To see the other types of publications on this topic, follow the link: CSE-CIC-IDS-2018.
Journal articles on the topic 'CSE-CIC-IDS-2018'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 36 journal articles for your research on the topic 'CSE-CIC-IDS-2018.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Chimphlee, Witcha, and Siriporn Chimphlee. "Hyperparameters optimization XGBoost for network intrusion detection using CSE-CIC-IDS 2018 dataset." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 817. http://dx.doi.org/10.11591/ijai.v13.i1.pp817-826.
Full textAbstract:
<p>With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learni ng algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CIC-IDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.</p>
2
Chimphlee, Witcha, and Siriporn Chimphlee. "Hyperparameters optimization XGBoost for network intrusion detection using CSE-CIC-IDS 2018 dataset." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 817–26. https://doi.org/10.11591/ijai.v13.i1.pp817-826.
Full textAbstract:
With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learni ng algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CICIDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.
3
Songma, Surasit, Theera Sathuphan, and Thanakorn Pamutha. "Optimizing Intrusion Detection Systems in Three Phases on the CSE-CIC-IDS-2018 Dataset." Computers 12, no. 12 (2023): 245. http://dx.doi.org/10.3390/computers12120245.
Full textAbstract:
This article examines intrusion detection systems in depth using the CSE-CIC-IDS-2018 dataset. The investigation is divided into three stages: to begin, data cleaning, exploratory data analysis, and data normalization procedures (min-max and Z-score) are used to prepare data for use with various classifiers; second, in order to improve processing speed and reduce model complexity, a combination of principal component analysis (PCA) and random forest (RF) is used to reduce non-significant features by comparing them to the full dataset; finally, machine learning methods (XGBoost, CART, DT, KNN, MLP, RF, LR, and Bayes) are applied to specific features and preprocessing procedures, with the XGBoost, DT, and RF models outperforming the others in terms of both ROC values and CPU runtime. The evaluation concludes with the discovery of an optimal set, which includes PCA and RF feature selection.
4
Shyaa, Methaq A., Zurinahni Zainol, Rosni Abdullah, Mohammed Anbar, Laith Alzubaidi, and José Santamaría. "Enhanced Intrusion Detection with Data Stream Classification and Concept Drift Guided by the Incremental Learning Genetic Programming Combiner." Sensors 23, no. 7 (2023): 3736. http://dx.doi.org/10.3390/s23073736.
Full textAbstract:
Concept drift (CD) in data streaming scenarios such as networking intrusion detection systems (IDS) refers to the change in the statistical distribution of the data over time. There are five principal variants related to CD: incremental, gradual, recurrent, sudden, and blip. Genetic programming combiner (GPC) classification is an effective core candidate for data stream classification for IDS. However, its basic structure relies on the usage of traditional static machine learning models that receive onetime training, limiting its ability to handle CD. To address this issue, we propose an extended variant of the GPC using three main components. First, we replace existing classifiers with alternatives: online sequential extreme learning machine (OSELM), feature adaptive OSELM (FA-OSELM), and knowledge preservation OSELM (KP-OSELM). Second, we add two new components to the GPC, specifically, a data balancing and a classifier update. Third, the coordination between the sub-models produces three novel variants of the GPC: GPC-KOS for KA-OSELM; GPC-FOS for FA-OSELM; and GPC-OS for OSELM. This article presents the first data stream-based classification framework that provides novel strategies for handling CD variants. The experimental results demonstrate that both GPC-KOS and GPC-FOS outperform the traditional GPC and other state-of-the-art methods, and the transfer learning and memory features contribute to the effective handling of most types of CD. Moreover, the application of our incremental variants on real-world datasets (KDD Cup ‘99, CICIDS-2017, CSE-CIC-IDS-2018, and ISCX ‘12) demonstrate improved performance (GPC-FOS in connection with CSE-CIC-IDS-2018 and CICIDS-2017; GPC-KOS in connection with ISCX2012 and KDD Cup ‘99), with maximum accuracy rates of 100% and 98% by GPC-KOS and GPC-FOS, respectively. Additionally, our GPC variants do not show superior performance in handling blip drift.
5
International, Journal for Research In Science &. Advanced Technologies. "Cloud Computing Environment: An Effective New Intrusion Detection System." International Journal for Research In Science & Advanced Technologies 25, no. 05 (2025): 33–42. https://doi.org/10.5281/zenodo.15597744.
Full textAbstract:
Rife acceptance of Cloud Computing has made it bull’s eye for the hackers. Intrusion detection System (IDS) plays a vibrant role for it. Researchers have done marvelous works on the development of a competence IDS. But there are many challenges still exists with IDS. One of the biggest concerns is that the computational complexity and false alarms of the IDS escalates with the increase in the number of features or attributes of the dataset. Hence, the concept of Feature Selection (FS) contributes an all-important role for the buildout of an efficacious IDS. New FS algorithm is put forward which is the modified Firefly Algorithm in which Decision Tree (DT) classifier is used as the classification function. We have used the hybrid classifier which is the combination of neural network and DT. We have used CSE CIC IDS 2018 dataset and simulated dataset for performance assessment. Our examination pragmatic that the performance of proposed architecture is better than the state-of-the-art algorithms.
6
Abuali, Khadija M., Liyth Nissirat, and Aida Al-Samawi. "Advancing Network Security with AI: SVM-Based Deep Learning for Intrusion Detection." Sensors 23, no. 21 (2023): 8959. http://dx.doi.org/10.3390/s23218959.
Full textAbstract:
With the rapid growth of social media networks and internet accessibility, most businesses are becoming vulnerable to a wide range of threats and attacks. Thus, intrusion detection systems (IDSs) are considered one of the most essential components for securing organizational networks. They are the first line of defense against online threats and are responsible for quickly identifying potential network intrusions. Mainly, IDSs analyze the network traffic to detect any malicious activities in the network. Today, networks are expanding tremendously as the demand for network services is expanding. This expansion leads to diverse data types and complexities in the network, which may limit the applicability of the developed algorithms. Moreover, viruses and malicious attacks are changing in their quantity and quality. Therefore, recently, several security researchers have developed IDSs using several innovative techniques, including artificial intelligence methods. This work aims to propose a support vector machine (SVM)-based deep learning system that will classify the data extracted from servers to determine the intrusion incidents on social media. To implement deep learning-based IDSs for multiclass classification, the CSE-CIC-IDS 2018 dataset has been used for system evaluation. The CSE-CIC-IDS 2018 dataset was subjected to several preprocessing techniques to prepare it for the training phase. The proposed model has been implemented in 100,000 instances of a sample dataset. This study demonstrated that the accuracy, true-positive recall, precision, specificity, false-positive recall, and F-score of the proposed model were 100%, 100%, 100%, 100%, 0%, and 100%, respectively.
7
Gutiérrez-Galeano, Leopoldo, Juan-José Domínguez-Jiménez, Jörg Schäfer, and Inmaculada Medina-Bulo. "LLM-Based Cyberattack Detection Using Network Flow Statistics." Applied Sciences 15, no. 12 (2025): 6529. https://doi.org/10.3390/app15126529.
Full textAbstract:
Cybersecurity is a growing area of research due to the constantly emerging new types of cyberthreats. Tools and techniques exist to keep systems secure against certain known types of cyberattacks, but are insufficient for others that have recently appeared. Therefore, research is needed to design new strategies to deal with new types of cyberattacks as they arise. Existing tools that harness artificial intelligence techniques mainly use artificial neural networks designed from scratch. In this paper, we present a novel approach for cyberattack detection using an encoder–decoder pre-trained Large Language Model (T5), fine-tuned to adapt its classification scheme for the detection of cyberattacks. Our system is anomaly-based and takes statistics of already finished network flows as input. This work makes significant contributions by introducing a novel methodology for adapting its original task from natural language processing to cybersecurity, achieved by transforming numerical network flow features into a unique abstract artificial language for the model input. We validated the robustness of our detection system across three datasets using undersampling. Our model achieved consistently high performance across all evaluated datasets. Specifically, for the CIC-IDS-2017 dataset, we obtained an accuracy, precision, recall, and F-score of more than 99.94%. For CSE-CIC-IDS-2018, these metrics exceeded 99.84%, and for BCCC-CIC-IDS-2017, they were all above 99.90%. These results collectively demonstrate superior performance for cyberattack detection, while maintaining highly competitive false-positive rates and false-negative rates. This efficacy is achieved by relying exclusively on real-world network flow statistics, without the need for synthetic data generation.
8
R M, Balajee, and Jayanthi Kannan M K. "Intrusion Detection on AWS Cloud through Hybrid Deep Learning Algorithm." Electronics 12, no. 6 (2023): 1423. http://dx.doi.org/10.3390/electronics12061423.
Full textAbstract:
The network security and cloud environment have been playing vital roles in today’s era due to increased network data transmission, the cloud’s elasticity, pay as you go and global distributed resources. A recent survey for the cloud environment involving 300 organizations in North America with 500 or more employees who had spent a minimum of USD 1 million on cloud infrastructure, as per March 2022 statistics, stated that 79% of organizations experienced at least one cloud data breach. In the year 2022, the AWS cloud provider leads the market share with 34% and a USD 200 billion cloud market, proving important and producing the motivation to improve the detection of intrusion with respect to network security on the basis of the AWS cloud dataset. The chosen CSE-CIC-IDS-2018 dataset had network attack details based on the real time attack carried out on the AWS cloud infrastructure. The proposed method here is the hybrid deep learning based approach, which uses the raw data first to do the pre-processing and then for normalization. The normalized data have been feature extracted from seventy-six fields to seven bottlenecks using Principal Component Analysis (PCA); those seven extracted features of every packet have been categorized as two-way soft-clustered (attack and non-attack) using the Smart Monkey Optimized Fuzzy C-Means algorithm (SMO-FCM). The attack cluster data have been further provided as inputs for the deep learning based AutoEncoder algorithm, which provides the outputs as attack classifications. Finally, the accuracy of the results in intrusion detection using the proposed technique (PCA + SMO-FCM + AE) is achieved as 95% over the CSE-CIC-IDS-2018 dataset, which is the highest known for state-of-the-art protocols compared with 11 existing techniques.
9
Dini, Pierpaolo, Abdussalam Elhanashi, Andrea Begni, Sergio Saponara, Qinghe Zheng, and Kaouther Gasmi. "Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity." Applied Sciences 13, no. 13 (2023): 7507. http://dx.doi.org/10.3390/app13137507.
Full textAbstract:
The Intrusion Detection System (IDS) is an effective tool utilized in cybersecurity systems to detect and identify intrusion attacks. With the increasing volume of data generation, the possibility of various forms of intrusion attacks also increases. Feature selection is crucial and often necessary to enhance performance. The structure of the dataset can impact the efficiency of the machine learning model. Furthermore, data imbalance can pose a problem, but sampling approaches can help mitigate it. This research aims to explore machine learning (ML) approaches for IDS, specifically focusing on datasets, machine algorithms, and metrics. Three datasets were utilized in this study: KDD 99, UNSW-NB15, and CSE-CIC-IDS 2018. Various machine learning algorithms were chosen and examined to assess IDS performance. The primary objective was to provide a taxonomy for interconnected intrusion detection systems and supervised machine learning algorithms. The selection of datasets is crucial to ensure the suitability of the model construction for IDS usage. The evaluation was conducted for both binary and multi-class classification to ensure the consistency of the selected ML algorithms for the given dataset. The experimental results demonstrated accuracy rates of 100% for binary classification and 99.4In conclusion, it can be stated that supervised machine learning algorithms exhibit high and promising classification performance based on the study of three popular datasets.
10
Dini, Pierpaolo, Abdussalam Elhanashi, Andrea Begni, Sergio Saponara, Qinghe Zheng, and kaouther Gasmi. "Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity." Applied Sciences 13 (June 25, 2023): 13. https://doi.org/10.3390/app13137507.
Full textAbstract:
The Intrusion Detection System (IDS) is an effective tool utilized in cybersecurity systems to detect and identify intrusion attacks. With the increasing volume of data generation, the possibility of various forms of intrusion attacks also increases. Feature selection is crucial and often necessary to enhance performance. The structure of the dataset can impact the efficiency of the machine learning model. Furthermore, data imbalance can pose a problem, but sampling approaches can help mitigate it. This research aims to explore machine learning (ML) approaches for IDS, specifically focusing on datasets, machine algorithms, and metrics. Three datasets were utilized in this study: KDD 99, UNSW-NB15, and CSE-CIC-IDS 2018. Various machine learning algorithms were chosen and examined to assess IDS performance. The primary objective was to provide a taxonomy for interconnected intrusion detection systems and supervised machine learning algorithms. The selection of datasets is crucial to ensure the suitability of the model construction for IDS usage. The evaluation was conducted for both binary and multi-class classification to ensure the consistency of the selected ML algorithms for the given dataset. The experimental results demonstrated accuracy rates of 100% for binary classification and 99.4In conclusion, it can be stated that supervised machine learning algorithms exhibit high and promising classification performance based on the study of three popular datasets.
11
Imanbayev, Azamat, Sakhybay Tynymbayev, Roman Odarchenko, et al. "Research of Machine Learning Algorithms for the Development of Intrusion Detection Systems in 5G Mobile Networks and Beyond." Sensors 22, no. 24 (2022): 9957. http://dx.doi.org/10.3390/s22249957.
Full textAbstract:
The introduction of fifth generation mobile networks is underway all over the world which makes many people think about the security of the network from any hacking. Over the past few years, researchers from around the world have raised this issue intensively as new technologies seek to integrate into many areas of business and human infrastructure. This paper proposes to implement an IDS (Intrusion Detection System) machine learning approach into the 5G core architecture to serve as part of the security architecture. This paper gives a brief overview of intrusion detection datasets and compares machine learning and deep learning algorithms for intrusion detection. The models are built on the basis of two network data CICIDS2017 and CSE-CIC-IDS-2018. After testing, the ML and DL models are compared to find the best fit with a high level of accuracy. Gradient Boost emerged as the top method when we compared the best results based on metrics, displaying 99.3% for a secure dataset and 96.4% for attacks on the test set.
12
Chimphlee, Siriporn, and Witcha Chimphlee. "Machine learning to improve the performance of anomaly-based network intrusion detection in big data." Indonesian Journal of Electrical Engineering and Computer Science 30, no. 2 (2023): 1106. http://dx.doi.org/10.11591/ijeecs.v30.i2.pp1106-1119.
Full textAbstract:
With the rapid growth of digital technology communications are overwhelmed by network data traffic. The demand for the internet is growing every day in today's cyber world, raising concerns about network security. Big Data are a term that describes a vast volume of complicated data that is critical for evaluating network patterns and determining what has occurred in the network. Therefore, detecting attacks in a large network is challenging. Intrusion detection system (IDS) is a promising cybersecurity research field. In this paper, we proposed an efficient classification scheme for IDS, which is divided into two procedures, on the CSE-CIC-IDS-2018 dataset, data pre-processing techniques including under-sampling, feature selection, and classifier algorithms were used to assess and decide the best performing model to classify invaders. We have implemented and compared seven classifier machine learning algorithms with various criteria. This work explored the application of the random forest (RF) for feature selection in conjunction with machine learning (ML) techniques including linear regression (LR), k-Nearest Neighbor (k-NN), classification and regression trees (CART), Bayes, RF, multi layer perceptron (MLP), and XGBoost in order to implement IDSS. The experimental results show that the MLP algorithm in the most successful with best performance with evaluation matrix.
13
Cikambasi, Ciza Lukogo, Lawrence Mwenda Muriira, and Robert Mutua Murungi. "Deep Learning Network Intrusion Detection with the Conv1d-Lstm Model: Integrating CNN and LSTM For Superior Performance." International Journal of Professional Practice 12, no. 4 (2024): 41–49. https://doi.org/10.71274/ijpp.v12i4.475.
Full textAbstract:
Increased cases of cyber-attack and the rising levels of sophistication presents a significant threat to corporate networks, resulting in potential data breaches, financial losses, and reputational harm. Traditional Intrusion Detection Systems, which rely on predefined signatures and rules, have proven inadequate due to high false positive and false negative rates. This study introduces an innovative AI-based intrusion detection model to enhance corporate network security leveraging on deep learning techniques. The objective was to propose a Conv1d-LSTM Model, integrating convolutional neural networks (CNN) and recurrent neural networks (RNN) to analyze network traffic data from the CSE-CIC-IDS-2018 dataset, which encompasses a wide array of attack types, and provides a realistic representation of modern network traffic. This deep learning model effectively detects complex patterns and temporal dependencies in the data. The performance of the innovated model was evaluated using precision, accuracy, recall, and F1 score, to demonstrate its superior detection capabilities compared to conventional Intrusion Detection Systems (IDS). Additionally, a comparative analysis of CNN and RNN performance on the same dataset was conducted, highlighting the strengths and limitations of each approach. This research underscores the importance of integrating advanced AI methodologies into IDS frameworks to protect corporate networks from cyber threats.
14
Siriporn, Chimphlee, and Chimphlee Witcha. "Machine learning to improve the performance of anomalybased network intrusion detection in big data." Machine learning to improve the performance of anomalybased network intrusion detection in big data 30, no. 2 (2023): 1106–19. https://doi.org/10.11591/ijeecs.v30.i2.pp1106-1119.
Full textAbstract:
With the rapid growth of digital technology communications are overwhelmed by network data traffic. The demand for the internet is growing every day in today's cyber world, raising concerns about network security. Big Data are a term that describes a vast volume of complicated data that is critical for evaluating network patterns and determining what has occurred in the network. Therefore, detecting attacks in a large network is challenging. Intrusion detection system (IDS) is a promising cybersecurity research field. In this paper, we proposed an efficient classification scheme for IDS, which is divided into two procedures, on the CSE-CIC-IDS-2018 dataset, data pre-processing techniques including under-sampling, feature selection, and classifier algorithms were used to assess and decide the best performing model to classify invaders. We have implemented and compared seven classifier machine learning algorithms with various criteria. This work explored the application of the random forest (RF) for feature selection in conjunction with machine learning (ML) techniques including linear regression (LR), k-Nearest Neighbor (k-NN), classification and regression trees (CART), Bayes, RF, multi layer perceptron (MLP), and XGBoost in order to implement IDSS. The experimental results show that the MLP algorithm in the most successful with best performance with evaluation matrix.
15
Kharismadhany, Ekky, Maretha Ruswiansari, and Tri Harsono. "Brute-force Detection Using Ensemble Classification." INTEK: Jurnal Penelitian 9, no. 2 (2023): 98. http://dx.doi.org/10.31963/intek.v9i2.3550.
Full textAbstract:
Traditional brute-force is a dictionary-based attack that tries to unlock an authentication process in service. This type of brute force can be applied in web and SSH services, and brute-force XSS injects JavaScript code. In this paper, we explore four types of ensemble classifiers using CIC-CSE-IDS 2018 to determine which yields the highest accuracy, recall, precision, and F1 in detecting three types of brute force. The first step of the research is to normalise the dataset with the tanH operator. The second step is to train the single classifier to determine three types of single classifiers combined as ensemble classifiers. The last step is predicting and comparing the results of four ensemble classifiers. The stacking algorithm achieves the best test result that reaches 94.87%, 99.94%, 98.82%, and 99.37% for accuracy, precision, recall, and F1, respectively.
16
Ullah, Safi, Muazzam A. Khan, Jawad Ahmad, et al. "HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles." Sensors 22, no. 4 (2022): 1340. http://dx.doi.org/10.3390/s22041340.
Full textAbstract:
Internet of Vehicles (IoV) is an application of the Internet of Things (IoT) network that connects smart vehicles to the internet, and vehicles with each other. With the emergence of IoV technology, customers have placed great attention on smart vehicles. However, the rapid growth of IoV has also caused many security and privacy challenges that can lead to fatal accidents. To reduce smart vehicle accidents and detect malicious attacks in vehicular networks, several researchers have presented machine learning (ML)-based models for intrusion detection in IoT networks. However, a proficient and real-time faster algorithm is needed to detect malicious attacks in IoV. This article proposes a hybrid deep learning (DL) model for cyber attack detection in IoV. The proposed model is based on long short-term memory (LSTM) and gated recurrent unit (GRU). The performance of the proposed model is analyzed by using two datasets—a combined DDoS dataset that contains CIC DoS, CI-CIDS 2017, and CSE-CIC-IDS 2018, and a car-hacking dataset. The experimental results demonstrate that the proposed algorithm achieves higher attack detection accuracy of 99.5% and 99.9% for DDoS and car hacks, respectively. The other performance scores, precision, recall, and F1-score, also verify the superior performance of the proposed framework.
17
Najafi Mohsenabad, Hadi, and Mehmet Ali Tut. "Optimizing Cybersecurity Attack Detection in Computer Networks: A Comparative Analysis of Bio-Inspired Optimization Algorithms Using the CSE-CIC-IDS 2018 Dataset." Applied Sciences 14, no. 3 (2024): 1044. http://dx.doi.org/10.3390/app14031044.
Full textAbstract:
In computer network security, the escalating use of computer networks and the corresponding increase in cyberattacks have propelled Intrusion Detection Systems (IDSs) to the forefront of research in computer science. IDSs are a crucial security technology that diligently monitor network traffic and host activities to identify unauthorized or malicious behavior. This study develops highly accurate models for detecting a diverse range of cyberattacks using the fewest possible features, achieved via a meticulous selection of features. We chose 5, 9, and 10 features, respectively, using the Artificial Bee Colony (ABC), Flower Pollination Algorithm (FPA), and Ant Colony Optimization (ACO) feature-selection techniques. We successfully constructed different models with a remarkable detection accuracy of over 98.8% (approximately 99.0%) with Ant Colony Optimization (ACO), an accuracy of 98.7% with the Flower Pollination Algorithm (FPA), and an accuracy of 98.6% with the Artificial Bee Colony (ABC). Another achievement of this study is the minimum model building time achieved in intrusion detection, which was equal to 1 s using the Flower Pollination Algorithm (FPA), 2 s using the Artificial Bee Colony (ABC), and 3 s using Ant Colony Optimization (ACO). Our research leverages the comprehensive and up-to-date CSE-CIC-IDS2018 dataset and uses the preprocessing Discretize technique to discretize data. Furthermore, our research provides valuable recommendations to network administrators, aiding them in selecting appropriate machine learning algorithms tailored to specific requirements.
18
Songma, Surasit, Watcharakorn Netharn, and Siriluck Lorpunmanee. "Extending Network Intrusion Detection with Enhanced Particle Swarm Optimization Techniques." International journal of Computer Networks & Communications 16, no. 4 (2024): 61–85. http://dx.doi.org/10.5121/ijcnc.2024.16404.
Full textAbstract:
The present research investigates how to improve Network Intrusion Detection Systems (NIDS) by combining Machine Learning (ML) and Deep Learning (DL) techniques, addressing the growing challenge of cybersecurity threats. A thorough process for data preparation, comprising activities like cleaning, normalization, and segmentation into training and testing sets, lays the framework for model training and evaluation. The study uses the CSE-CIC-IDS 2018 and LITNET-2020 datasets to compare ML methods (Decision Trees, Random Forest, XGBoost) and DL models (CNNs, RNNs, DNNs, MLP) against key performance metrics (Accuracy, Precision, Recall, and F1-Score). The Decision Tree model performed better across all measures after being fine-tuned with Enhanced Particle Swarm Optimization (EPSO), demonstrating the model's ability to detect network breaches effectively. The findings highlight EPSO's importance in improving ML classifiers for cybersecurity, proposing a strong framework for NIDS with high precision and dependability. This extensive analysis not only contributes to the cybersecurity arena by providing a road to robust intrusion detection solutions, but it also proposes future approaches for improving ML models to combat the changing landscape of network threats.
19
Bhaskara, I. Made Wasanta, I. Putu Gede Hendra Suputra, I. Made Widiartha, I. Gusti Agung Gede Arya Kadyanan, I. Gusti Ngurah Anom Cahyadi Putra, and Ida Bagus Gede Dwidasmara. "Klasifikasi Serangan Distributed Denial of Service (DDoS) Menggunakan Random Forest Dengan CFS." JELIKU (Jurnal Elektronik Ilmu Komputer Udayana) 11, no. 2 (2022): 215. http://dx.doi.org/10.24843/jlk.2022.v11.i02.p01.
Full textAbstract:
Distributed Denial of Service (DDoS) attacks can have serious impacts on your organization and can cause enormous losses. This attack works by sending a computer or server an amount of requests that exceeds the capabilities of that computer. When classifying DDoS attacks in this study, feature selection is performed using correlation-based feature selection (CFS). The dataset used by the author in this study is CSE-CIC-IDS 2018. Feature selection on a dataset using CFS gets the results in the form of features related to the dataset. That is, a total of 31 features with a relationship score greater than 0.1. The average precision generated by the system using the random forest method and CFS function selection is 99.784%. Accuracy is the result of using the number of trees parameter with a value of 10. For a random forest model with no feature selection, the highest accuracy is 49.501%. This indicates that changing the random forest model parameters and selecting the CFS feature will affect high accuracy.
20
Bakro, Mhamad, Rakesh Ranjan Kumar, Amerah A. Alabrah, et al. "Efficient Intrusion Detection System in the Cloud Using Fusion Feature Selection Approaches and an Ensemble Classifier." Electronics 12, no. 11 (2023): 2427. http://dx.doi.org/10.3390/electronics12112427.
Full textAbstract:
The application of cloud computing has increased tremendously in both public and private organizations. However, attacks on cloud computing pose a serious threat to confidentiality and data integrity. Therefore, there is a need for a proper mechanism for detecting cloud intrusions. In this paper, we have proposed a cloud intrusion detection system (IDS) that is focused on boosting the classification accuracy by improving feature selection and weighing the ensemble model with the crow search algorithm (CSA). The feature selection is handled by combining both filter and automated models to obtain improved feature sets. The ensemble classifier is made up of machine and deep learning models such as long short-term memory (LSTM), support vector machine (SVM), XGBoost, and a fast learning network (FLN). The proposed ensemble model’s weights are generated with the CSA to obtain better prediction results. Experiments are executed on the NSL-KDD, Kyoto, and CSE-CIC-IDS-2018 datasets. The simulation shows that the suggested system attained more satisfactory results in terms of accuracy, recall, precision, and F-measure than conventional approaches. The detection rate and false alarm rate (FAR) of different attack types was more efficient for each dataset. The classifiers’ performances were also compared individually to the ensemble model in terms of the false positive rate (FPR) and false negative rate (FNR) to demonstrate the ensemble model’s robustness.
21
Prabu, K., and P. Sudhakar. "A hybrid deep learning approach for enhanced network intrusion detection." Indonesian Journal of Electrical Engineering and Computer Science 33, no. 3 (2024): 1915. http://dx.doi.org/10.11591/ijeecs.v33.i3.pp1915-1923.
Full textAbstract:
The contemporary era places paramount importance on network security and cloud environments, driven by increased data transmission demands, the flexibility of cloud services, and the prevalence of global resources. Addressing the escalating threat of computer malware, the development of efficient intrusion detection systems (IDS) is imperative. This research focuses on the challenges posed by imbalanced datasets and the necessity for unsupervised learning to enhance network security. The proposed hybrid deep learning method utilizes raw data from the CSE-CIC-IDS-2018 dataset, integrating imbalanced and unsupervised learning techniques. After preprocessing and normalization, feature extraction through principal component analysis (PCA) reduces dimensionality from seventy-eight fields to ten essential features. Clustering, employing the density-based spatial clustering of applications with noise (DBSCAN) algorithm optimized with particle swarm optimization (PSO), is applied to the extracted features, distinguishing between attack and non-attack packets. Addressing dataset imbalances, imbalanced learning techniques are employed, and unsupervised learning is exemplified through the AutoEncoder (AE) algorithm. The attack cluster’s data is input into AE, a deep learning-based approach, yielding outputs for attack classification. The proposed technique (PCA+DBSCANPSO+AE) achieves an impressive 99.19% accuracy in intrusion detection, surpassing contemporary methodologies and five existing techniques. This research not only enhances accuracy but also addresses imbalanced learning challenges, utilizing the power of unsupervised learning for robust network security.
22
Prabu, K., and P. Sudhakar. "A hybrid deep learning approach for enhanced network intrusion detection." Indonesian Journal of Electrical Engineering and Computer Science 33, no. 3 (2024): 1915–23. https://doi.org/10.11591/ijeecs.v33.i3.pp1915-1923.
Full textAbstract:
The contemporary era places paramount importance on network security and cloud environments, driven by increased data transmission demands, the flexibility of cloud services, and the prevalence of global resources. Addressing the escalating threat of computer malware, the development of efficient intrusion detection systems (IDS) is imperative. This research focuses on the challenges posed by imbalanced datasets and the necessity for unsupervised learning to enhance network security. The proposed hybrid deep learning method utilizes raw data from the CSE-CIC-IDS-2018 dataset, integrating imbalanced and unsupervised learning techniques. After preprocessing and normalization, feature extraction through principal component analysis (PCA) reduces dimensionality from seventy-eight fields to ten essential features. Clustering, employing the density-based spatial clustering of applications with noise (DBSCAN) algorithm optimized with particle swarm optimization (PSO), is applied to the extracted features, distinguishing between attack and non-attack packets. Addressing dataset imbalances, imbalanced learning techniques are employed, and unsupervised learning is exemplified through the AutoEncoder (AE) algorithm. The attack cluster’s data is input into AE, a deep learning-based approach, yielding outputs for attack classification. The proposed technique (PCA+DBSCANPSO+AE) achieves an impressive 99.19% accuracy in intrusion detection, surpassing contemporary methodologies and five existing techniques. This research not only enhances accuracy but also addresses imbalanced learning challenges, utilizing the power of unsupervised learning for robust network security.
23
Shrestha, Rakesh, Atefeh Omidkar, Sajjad Ahmadi Roudi, Robert Abbas, and Shiho Kim. "Machine-Learning-Enabled Intrusion Detection System for Cellular Connected UAV Networks." Electronics 10, no. 13 (2021): 1549. http://dx.doi.org/10.3390/electronics10131549.
Full textAbstract:
The recent development and adoption of unmanned aerial vehicles (UAVs) is due to its wide variety of applications in public and private sector from parcel delivery to wildlife conservation. The integration of UAVs, 5G, and satellite technologies has prompted telecommunication networks to evolve to provide higher-quality and more stable service to remote areas. However, security concerns with UAVs are growing as UAV nodes are becoming attractive targets for cyberattacks due to enormously growing volumes and poor and weak inbuilt security. In this paper, we propose a UAV- and satellite-based 5G-network security model that can harness machine learning to effectively detect of vulnerabilities and cyberattacks. The solution is divided into two main parts: the model creation for intrusion detection using various machine learning (ML) algorithms and the implementation of ML-based model into terrestrial or satellite gateways. The system identifies various attack types using realistic CSE-CIC IDS-2018 network datasets published by Canadian Establishment for Cybersecurity (CIC). It consists of seven different types of new and contemporary attack types. This paper demonstrates that ML algorithms can be used to classify benign or malicious packets in UAV networks to enhance security. Finally, the tested ML algorithms are compared for effectiveness in terms of accuracy rate, precision, recall, F1-score, and false-negative rate. The decision tree algorithm performed well by obtaining a maximum accuracy rate of 99.99% and a minimum false negative rate of 0% in detecting various attacks as compared to all other types of ML classifiers.
24
Lin, Hsiao-Chung, Ping Wang, Kuo-Ming Chao, Wen-Hui Lin, and Zong-Yu Yang. "Ensemble Learning for Threat Classification in Network Intrusion Detection on a Security Monitoring System for Renewable Energy." Applied Sciences 11, no. 23 (2021): 11283. http://dx.doi.org/10.3390/app112311283.
Full textAbstract:
Most approaches for detecting network attacks involve threat analyses to match the attack to potential malicious profiles using behavioral analysis techniques in conjunction with packet collection, filtering, and feature comparison. Experts in information security are often required to study these threats, and judging new types of threats accurately in real time is often impossible. Detecting legitimate or malicious connections using protocol analysis is difficult; therefore, machine learning-based function modules can be added to intrusion detection systems to assist experts in accurately judging threat categories by analyzing the threat and learning its characteristics. In this paper, an ensemble learning scheme based on a revised random forest algorithm is proposed for a security monitoring system in the domain of renewable energy to categorize network threats in a network intrusion detection system. To reduce classification error for minority classes of experimental data in model training, the synthetic minority oversampling technique scheme (SMOTE) was formulated to re-balance the original data sets by altering the number of data points for minority class to imbue the experimental data set. The classification performance of the proposed classifier in threat classification when the data set is unbalanced was experimentally verified in terms of accuracy, precision, recall, and F1-score on the UNSW-NB15 and CSE-CIC-IDS 2018 data sets. A cross-validation scheme featuring support vector machines was used to compare classification accuracies.
25
Dai, Qian-yi, Bin Zhang, and Shu-qin Dong. "A DDoS-Attack Detection Method Oriented to the Blockchain Network Layer." Security and Communication Networks 2022 (May 4, 2022): 1–18. http://dx.doi.org/10.1155/2022/5692820.
Full textAbstract:
By nature, a traditional attack method, denial-of-service (DDoS) attack poses a considerable threat to the security of the blockchain network layer. This paper proposes a distributed DDoS-attack traffic detection method based on a cross multilayer convolutional neural network model in the blockchain network layer. The method resolves the low generalisation, high misreporting rate, and low detection efficiency problems of the existing detection methods, which are caused by nondistinctive core features and the high complexity of robust features when detecting DDoS attacks transmitted by mixed protocols on a blockchain network layer. First, the model performs a convolution operation on preprocessed traffic on the blockchain network layer using a cross-layer method based on L2 regularisation. After this operation, the model can perceive the detailed features of attack traffic from multiple levels while enhancing the representational performance of key features; specifically, the parameters with high-variance terms are penalised to limit changes in the model’s weight parameters. The highly robust abstract features of attack traffic are extracted, thereby increasing the generalisation ability and reducing the misreporting rate of the model. Second, parametric encoding of the abstract features is performed by a stacked sparse autoencoder based on Kullback–Leibler divergence, and the sparsity of the model is adjusted to reduce the redundant data and the coupling between abstract features. The outputs of the encoded features are then effectively categorised. Finally, the global optimisation of parameters is performed by an improved random gradient-descent algorithm, which prevents oscillation of the training parameters and accelerates the model convergence. In an experimental evaluation, the proposed method achieved satisfactory binary- and multiclass detection of DDoS-attack traffic on both CSE-CIC-IDS 2018 on the AWS dataset and on the real mixed data of a blockchain network layer.
26
Wang, Tianfeng, Yingying Xu, and Zhenzhou Tang. "Toward fast network intrusion detection for web services: partial-flow feature extraction and dataset construction." International Journal of Web Information Systems, December 17, 2024. https://doi.org/10.1108/ijwis-09-2024-0261.
Full textAbstract:
Purpose Timely intrusion detection in extensive traffic remains a pressing and complex challenge, including for Web services. Current research emphasizes improving detection accuracy through machine learning, with scant attention paid to the dataset’s impact on the capability for fast detection. Many datasets rely on flow-level features, requiring entire flow completion before determining if it constitutes an attack, reducing efficiency. This paper aims to introduce a new feature extraction method and construct a new security dataset that enhances detection efficiency. Design/methodology/approach This paper proposes a novel partial-flow feature extraction method that extracts packet-level features efficiently to reduce the high latency of flow-level extraction. The method also integrates statistical and temporal features derived from partial flows to improve accuracy. The method was applied to the original packet capture (PCAP) files utilized in creating the CSE-CIC-IDS 2018 dataset, resulting in the development of the WKLIN-WEB-2023 dataset specifically designed for web intrusion detection. The effectiveness of this method was evaluated by training nine classification models on both the WKLIN-WEB-2023 and CSE-CIC-IDS 2018 datasets. Findings The experimental results show that models trained on the WKLIN-WEB-2023 dataset consistently outperform those on the CSE-CIC-IDS 2018 dataset across precision, recall, f1-score, and detection latency. This demonstrates the superior effectiveness of the new dataset in enhancing both the efficiency and accuracy of intrusion detection. Originality/value This study proposes the partial-flow feature extraction method, creating the WKLIN-WEB-2023 dataset. This novel approach significantly enhances detection efficiency while maintaining classification performance, providing a valuable foundation for further research on intrusion detection efficiency.
27
-, Radhika S. K., Ashwini S. P. -, and Dr Jalesh Kumar -. "A Survey on different Machine Learning algorithms that are compatible with CSE-CIC IDS 2018 Dataset." International Journal For Multidisciplinary Research 6, no. 6 (2024). http://dx.doi.org/10.36948/ijfmr.2024.v06i06.29927.
Full textAbstract:
This paper mainly devotes on these machine learning models: Decision Trees, Naive Bayes, Gradient descent, support vector machine and Random Forest describing different potential threats represented with CSE-CIC-IDS2018 dataset. Multiclass classifications have been included to check which of the machine models will effectively identify and prevent intrusion into the network.
28
Singh, Himanshu, and Mahima Bansal. "Empirical Analysis of Machine Learning Techniques for Intrusion Detection in Network System." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 07, no. 02 (2023). http://dx.doi.org/10.55041/ijsrem17734.
Full textAbstract:
Abstract—Increasing network resource usage creates security risks with it. Malwares and other sources may disrupt the system operations and inadequate security holes in systems. Intrusion Detection System(IDS) is invented to alert admins in case of such security breaches. In order to enhance IDS systems, artificial intelligence as well as . In this research, literature studies employing CSE-CIC IDS- 2018, UNSW-NB15, ISCX-2012, NSLKDD and CIDDS-001 data sets, frequently used to design IDS systems, updated in detail. In addition, max-min normalisation was done on these data sets and classed created utilising ,K NN algo, vector support machine (SVM), Decision Tree (DT) algorithms, which among the most ancient ML approaches. As a result, some genuinely good results have been analyzed. Index Terms—Intrusion, Machine Learning, Security
29
Wu, Chunwang, Xiaolei Liu, Kangyi Ding, et al. "Attack detection model for BCoT based on contrastive variational autoencoder and metric learning." Journal of Cloud Computing 13, no. 1 (2024). http://dx.doi.org/10.1186/s13677-024-00678-w.
Full textAbstract:
AbstractWith development of blockchain technology, clouding computing and Internet of Things (IoT), blockchain and cloud of things (BCoT) has become development tendency. But the security has become the most development hinder of BCoT. Attack detection model is a crucial part of attack revelation mechanism for BCoT. As a consequence, attack detection model has received more concerned. Due to the great diversity and variation of network attacks aiming to BCoT, tradition attack detection models are not suitable for BCoT. In this paper, we propose a novel attack detection model for BCoT, denoted as cVAE-DML. The novel model is based on contrastive variational autoencoder (cVAE) and deep metric learning (DML). By training the cVAE, the proposed model generates private features for attack traffic information as well as shared features between attack traffic information and normal traffic information. Based on those generated features, the proposed model can generate representative new samples to balance the training dataset. At last, the decoder of cVAE is connected to the deep metric learning network to detect attack aiming to BCoT. The efficiency of cVAE-DML is verified using the CIC-IDS 2017 dataset and CSE-CIC-IDS 2018 dataset. The results show that cVAE-DML can improve attack detection efficiency even under the condition of unbalanced samples.
30
Kumar, P. Manoj, M. Parvathy, and C. Abinaya Devi. "An Intelligent Approach for Intrusion Detection using Convolutional Neural Network." Journal of Network Security Computer Networks 8, no. 1 (2022). http://dx.doi.org/10.46610/jonscn.2022.v08i01.001.
Full textAbstract:
Intrusion Detection Systems (IDS) is one of the important aspects of cyber security that can detect the anomalies in the network traffic. IDS are a part of Second defense line of a system that can be deployed along with other security measures such as access control, authentication mechanisms and encryption techniques to secure the systems against cyber-attacks. However, IDS suffers from the problem of handling large volume of data and in detecting zero-day attacks (new types of attacks) in a real-time traffic environment. To overcome this problem, an intelligent Deep Learning approach for Intrusion Detection is proposed based on Convolutional Neural Network (CNN-IDS). Initially, the model is trained and tested under a new real-time traffic dataset, CSE-CIC-IDS 2018 dataset. Then, the performance of CNN-IDS model is studied based on three important performance metrics namely, accuracy / training time, detection rate and false alarm rate. Finally, the experimental results are compared with those of various Deep Discriminative models including Recurrent Neural network (RNN), Deep Neural Network (DNN) etc., proposed for IDS under the same dataset. The Comparative results show that the proposed CNN-IDS model is very much suitable for modelling a classification model both in terms of binary and multi-class classification with higher detection rate, accuracy, and lower false alarm rate. The CNN-IDS model improves the accuracy of intrusion detection and provides a new research method for intrusion detection.
31
Alexander Moudiappa, Vinolia, Kanya Nataraj, and Veeramalai Natarajan Rajavarman. "Intrusion Detection System: An Ensemble Deep Learning Approach for Cloud Computing Using EBWO." CURRENT APPLIED SCIENCE AND TECHNOLOGY, January 22, 2025, e0262276. https://doi.org/10.55003/cast.2025.262276.
Full textAbstract:
Cloud computing is the industry standard for data storage, sharing, processing, and other services. It experienced numerous security problems as a result of the regular attacks. These security issues are worsened by the variety of attack situations that exist. One of the most established safety measures applied to cloud computing is the intrusion detection system (IDS). An effective security model is necessary for the IDS system, though, to increase cloud security. In this study, we used ensemble categorization methods and a feature selection algorithm to construct an effective IDS for the cloud environment. The proposed BOT-IOT, CSE-CIC-IDS 2018, and Ciciddos datasets were pre-processed, which involved cleaning the data, applying one hot encoding, and normalizing steps. The Enhanced Black Widow Optimization (EBWO) algorithm was employed to choose the most advantageous reduced feature sets from the provided incursion datasets. We used an ensemble of Hierarchical Multi-scale LSTM (HMLSTM) and Darknet Convolutional Neural Network (DNetCNN) to categorize the attacks. The combination of DNetCNN and HMLSTM was used to identify intrusions, effectively classifying attacks, lowering false alarm rates, and increasing detection rates. Simulation research showed that the proposed strategy performed better than the baseline in terms of F-Score, DR, and FPR, as well as accuracy, detection rate, and precision.
32
Prasad, Arvind, and Shalini Chandra. "Machine learning to combat cyberattack: a survey of datasets and challenges." Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, May 1, 2022, 154851292210948. http://dx.doi.org/10.1177/15485129221094881.
Full textAbstract:
The ever-increasing number of multi-vector cyberattacks has become a concern for all levels of organizations. Attackers are infecting Internet-enabled devices and exploiting them to carry out attacks. These devices are unwittingly becoming part of carrying out cyberattacks. Many studies have proposed machine learning–based promising solutions to stamp out cyberattacks preemptively. We review the machine learning techniques and highlight some promising solutions in recent studies. This study provides the advantage of experimenting with the developed solutions on modern datasets. This survey aims to provide an insightful organization of current developments in cybersecurity datasets and give suggestions for further research. We identified the most frightful cyberattacks and suitable datasets having records related to the attack. This paper discusses modern datasets such as CICIDS2017, CSE-CIC-IDS-2018, CIC-DDoS2019, UNSW-NB15, UNSW-TonIOT, UNSW-BotIoT, DoHBrw2020, and ISCX-URL-2016, which include records of recent sophisticated cyberattacks. This paper will focus on these modern datasets, retrieve detailed knowledge, and experiment with the most commonly used machine learning algorithms. We identify datasets as a significant centric topic that can be addressed with innovative machine learning approaches and solutions to defend against cyberattacks.
33
Menezes, R. Julian, P. Jesu Jayarin, and A. Chandra Sekar. "A bizarre synthesized cascaded optimized predictor (BizSCOP) model for enhancing security in cloud systems." Journal of Cloud Computing 13, no. 1 (2024). http://dx.doi.org/10.1186/s13677-024-00657-1.
Full textAbstract:
AbstractDue to growing network data dissemination in cloud, the elasticity, pay as you go options, globally accessible facilities, and security of networks have become increasingly important in today's world. Cloud service providers, including AWS, Azure, GCP, and others, facilitate worldwide expansion within minutes by offering decentralized communication network functions, hence providing security to cloud is still remains a challenging task. This paper aims to introduce and evaluate the Biz-SCOP model, a novel intrusion detection system developed for cloud security. The research addresses the pressing need for effective intrusion detection in cloud environments by combining hybrid optimization techniques and advanced deep learning methodologies. The study employs prominent intrusion datasets, including CSE-CIC-IDS 2018, CIC-IDS 2017, and a cloud intrusion dataset, to assess the proposed model's performance. The study's design involves implementing the Biz-SCOP model using Matlab 2019 software on a Windows 10 OS platform, utilizing 8 GB RAM and an Intel core i3 processor. The hybrid optimization approach, termed HyPSM, is employed for feature selection, enhancing the model's efficiency. Additionally, an intelligent deep learning model, C2AE, is introduced to discern friendly and hostile communication, contributing to accurate intrusion detection. Key findings indicate that the Biz-SCOP model outperforms existing intrusion detection systems, achieving notable accuracy (99.8%), precision (99.7%), F1-score (99.8%), and GEO (99.9%). The model excels in identifying various attack types, as demonstrated by robust ROC analysis. Interpretations and conclusions emphasize the significance of hybrid optimization and advanced deep learning techniques in enhancing intrusion detection system performance. The proposed model exhibits lower computational load, reduced false positives, ease of implementation, and improved accuracy, positioning it as a promising solution for cloud security.
34
Liu, Haitian, Rong Jiang, and Bin Zhou. "An ensemble approach for unsupervised anomaly and cyber attack detection." Journal of Computer Security, May 11, 2025. https://doi.org/10.1177/0926227x251330216.
Full textAbstract:
With the increased demand for intelligence, neural networks have become an increasingly popular solution for intrusion detection systems (IDS), as their ability to learn complex patterns and behaviors makes them a suitable solution for distinguishing normal traffic from network intrusions. Hence, this paper proposes a new unsupervised IDS ensemble framework that utilizes parallel deep learning techniques based on three different anomaly detection concepts. That is, modeling the detection of point anomalies, collective anomalies, and contextual anomalies simultaneously.These detectors are trained in parallel, and the anomaly scores obtained from each detector are combined to provide the final detection decision. This ensemble approach can simultaneously consider the different types of anomalies in time series data and reduce the impact of overfitting some unsupervised anomaly detectors. Compared to supervised methods, the developed scheme reduces the overhead of manually annotated data and detects online possible novel attack data streams. The proposed ensemble model has been tested on the UNSW-NB15, DAPT 2020 and CSE-CIC-IDS 2018 datasets. Compared to baseline models, the single detectors used to constitute the ensemble model achieve better performance separately in most cases. Through three simple ensemble strategies, Vote, ‘And’ logic and ‘Or’ logic, the ensemble model exhibits improved stability, precision performance, and recall performance, respectively. This demonstrates that the proposed ensemble model can successfully combine the advantages of different unsupervised detectors, offering an advantage over other single unsupervised anomaly detection models. Moreover, the suggested method is effective for detecting various traffic anomalies caused by network intrusions that occur in the datasets.
35
Azeez, Nureni A., Taiwo O. Odeyemi, Chioma C. Isiekwene, and Ademola P. Abidoye. "Cyber Attack Detection in A Global Network Using Machine Learning Approach." FUOYE Journal of Engineering and Technology 8, no. 4 (2023). http://dx.doi.org/10.46792/fuoyejet.v8i4.1113.
Full textAbstract:
In this digital age, inter-device communication is key to seamless and smooth handshaking. Communication can range from Internet of Things communication (IoT), autonomous vehicles, mobile communication and a plethora of other uses. These communications need to be protected against attacks. Unfortunately, with the widespread use of the internet, cyberattacks have become rampant. This research introduces the use of seven (7) machine- learning models alongside four different ensemble methods to compare the effectiveness of different Machine learning algorithms and ensemble models for intrusion detection. The network traffic was categorized as The Onion Router (TOR or non-TOR) traffic and further categorized if the network traffic data was Benign or Bot/Infiltration traffic data. This was achieved using: – Naïve Bayes, Decision Tree, K-Nearest Neighbor, Logistic Regression, Neural Network, Quadratic Discriminant Analysis, and Support Vector Machine. The ensemble models used are Adaboost, Gradient Boosting, Random Forest, and Max Voting. The "CIC IDS 2017", ("CSE-CIC-IDS2018"), "01-03-2018" and "02-03-2018" datasets were used. For dataset 1, among the regular machine learning models, Decision Trees had the highest values. Accuracy was 97.46% and precision was 89.88%. The highest ensemble performer was the Random Forest ensemble, which had an accuracy of 98.28% and a precision score of 93.20%. For dataset 2, Decision Trees also had the highest accuracy score of 99.86% and a precision score of 99.66%. The highest ensemble performer was the Random Forest ensemble which had an accuracy score of 99.89% and a precision score of 99.70%. For dataset 3, amongst the regular machine learning models, Neural Network had the highest accuracy score of 78.68% and a precision value of 72.92% while the highest ensemble performer was Gradient Boosting with an accuracy of 79.16% and a precision score of 81.25%.
36
Raghunath Kumar Babu, D., and A. Packialatha. "Cyber-attack Detection and Mitigation Process under Big Data Consideration: Improved Recursive Feature Elimination-based Feature Selection." Journal of Information & Knowledge Management, September 20, 2024. http://dx.doi.org/10.1142/s0219649224500795.
Full textAbstract:
Due to the rapid growth of network technology, huge volume and distinct data sent via networks is expanding constantly. The situation shows how complex and dense cyber attacks and hazards are developing. Due to the rapid advancement in network density, cyber security specialists find it difficult to monitor all network activity. Due to frequent and sophisticated cyber attacks, it is becoming more challenging to detect and identify abnormalities in network events. The use of deep learning provides a variety of tools and strategies for automated cyber-attack detection as well as quick attack-type prediction as well as evaluation. This work introduces a novel cyber-attack detection and mitigation process under the following phases including preprocessing, feature extraction via the Map Reduce framework that handles the big data, feature selection, attack detection and mitigation. The Improved Normalisation process is achieved on the preprocessing phase. The work is examined from a big data perspective; hence Map Reduce framework is utilised for this. As a result, the framework will manage the feature extraction process, where features including statistical features, raw features, improved correlation-based features, and info gain-based features will be extracted. Following feature extraction, the Improved Recursive Feature Elimination procedure is processed that selects the relevant features. The hybrid detection model, which combines Recurrent Neural Networks (RNN) Deep and Belief Networks (DBN) is used to detect the attacks. Once an attack has been detected, the attacker must be mitigated. To accomplish this, an improved BAIT-based mitigation procedure is used. The two datasets used in this work are, namely, Intrusion Detection Systems (IDS) 2018 Intrusion CSVs (CSE-CIC-IDS2018) and UNSW_NB15. Finally, the suggested model and the alternative methods are contrasted using a variety of measures such as accuracy, sensitivity, specificity, precision, FDR, FNR and FPR.