M Pawar,Pranav M. Pawar

DOI: https://doi.org/10.1109/access.2024.3371996

IF: 3.9

2024-03-12

IEEE Access

Abstract:While the Internet of Things (IoT) paradigm has transformed connectivity, it has also brought with it previously unheard-of security risks. The categorization of IoT attacks using several machine learning techniques and a deep learning method is the main emphasis of this research. In addition to proposing a binary and multiclass classification framework with Machine Learning (ML) algorithms like Random Forest (RF), Decision tree (DT), Extra Tree Classifier (ETC), Support Vector Machine (SVM), and k-Nearest Neighbor (KNN) and Deep Learning (DL) architectures like Deep Neural Network (DNN), the study assesses a wide range of attack types in IoT environments. Benchmark datasets with real-world IoT attack scenarios, such as Edge-IIoTset, are used for experimentation. Preprocessing is done on the dataset using Principal Componenet Analysis (PCA) for feature selection, Synthetic Minority Oversampling Technique to handle class imbalance and Standard Scaling for feature scaling. These approaches' comparative performance and efficacy are examined. The outcomes indicate how successful the DL model in managing intricate attack patterns and the generalization capabilities of ML algorithms across various attack classes. The DNN model yields the best results, with 100% accuracy for binary classification, 96.15% accuracy for 6-class classification, and 94.68% accuracy for 15-class classification. Further, 10-fold cross validation has been applied to make sure that the model does not overfit. This work contributes to the improvement of IoT security mechanisms by offering insights into the selection of appropriate approaches for binary and multiclass classification of threats.

computer science, information systems,telecommunications,engineering, electrical & electronic

Afrah Fathima,Amir Khan,Md Faizan Uddin,Mohammad Maqbool Waris,Sultan Ahmad,Cesar Sanin,Edward Szczerbicki

DOI: https://doi.org/10.1080/01969722.2023.2296246

IF: 1.859

2023-12-27

Cybernetics & Systems

Abstract:This research work utilizes the University of New South Wales Network Based 2015 (UNSW-NB15) dataset to investigate the dynamic nature of cyber threats, departing from the obsolete Knowledge Discovery and Data Mining competition 1999 (KDD Cup99) dataset. The data preparation pipeline consists of essential procedures aimed at ensuring the integrity and appropriateness of the data for analysis. The method begins by removing null values, thereafter, applying one-hot encoding to categorical features, min-max scaling for data normalization, and label encoding for efficient management of binary labels. The process of feature selection is conducted utilizing the Pearson coefficient correlation. An exhaustive evaluation is conducted on six machine learning models for the purpose of binary classification. The evaluation takes into account key performance measures like accuracy, precision, recall, and F1 score. The Random Forest model demonstrated exceptional performance, with a remarkable accuracy of 99% and a robust F1 score of 98%. Additionally, it exhibited a well-balanced precision and recall at 98%. The Support Vector Machine, Gradient Boosting, Logistic Regression, Decision Tree, and K-Nearest Neighbors models exhibit notable performance, achieving accuracy and F1 scores around at the 98% level. During our investigation into multi-class classification research, we thoroughly examined numerous machine learning models, all of which exhibited robust performance, with accuracy rates ranging from 97% to 98%. The aforementioned results highlight the efficacy of these models in accurately classifying data, regularly achieving high levels of precision, recall, and F1 scores for positive case predictions. This study offers a current viewpoint on the identification of cyber threats and emphasizes the appropriateness of several machine learning models in this rapidly changing field.

computer science, cybernetics

V. Bhavya Lahari,T. Amrutha,S.N.B. Tanuja Reddy,P. Deepika Leela,Y. Venkata Narayana

DOI: https://doi.org/10.36713/epra14771

2023-11-01

EPRA International Journal of Research & Development (IJRD)

Abstract:In the rapidly evolving digital landscape, ensuring the security of computer systems and networks has become a paramount concern. Traditional methods often struggle to keep pace with the increasing complexity and diversity of cyber threats. In the context of cybersecurity and network analysis, the crucial tools for identifying and responding to unauthorized access, malicious activities, and potential threats within a network or system cannot take place. The significance of intrusion detection is underscored by the escalating frequency and sophistication of cyberattacks that can lead to data breaches, service disruptions, and financial losses. The XGBoost algorithms ability to handle complex, imbalanced datasets and its exceptional performance in various domains make it a promising candidate for improving intrusion detection accuracy. To evaluate the efficacy of the XGBoost algorithm, extensive experiments are conducted using the KDDCup99 dataset. This dataset represents diverse network traffic scenarios and intrusion types, providing a comprehensive evaluation environment. The Random Forest algorithm, known for its robustness in handling classification tasks, is selected as a baseline for comparison. The performance of the XGBoost algorithm is assessed using multiple performance metrics, including accuracy, precision, recall, F1-score. The outcomes highlight the potential advantages of utilizing XGBoost for intrusion detection. KEYWORDS: Cybersecurity, Network Analysis, Intrusion Detection, XGBoost Algorithm, Random Forest Algorithm, KDDCup99 Dataset.

Ankita Sharma,Shalli Rani,Maha Driss

DOI: https://doi.org/10.1371/journal.pone.0308206

IF: 3.7

2024-09-12

PLoS ONE

Abstract:In response to the rapidly evolving threat landscape in network security, this paper proposes an Evolutionary Machine Learning Algorithm designed for robust intrusion detection. We specifically address challenges such as adaptability to new threats and scalability across diverse network environments. Our approach is validated using two distinct datasets: BoT-IoT, reflecting a range of IoT-specific attacks, and UNSW-NB15, offering a broader context of network intrusion scenarios using GA based hybrid DT-SVM. This selection facilitates a comprehensive evaluation of the algorithm's effectiveness across varying attack vectors. Performance metrics including accuracy, recall, and false positive rates are meticulously chosen to demonstrate the algorithm's capability to accurately identify and adapt to both known and novel threats, thereby substantiating the algorithm's potential as a scalable and adaptable security solution. This study aims to advance the development of intrusion detection systems that are not only reactive but also preemptively adaptive to emerging cyber threats." During the feature selection step, a GA is used to discover and preserve the most relevant characteristics from the dataset by using evolutionary principles. Through the use of this technology based on genetic algorithms, the subset of features is optimised, enabling the subsequent classification model to focus on the most relevant components of network data. In order to accomplish this, DT-SVM classification and GA-driven feature selection are integrated in an effort to strike a balance between efficiency and accuracy. The system has been purposefully designed to efficiently handle data streams in real-time, ensuring that intrusions are promptly and precisely detected. The empirical results corroborate the study's assertion that the IDS outperforms traditional methodologies.

Arushi Agarwal,Purushottam Sharma,Mohammed Alshehri,Ahmed A. Mohamed,Osama Alfarraj

DOI: https://doi.org/10.7717/peerj-cs.437

2021-04-07

PeerJ Computer Science

Abstract:In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

computer science, information systems, artificial intelligence, theory & methods

Saikat Das,Sajal Saha,Annita Tahsin Priyoti,Etee Kawna Roy,Frederick T. Sheldon,Anwar Haque,Sajjan Shiva

DOI: https://doi.org/10.1109/tnsm.2021.3138457

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:Proper security solutions in the cyber world are crucial for enforcing network security by providing real-time network protection against network vulnerabilities and data exploitation. An effective intrusion detection strategy is capable of taking a holistic approach for protecting critical systems against unauthorized access or attack. In this paper, we describe a machine learning (ML) based comprehensive security solution for network intrusion detection using ensemble supervised ML framework and ensemble feature selection methods. In addition, we provide a comparative analysis of several ML models and feature selection methods. The goal of this research is to design a generic detection mechanism and achieve higher accuracy with minimal false positive rates (FPR). NSL-KDD, UNSW-NB15, and CICIDS2017 datasets are used in the experiment, and results show that our detection model can identify 99.3% of intrusions successfully with the lowest 0.5% of false alarms, which depicts better performance metrics compared to existing solutions.

computer science, information systems

Geeta Kocher,Gulshan Kumar

DOI: https://doi.org/10.5121/csit.2020.102004

2020-12-26

Abstract:With the advancement of internet technology, the numbers of threats are also rising exponentially. To reduce the impact of these threats, researchers have proposed many solutions for intrusion detection. In the literature, various machine learning classifiers are trained on older datasets for intrusion detection which limits their detection accuracy. So, there is a need to train the machine learning classifiers on latest dataset. In this paper, UNSW-NB15, the latest dataset is used to train machine learning classifiers. On the basis of theoretical analysis, taxonomy is proposed in terms of lazy and eager learners. From this proposed taxonomy, KNearest Neighbors (KNN), Stochastic Gradient Descent (SGD), Decision Tree (DT), Random Forest (RF), Logistic Regression (LR) and Naïve Bayes (NB) classifiers are selected for training. The performance of these classifiers is tested in terms of Accuracy, Mean Squared Error (MSE), Precision, Recall, F1-Score, True Positive Rate (TPR) and False Positive Rate (FPR) on UNSW-NB15 dataset and comparative analysis of these machine learning classifiers is carried out. The experimental results show that RF classifier outperforms other classifiers.

A. Ponmalar,V. Dhanakoti

DOI: https://doi.org/10.1016/j.asoc.2021.108295

IF: 8.7

2022-02-01

Applied Soft Computing

Abstract:The mainstream computing technology is not efficient in managing massive data and detecting network traffic intrusions, often including big data. The intrusions present in sustained network traffic and the massive host log event data cannot be effectively managed by conventional analytical tools, resulting in a huge number of false positives and a longer training time. This paper presents a novel technique to enhance the intrusion detection process by handling the fundamental big data complexities associated with different forms of heterogeneous security data. To achieve the earlier objective, the ensemble Support Vector Machine (SVM) is integrated with the Chaos Game Optimization (CGO) algorithm. The proposed methodology improves the intrusion classification accuracy and also identifies nine different types of attacks present in the UNSW-NB15 dataset. The efficiency of the proposed methodology is evaluated using statistical analysis and different performance metrics such as precision, recall, F1-score, accuracy, ROC curve, and confusion matrix by comparing it with different baseline models. The proposed methodology obtains an accuracy of 96.29% when compared to the chi-SVM (89.12%) and an improvement of 6.47% is noted in the proposed methodology in terms of accuracy when compared with the chi-SVM. The higher classification accuracy shows that the proposed methodology exhibit a fewer number of false positives when handling the security events in big data platforms.

computer science, artificial intelligence, interdisciplinary applications

I. Sumaiya Thaseen,J. Saira Banu,K. Lavanya,Muhammad Rukunuddin Ghalib,Kumar Abhishek

DOI: https://doi.org/10.1002/ett.4014

IF: 3.6

2020-06-08

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Serious concerns regarding vulnerability and security have been raised as a result of the constant growth of computer networks. Intrusion detection systems (IDS) have been adopted by network administrators to provide essential network security. Commercial IDS in the market do not have the capability to identify novel attacks but generate false alarms for legitimate user activities. Neural networks can be applied for the solution of these issues and for providing improved accuracy. Correlation‐based attribute selection ranks the features according to the highest correlation between the attributes and class label. In this article, the authors propose a correlation‐based feature selection integrated with neural network for identifying anomalies. Experimental analysis performed on NSL‐KDD and UNSW‐NB datasets, which are benchmark datasets of intrusion detection with current attacks. The results show that the proposed model is superior in terms of accuracy, sensitivity, and specificity in comparison with some of the state‐of‐the‐art techniques. With the emergence of the Internet of Things Technology, such IDS can be deployed for securing the IoT servers in future. Wireless payment systems can be secured by building and deploying IDS. A secure integrated network management can be achieved which is error‐free and thereby improving performance.</p>

telecommunications

Amit Kumar Mishra,Shweta Paliwal

DOI: https://doi.org/10.1007/s10586-022-03735-8

2022-09-15

Cluster Computing

Abstract:The network traffic has observed astounding expansion and is set to explode in the next few years. Security attacks are becoming more and more synchronized as attackers are involved in using new orchestrated techniques that are capable of initiating attacks such as zero-day vector and slow loris. These attacks are surpassing the current network analytic solutions employed in the infrastructure of the network. Machine learning (ML) based approaches are successfully quelling modern-day attacks by analyzing the patterns in the encrypted network traffic. Detection strategies based on labelled datasets that are a combination of synthesized attacks and modern normal attacks became the need of the hour. In this study, three benchmark datasets; UNSWNB15, NSL- KDD, and BoT-Internet of things are a combination of modern-day orchestrated security attacks. The datasets are processed and feature selection is performed using information gain and correlation coefficient (Pearson). Once the features are identified they are subjected to the following classifiers; stacking of light gradient boosting machine (LGBM) and random forest, stochastic gradient descent, Gaussian Naive Bayes (GNB), support vector machine (SVM), bagging + reduced error pruning, K nearest neighbour and AdaBoost. Thus it has been observed that stacking of LGBM and random forest has given the highest predictions for all three datasets.

computer science, information systems, theory & methods

Adam James Hall,Nikolaos Pitropakis,William J Buchanan,Naghmeh Moradpoor

DOI: https://doi.org/10.48550/arXiv.1907.10272

2019-07-24

Cryptography and Security

Abstract:Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario - the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their associated confusion matrix and Receiver Operating Characteristic (ROC) curve, and the best performing classifiers are aggregated into an ensemble classifier. This meta-classifier has an accuracy of \textbf{96.2\%} with an area under the ROC curve of \textbf{0.988}.

Ashfaq Hussain Farooqi,Shahzaib Akhtar,Hameedur Rahman,Touseef Sadiq,Waseem Abbass

DOI: https://doi.org/10.3390/s24010127

2023-12-26

Abstract:In the context of 6G technology, the Internet of Everything aims to create a vast network that connects both humans and devices across multiple dimensions. The integration of smart healthcare, agriculture, transportation, and homes is incredibly appealing, as it allows people to effortlessly control their environment through touch or voice commands. Consequently, with the increase in Internet connectivity, the security risk also rises. However, the future is centered on a six-fold increase in connectivity, necessitating the development of stronger security measures to handle the rapidly expanding concept of IoT-enabled metaverse connections. Various types of attacks, often orchestrated using botnets, pose a threat to the performance of IoT-enabled networks. Detecting anomalies within these networks is crucial for safeguarding applications from potentially disastrous consequences. The voting classifier is a machine learning (ML) model known for its effectiveness as it capitalizes on the strengths of individual ML models and has the potential to improve overall predictive performance. In this research, we proposed a novel classification technique based on the DRX approach that combines the advantages of the Decision tree, Random forest, and XGBoost algorithms. This ensemble voting classifier significantly enhances the accuracy and precision of network intrusion detection systems. Our experiments were conducted using the NSL-KDD, UNSW-NB15, and CIC-IDS2017 datasets. The findings of our study show that the DRX-based technique works better than the others. It achieved a higher accuracy of 99.88% on the NSL-KDD dataset, 99.93% on the UNSW-NB15 dataset, and 99.98% on the CIC-IDS2017 dataset, outperforming the other methods. Additionally, there is a notable reduction in the false positive rates to 0.003, 0.001, and 0.00012 for the NSL-KDD, UNSW-NB15, and CIC-IDS2017 datasets.

Soulaiman Moualla,Khaldoun Khorzom,Assef Jafar

DOI: https://doi.org/10.1155/2021/5557577

2021-06-15

Abstract:Networks are exposed to an increasing number of cyberattacks due to their vulnerabilities. So, cybersecurity strives to make networks as safe as possible, by introducing defense systems to detect any suspicious activities. However, firewalls and classical intrusion detection systems (IDSs) suffer from continuous updating of their defined databases to detect threats. The new directions of the IDSs aim to leverage the machine learning models to design more robust systems with higher detection rates and lower false alarm rates. This research presents a novel network IDS, which plays an important role in network security and faces the current cyberattacks on networks using the UNSW-NB15 dataset benchmark. Our proposed system is a dynamically scalable multiclass machine learning-based network IDS. It consists of several stages based on supervised machine learning. It starts with the Synthetic Minority Oversampling Technique (SMOTE) method to solve the imbalanced classes problem in the dataset and then selects the important features for each class existing in the dataset by the Gini Impurity criterion using the Extremely Randomized Trees Classifier (Extra Trees Classifier). After that, a pretrained extreme learning machine (ELM) model is responsible for detecting the attacks separately, "One-Versus-All" as a binary classifier for each of them. Finally, the ELM classifier outputs become the inputs to a fully connected layer in order to learn from all their combinations, followed by a logistic regression layer to make soft decisions for all classes. Results show that our proposed system performs better than related works in terms of accuracy, false alarm rate, Receiver Operating Characteristic (ROC), and Precision-Recall Curves (PRCs).

Iftikhar Ahmad,Qazi Emad Ul Haq,Muhammad Imran,Madini O. Alassafi,Rayed A. AlGhamdi

DOI: https://doi.org/10.3390/math10030530

IF: 2.4

2022-02-08

Mathematics

Abstract:Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains.

mathematics

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

Muhammad Sajid,Kaleem Razzaq Malik,Ahmad Almogren,Tauqeer Safdar Malik,Ali Haider Khan,Jawad Tanveer,Ateeq Ur Rehman

DOI: https://doi.org/10.1186/s13677-024-00685-x

2024-07-18

Journal of Cloud Computing

Abstract:The volume of data transferred across communication infrastructures has recently increased due to technological advancements in cloud computing, the Internet of Things (IoT), and automobile networks. The network systems transmit diverse and heterogeneous data in dispersed environments as communication technology develops. The communications using these networks and daily interactions depend on network security systems to provide secure and reliable information. On the other hand, attackers have increased their efforts to render systems on networks susceptible. An efficient intrusion detection system is essential since technological advancements embark on new kinds of attacks and security limitations. This paper implements a hybrid model for Intrusion Detection (ID) with Machine Learning (ML) and Deep Learning (DL) techniques to tackle these limitations. The proposed model makes use of Extreme Gradient Boosting (XGBoost) and convolutional neural networks (CNN) for feature extraction and then combines each of these with long short-term memory networks (LSTM) for classification. Four benchmark datasets CIC IDS 2017, UNSW NB15, NSL KDD, and WSN DS were used to train the model for binary and multi-class classification. With the increase in feature dimensions, current intrusion detection systems have trouble identifying new threats due to low test accuracy scores. To narrow down each dataset's feature space, XGBoost, and CNN feature selection algorithms are used in this work for each separate model. The experimental findings demonstrate a high detection rate and good accuracy with a relatively low False Acceptance Rate (FAR) to prove the usefulness of the proposed hybrid model.

Khadija M Abuali,Liyth Nissirat,Aida Al-Samawi

DOI: https://doi.org/10.3390/s23218959

2023-11-03

Abstract:With the rapid growth of social media networks and internet accessibility, most businesses are becoming vulnerable to a wide range of threats and attacks. Thus, intrusion detection systems (IDSs) are considered one of the most essential components for securing organizational networks. They are the first line of defense against online threats and are responsible for quickly identifying potential network intrusions. Mainly, IDSs analyze the network traffic to detect any malicious activities in the network. Today, networks are expanding tremendously as the demand for network services is expanding. This expansion leads to diverse data types and complexities in the network, which may limit the applicability of the developed algorithms. Moreover, viruses and malicious attacks are changing in their quantity and quality. Therefore, recently, several security researchers have developed IDSs using several innovative techniques, including artificial intelligence methods. This work aims to propose a support vector machine (SVM)-based deep learning system that will classify the data extracted from servers to determine the intrusion incidents on social media. To implement deep learning-based IDSs for multiclass classification, the CSE-CIC-IDS 2018 dataset has been used for system evaluation. The CSE-CIC-IDS 2018 dataset was subjected to several preprocessing techniques to prepare it for the training phase. The proposed model has been implemented in 100,000 instances of a sample dataset. This study demonstrated that the accuracy, true-positive recall, precision, specificity, false-positive recall, and F-score of the proposed model were 100%, 100%, 100%, 100%, 0%, and 100%, respectively.