Relevant bibliographies by topics / Network-based IDPS

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Network-based IDPS'

Author: Grafiati
Published: 4 June 2025
Last updated: 23 June 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Network-based IDPS.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Network-based IDPS"

1

Shalvi, Dave, Trivedi Bhushan, and Mahadevia Jimit. "EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WIRED AND WIRELESS ENVIRONMENT." International Journal of Network Security & Its Applications (IJNSA) 5, no. 2 (2013): 103–15. https://doi.org/10.5281/zenodo.3980296.

Full text
Abstract:
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks. In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
APA, Harvard, Vancouver, ISO, and other styles
2

Dubey, Bhanu Prakash. "A Machine Learning-based Approach for Intrusion Detection and Prevention in Computer Networks." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 11, no. 3 (2020): 2076–86. http://dx.doi.org/10.17762/turcomat.v11i3.13605.

Full text
Abstract:
The potential of cyberattacks and network penetration has increased due to modern enterprises' increasing reliance on computer networks. Such attacks are detected and prevented by intrusion detection and prevention systems (IDPS), although conventional rule-based solutions have difficulties identifying unidentified attacks. Due to its capacity to learn from data and spot patterns of assault that conventional methods could miss, machine learning (ML) techniques have been gaining prominence in IDPS. This article provides a thorough analysis of the several ML methods utilized in IDPS, including supervised, unsupervised, and hybrid techniques. Also, a hybrid ML-based IDPS that combines the advantages of several methodologies for better performance is proposed. Furthermore, covered are the difficulties with ML-based IDPS and potential solutions. It is demonstrated how ML-based IDPS may be applied in real-world situations, emphasizing the advantages of applying ML to intrusion detection and prevention. In conclusion, this study offers insights into the most recent methods for ML-based IDPS and their potential to enhance network security.
APA, Harvard, Vancouver, ISO, and other styles
3

Hadi, Hassan Jalil, Mubashir Adnan, Yue Cao, et al. "iKern: Advanced Intrusion Detection and Prevention at the Kernel Level Using eBPF." Technologies 12, no. 8 (2024): 122. http://dx.doi.org/10.3390/technologies12080122.

Full text
Abstract:
The development of new technologies has significantly enhanced the monitoring and analysis of network traffic. Modern solutions like the Extended Berkeley Packet Filter (eBPF) demonstrate a clear advancement over traditional techniques, allowing for more customized and efficient filtering. These technologies are crucial for influencing system performance as they operate at the lowest layer of the operating system, such as the kernel. Network-based Intrusion Detection/Prevention Systems (IDPS), including Snort, Suricata, and Bro, passively monitor network traffic from terminal access points. However, most IDPS are signature-based and face challenges on large networks, where the drop rate increases due to limitations in capturing and processing packets. High throughput leads to overheads, causing IDPS buffers to drop packets, which can pose serious threats to network security. Typically, IDPS are targeted by volumetric and multi-vector attacks that overload the network beyond the reception and processing capacity of IDPS, resulting in packet loss due to buffer overflows. To address this issue, the proposed solution, iKern, utilizes eBPF and Virtual Network Functions (VNF) to examine and filter packets at the kernel level before forwarding them to user space. Packet stream inspection is performed within the iKern Engine at the kernel level to detect and mitigate volumetric floods and multi-vector attacks. The iKern detection engine, operating within the Linux kernel, is powered by eBPF bytecode injected from user space. This system effectively handles volumetric Distributed Denial of Service (DDoS) attacks. Real-time implementation of this scheme has been tested on a 1Gbps network and shows significant detection and reduction capabilities against volumetric and multi-vector floods.
APA, Harvard, Vancouver, ISO, and other styles
4

Kulkarni, Prakash, Vitor B. P. Leite, Susmita Roy, et al. "Intrinsically disordered proteins: Ensembles at the limits of Anfinsen's dogma." Biophysics Reviews 3, no. 1 (2022): 011306. http://dx.doi.org/10.1063/5.0080512.

Full text
Abstract:
Intrinsically disordered proteins (IDPs) are proteins that lack rigid 3D structure. Hence, they are often misconceived to present a challenge to Anfinsen's dogma. However, IDPs exist as ensembles that sample a quasi-continuum of rapidly interconverting conformations and, as such, may represent proteins at the extreme limit of the Anfinsen postulate. IDPs play important biological roles and are key components of the cellular protein interaction network (PIN). Many IDPs can interconvert between disordered and ordered states as they bind to appropriate partners. Conformational dynamics of IDPs contribute to conformational noise in the cell. Thus, the dysregulation of IDPs contributes to increased noise and “promiscuous” interactions. This leads to PIN rewiring to output an appropriate response underscoring the critical role of IDPs in cellular decision making. Nonetheless, IDPs are not easily tractable experimentally. Furthermore, in the absence of a reference conformation, discerning the energy landscape representation of the weakly funneled IDPs in terms of reaction coordinates is challenging. To understand conformational dynamics in real time and decipher how IDPs recognize multiple binding partners with high specificity, several sophisticated knowledge-based and physics-based in silico sampling techniques have been developed. Here, using specific examples, we highlight recent advances in energy landscape visualization and molecular dynamics simulations to discern conformational dynamics and discuss how the conformational preferences of IDPs modulate their function, especially in phenotypic switching. Finally, we discuss recent progress in identifying small molecules targeting IDPs underscoring the potential therapeutic value of IDPs. Understanding structure and function of IDPs can not only provide new insight on cellular decision making but may also help to refine and extend Anfinsen's structure/function paradigm.
APA, Harvard, Vancouver, ISO, and other styles
5

Et. al., K. NandhaKumar,. "A Hybrid Adaptive Development Algorithm and Machine Learning Based Method for Intrusion Detection and Prevention System." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 5 (2021): 1226–36. http://dx.doi.org/10.17762/turcomat.v12i5.1789.

Full text
Abstract:
Network Intrusion detection and prevention Systems (NIDPS) are employed in monitoring a network which safeguards user integrity, privacy thereby ensuring the data security and availability in a network. Such systems not only monitor the suspicious activities in a network but also used as control systems to eliminate the malicious users from the network. In this paper, a Hybrid Adaptive Development Algorithm and Machine Learning Algorithm (ADA-MLA) method is proposed to identify the malicious activities and eliminating them from the network. The deployment of honeypot-based intrusion is improved adaptive development algorithm. Machine learning algorithm has been employed in the Hybrid IDPS for learning the network data patterns which also identifies the maximum probable attacks in the network. The signatures for the DARPA 99 data set have been updated during the implementation of intrusion prevention system on a real-time basis. The hybrid method works on (i) classifying the attacks based on protocols and (ii) classifying the attacks on pre-determined threshold values. Hence, both known and unknown attacks can be easily captured in the proposed hybrid IDPS method which thereby achieves higher attack detection and prevention accuracy while compared to the conventional attack detection and prevention methodologies.
APA, Harvard, Vancouver, ISO, and other styles
6

Afzal, Shehroz, and Jamil Asim. "Systematic Literature Review over IDPS, Classification and Application in its Different Areas." STATISTICS, COMPUTING AND INTERDISCIPLINARY RESEARCH 3, no. 2 (2021): 189–223. http://dx.doi.org/10.52700/scir.v3i2.58.

Full text
Abstract:
Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). Network security is vital for any organization connected to the Internet. Rock solid network security is a major challenge that can be overcome by strengthening the network against threats such as hackers, malware, botnets, data thieves, etc. Firewalls, antivirus, and intrusion detection systems are used to protect the network. The firewall can control network traffic, but reliance on this type of security alone is not enough. Attackers use open ports such as port 80 of the web server (http) and port 110 of the POP server to infiltrate networks. The Intrusion Detection System (IDS) minimizes security breaches and improves network security by scanning network packets to filter out malicious packets. Real-time detection with prevention using Intrusion Detection and Prevention Systems (IDPS) has elevated network security to an advanced level by strengthening the network against malicious activities. In this Survey paper focuses on Classifying various kinds of IDS with the major types of attacks based on intrusion methods. Presenting a classification of network anomaly IDS evaluation metrics and discussion on the importance of the feature selection. Evaluation of available IDS datasets discussing the challenges of evasion techniques.
APA, Harvard, Vancouver, ISO, and other styles
7

Afzal, Shehroz, and Jamil Asim. "Systematic Literature Review over IDPS, Classification and Application in its Different Areas." STATISTICS, COMPUTING AND INTERDISCIPLINARY RESEARCH 3, no. 2 (2021): 189–223. http://dx.doi.org/10.52700/scir.v3i2.58.

Full text
Abstract:
Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). Network security is vital for any organization connected to the Internet. Rock solid network security is a major challenge that can be overcome by strengthening the network against threats such as hackers, malware, botnets, data thieves, etc. Firewalls, antivirus, and intrusion detection systems are used to protect the network. The firewall can control network traffic, but reliance on this type of security alone is not enough. Attackers use open ports such as port 80 of the web server (http) and port 110 of the POP server to infiltrate networks. The Intrusion Detection System (IDS) minimizes security breaches and improves network security by scanning network packets to filter out malicious packets. Real-time detection with prevention using Intrusion Detection and Prevention Systems (IDPS) has elevated network security to an advanced level by strengthening the network against malicious activities. In this Survey paper focuses on Classifying various kinds of IDS with the major types of attacks based on intrusion methods. Presenting a classification of network anomaly IDS evaluation metrics and discussion on the importance of the feature selection. Evaluation of available IDS datasets discussing the challenges of evasion techniques.
APA, Harvard, Vancouver, ISO, and other styles
8

Ibnu, Hunais, Yamin Muh., and Subardin. "PENERAPAN KEAMANAN JARINGAN MENGGUNAKAN METODE HOST BASED IDPS WLAN DAN LAN BERBASIS WEB DAN SMS GATEWAY." semanTIK Vol 6 No 1 Jan-Jun 2020 (June 20, 2020): 131–38. https://doi.org/10.5281/zenodo.3892958.

Full text
Abstract:
Perkembangan teknologi keamanan jaringan saat ini semakin cepat, khususnya teknologi keamanan jaringan yang menjadi salah satu teknologi yang harus diperhatikan ketika suatu perangkat atau teknologi terkoneksi dengan jaringan internet. Maraknya kasus serangan pada jaringan komputer terjadi karena tanpa disadari bahwa pihak komputer yang diserang tidak mengetahui bahwa telah terjadi serangan didalam sistemnya. Salah satu dari teknologi perkembangan jaringan komputer adalah <em>Hotspot</em> atau <em>Wireless Local Area Network</em> (WLAN) dan juga <em>Local Area Network</em> (LAN). Metode <em>Host Based Intruction Detection and Prevention System</em> (IDPS) menggunakan snort, barnyard2, dan BASE atau IDPS digunakan sebagai aplikasi untuk memantau aktifitas lalu lintas jaringan, mendeteksi dan mencegah serangan dengan cara memblokir terhadap <em>Internet Protocol</em> (IP) penyerang pada port ICMP, FTP, SSH, TELNET dengan menggunakan berbagai macam <em>tools</em> penyerang seperti <em>Angry IP Scanner, Filezilla, Putty.</em> Hasil dari penelitian ini yaitu serangan terhadap port-port tersebut berhasil diblok, dan lalu lintas data yang dianggap berbahaya akan diproses sebagai notifikasi yang dikirimkan ke administrator melalui SMS (<em>Short Message Service</em>) dan Website
APA, Harvard, Vancouver, ISO, and other styles
9

G., Florance, and R. J. Anandhi. "Empowering SDN with DDoS attack detection: leveraging hybrid machine learning based IDPS controller for robust security." IAES International Journal of Artificial Intelligence (IJ-AI) 14, no. 3 (2025): 2479. https://doi.org/10.11591/ijai.v14.i3.pp2479-2489.

Full text
Abstract:
&lt;p&gt;Software-defined network (SDN) is an innovative networking framework where a centralized controller manages networking administration and sorts out network traffic issues. It becomes difficult for the controller to identify the malicious user who is sending a large number of spoofed packets, such as in a distributed denial of service (DDoS) attack. To prevent DDoS attacks from damaging legitimate users, it is important to take steps to prevent them. The issue of preventing DDoS attacks in SDN remains unresolved despite many algorithms proposed. Methods presented in this paper employ bandwidth threshold estimation, which triggers the intrusion detection and prevention system (IDPS) controller if the threshold is exceeded. Whenever the threshold is exceeded due to network congestion, transferred packets are filtered at the server level by identifying the utilization of bandwidth in OpenDaylight (ODL) and POX. K-nearest neighbor (K-NN) and support vector machine (SVM) are used by the IDPS controller to detect and thwart DDoS attacks. Using Mininet, two SDN centralized controllers are simulated to improve performance significantly. Based on SVM in the ODL controller, this work has provided mitigation techniques for preventing DDoS attacks with an accuracy of 96.75% compared to previously published accuracy.&lt;/p&gt;
APA, Harvard, Vancouver, ISO, and other styles
10

Bálint, Krisztián. "Possible Cisco-based Fire Protection Solutions in Education Institutions." Műszaki Tudományos Közlemények 11, no. 1 (2019): 31–34. http://dx.doi.org/10.33894/mtk-2019.11.04.

Full text
Abstract:
Abstract Solutions based on Cisco firewall protection provide numerous possibilities for more efficient protection of the abundant quantity of data that is necessary for the operation of an educational institution. Firstly, data phishing can be complicated by the constitution of a virtual network. The IDPS-based access system enables the management center to identify a potential threat in a timely manner. Furthermore, the Cisco-type firewall of a new generation is able to verify the encrypted data in a way that avoids decoding and listening the communication itself. The AAA framework is also an imperative, as in case of a network, control of access is of the utmost importance.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Network-based IDPS"

1

Kim, Taekyu. "Ontology/Data Engineering Based Distributed Simulation Over Service Oriented Architecture For Network Behavior Analysis." Diss., The University of Arizona, 2008. http://hdl.handle.net/10150/193678.

Full text
Abstract:
As network uses increase rapidly and high quality-of-service (QoS) is required, efficient network managing methods become important. Many previous studies and commercial tools of network management systems such as tcpdump, Ethereal, and other applications have weaknesses: limited size of files, command line execution, and large memory and huge computational power requirement. Researchers struggle to find fast and effective analyzing methods to save maintenance budgets and recover from systematic problems caused by the rapid increment of network traffic or intrusions. The main objective of this study is to propose an approach to deal with a large amount of network behaviors being quickly and efficiently analyzed. We study an ontology/data engineering methodology based network analysis system. We design a behavior, which represents network traffic activity and network packet information such as IP addresses, protocols, and packet length, based on the System Entity Structure (SES) methodology. A significant characteristic of SES, a hierarchical tree structure, enables systems to access network packet information quickly and efficiently. Also, presenting an automated system design is the secondary purpose of this study. Our approach shows adaptive awareness of pragmatic frames (contexts) and makes a network traffic analysis system with high throughput and a fast response time that is ready to respond to user applications. We build models and run simulations to evaluate specific purposes, i.e., analyzing network protocols use, evaluating network throughput, and examining intrusion detection algorithms, based on Discrete Event System Specification (DEVS) formalism. To study speed up, we apply a web-based distributed simulation methodology. DEVS/Service Oriented Architecture (DEVS/SOA) facilitates deploying workloads into multi-servers and consequently increasing overall system performance. In addition to the scalability limitations, both tcpdump and Ethereal have a security issue. As well as basic network traffic information, captured files by these tools contain secure information: user identification numbers and passwords. Therefore, captured files should not allow to be leaked out. However, network analyses need to be performed outside target networks in some cases. The distributed simulation--allocating distributing models inside networks and assigning analyzing models outside networks--also allows analysis of network behaviors out of networks while keeping important information secured.
APA, Harvard, Vancouver, ISO, and other styles
2

Li, Zhe. "A Neural Network Based Distributed Intrusion Detection System on Cloud Platform." University of Toledo / OhioLINK, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1364835027.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Jadidi, Zahra. "Flow-based Anomaly Detection in High-Speed Networks." Thesis, Griffith University, 2016. http://hdl.handle.net/10072/367890.

Full text
Abstract:
With the advent of online services, the Internet has become extremely busy and demanding faster access. The increased dependency on the Internet obliges Internet service providers to make it reliable and secure. In this regard, researchers are tirelessly working on a number of technologies in order to ensure the continued viability of the Internet. Intrusion detection is one of the fields that enables secure operation of the Internet. An intrusion detection system (IDS) attempts to discover malicious activities in a network. However, with the increasing network throughput, IDSs should be able to analyse high volumes of traffic in real-time. Flow-based analysis is one of the methods capable of handling high-volume traffic. This method reduces the input traffic of IDSs because it analyses only packet headers. Flow-based anomaly detection can increase the reliability of the Internet, provided this method is functional at an early stage and complemented by packet-based IDSs at later stages. Employing artificial intelligence (AI) methods in IDSs provides the capability to detect attacks with better accuracy. Compared with typical IDSs, AI-based systems are more inclined towards detecting unknown attacks. This thesis proposes an artificial neural network (ANN) based flow anomaly detector optimised with metaheuristic algorithms. The proposed method is evaluated using a number of flow-based datasets generated. An ANN-based flow anomaly detection enables a high detection rate; hence, this thesis investigates this system more thoroughly. The ANN-based system is a supervised method which needs labelled datasets; however, labelling of a large amount of data found in high-speed networks is difficult. Semi-supervised methods are the combination of supervised and unsupervised methods, which can work with both labelled and unlabelled data. A semi-supervised method can provide a high detection rate even when there is a small proportion of labelled data; therefore, the application of this method in flow-based anomaly detection is considered.<br>Thesis (PhD Doctorate)<br>Doctor of Philosophy (PhD)<br>School of Information and Cmmunication Technology<br>Science, Environment, Engineering and Technology<br>Full Text
APA, Harvard, Vancouver, ISO, and other styles
4

Gustavsson, Vilhelm. "Machine Learning for a Network-based Intrusion Detection System : An application using Zeek and the CICIDS2017 dataset." Thesis, KTH, Hälsoinformatik och logistik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-253273.

Full text
Abstract:
Cyber security is an emerging field in the IT-sector. As more devices are connected to the internet, the attack surface for hackers is steadily increasing. Network-based Intrusion Detection Systems (NIDS) can be used to detect malicious traffic in networks and Machine Learning is an up and coming approach for improving the detection rate. In this thesis the NIDS Zeek is used to extract features based on time and data size from network traffic. The features are then analyzed with Machine Learning in Scikit-Learn in order to detect malicious traffic. A 98.58% Bayesian detection rate was achieved for the CICIDS2017 which is about the same level as the results from previous works on CICIDS2017 (without Zeek). The best performing algorithms were K-Nearest Neighbors, Random Forest and Decision Tree.<br>IT-säkerhet är ett växande fält inom IT-sektorn. I takt med att allt fler saker ansluts till internet, ökar även angreppsytan och risken för IT-attacker. Ett Nätverksbaserat Intrångsdetekteringssystem (NIDS) kan användas för att upptäcka skadlig trafik i nätverk och maskininlärning har blivit ett allt vanligare sätt att förbättra denna förmåga. I det här examensarbetet används ett NIDS som heter Zeek för att extrahera parametrar baserade på tid och datastorlek från nätverkstrafik. Dessa parametrar analyseras sedan med maskininlärning i Scikit-Learn för att upptäcka skadlig trafik. För datasetet CICIDS2017 uppnåddes en Bayesian detection rate på 98.58% vilket är på ungefär samma nivå som resultat från tidigare arbeten med CICIDS2017 (utan Zeek). Algoritmerna som gav bäst resultat var K-Nearest Neighbors, Random Forest och Decision Tree.
APA, Harvard, Vancouver, ISO, and other styles
5

Al, Tobi Amjad Mohamed. "Anomaly-based network intrusion detection enhancement by prediction threshold adaptation of binary classification models." Thesis, University of St Andrews, 2018. http://hdl.handle.net/10023/17050.

Full text
Abstract:
Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the performance (accuracy) of anomaly-based network Intrusion Detection Systems (IDS) that are built using predictive models in a batch-learning setup. This thesis investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these Intrusion Detection models. Specifically, this thesis studied the adaptability features of three well known Machine Learning algorithms: C5.0, Random Forest, and Support Vector Machine. The ability of these algorithms to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. A new dataset (STA2018) was generated for this thesis and used for the analysis. This thesis has demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation (test) traffic have different statistical properties. Further investigation was undertaken to analyse the effects of feature selection and data balancing processes on a model's accuracy when evaluation traffic with different significant features were used. The effects of threshold adaptation on reducing the accuracy degradation of these models was statistically analysed. The results showed that, of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates. This thesis then extended the analysis to apply threshold adaptation on sampled traffic subsets, by using different sample sizes, sampling strategies and label error rates. This investigation showed the robustness of the Random Forest algorithm in identifying the best threshold. The Random Forest algorithm only needed a sample that was 0.05% of the original evaluation traffic to identify a discriminating threshold with an overall accuracy rate of nearly 90% of the optimal threshold.
APA, Harvard, Vancouver, ISO, and other styles
6

Stewart, IAN. "A Modified Genetic Algorithm and Switch-Based Neural Network Model Applied to Misuse-Based Intrusion Detection." Thesis, 2009. http://hdl.handle.net/1974/1720.

Full text
Abstract:
As our reliance on the Internet continues to grow, the need for secure, reliable networks also increases. Using a modified genetic algorithm and a switch-based neural network model, this thesis outlines the creation of a powerful intrusion detection system (IDS) capable of detecting network attacks. The new genetic algorithm is tested against traditional and other modified genetic algorithms using common benchmark functions, and is found to produce better results in less time, and with less human interaction. The IDS is tested using the standard benchmark data collection for intrusion detection: the DARPA 98 KDD99 set. Results are found to be comparable to those achieved using ant colony optimization, and superior to those obtained with support vector machines and other genetic algorithms.<br>Thesis (Master, Computing) -- Queen's University, 2009-03-03 13:28:23.787
APA, Harvard, Vancouver, ISO, and other styles
7

Helmrich, Daniel. "Comparing Anomaly-Based Network Intrusion Detection Approaches Under Practical Aspects." 2021. https://ul.qucosa.de/id/qucosa%3A75385.

Full text
Abstract:
While many of the currently used network intrusion detection systems (NIDS) employ signature-based approaches, there is an increasing research interest in the examination of anomaly-based detection methods, which seem to be more suited for recognizing zero-day attacks. Nevertheless, requirements for their practical deployment, as well as objective and reproducible evaluation methods, are hereby often neglected. The following thesis defines aspects that are crucial for a practical evaluation of anomaly-based NIDS, such as the focus on modern attack types, the restriction to one-class classification methods, the exclusion of known attacks from the training phase, a low false detection rate, and consideration of the runtime efficiency. Based on those principles, a framework dedicated to developing, testing and evaluating models for the detection of network anomalies is proposed. It is applied to two datasets featuring modern traffic, namely the UNSW-NB15 and the CIC-IDS-2017 datasets, in order to compare and evaluate commonly-used network intrusion detection methods. The implemented approaches include, among others, a highly configurable network flow generator, a payload analyser, a one-hot encoder, a one-class support vector machine, and an autoencoder. The results show a significant difference between the two chosen datasets: While for the UNSW-NB15 dataset several reasonably well performing model combinations for both the autoencoder and the one-class SVM can be found, most of them yield unsatisfying results when the CIC-IDS-2017 dataset is used.<br>Obwohl viele der derzeit genutzten Systeme zur Erkennung von Netzwerkangriffen (engl. NIDS) signaturbasierte Ansätze verwenden, gibt es ein wachsendes Forschungsinteresse an der Untersuchung von anomaliebasierten Erkennungsmethoden, welche zur Identifikation von Zero-Day-Angriffen geeigneter erscheinen. Gleichwohl werden hierbei Bedingungen für deren praktischen Einsatz oft vernachlässigt, ebenso wie objektive und reproduzierbare Evaluationsmethoden. Die folgende Arbeit definiert Aspekte, die für eine praxisorientierte Evaluation unabdingbar sind. Dazu zählen ein Schwerpunkt auf modernen Angriffstypen, die Beschränkung auf One-Class Classification Methoden, der Ausschluss von bereits bekannten Angriffen aus dem Trainingsdatensatz, niedrige Falscherkennungsraten sowie die Berücksichtigung der Laufzeiteffizienz. Basierend auf diesen Prinzipien wird ein Rahmenkonzept vorgeschlagen, das für das Entwickeln, Testen und Evaluieren von Modellen zur Erkennung von Netzwerkanomalien bestimmt ist. Dieses wird auf zwei Datensätze mit modernem Netzwerkverkehr, namentlich auf den UNSW-NB15 und den CIC-IDS- 2017 Datensatz, angewendet, um häufig genutzte NIDS-Methoden zu vergleichen und zu evaluieren. Die für diese Arbeit implementierten Ansätze beinhalten, neben anderen, einen weit konfigurierbaren Netzwerkflussgenerator, einen Nutzdatenanalysierer, einen One-Hot-Encoder, eine One-Class Support Vector Machine sowie einen Autoencoder. Die Resultate zeigen einen großen Unterschied zwischen den beiden ausgewählten Datensätzen: Während für den UNSW-NB15 Datensatz verschiedene angemessen gut funktionierende Modellkombinationen, sowohl für den Autoencoder als auch für die One-Class SVM, gefunden werden können, bringen diese für den CIC-IDS-2017 Datensatz meist unbefriedigende Ergebnisse.
APA, Harvard, Vancouver, ISO, and other styles
8

Nwamuo, Onyekachi. "Hypervisor-based cloud anomaly detection using supervised learning techniques." Thesis, 2020. http://hdl.handle.net/1828/11503.

Full text
Abstract:
Although cloud network flows are similar to conventional network flows in many ways, there are some major differences in their statistical characteristics. However, due to the lack of adequate public datasets, the proponents of many existing cloud intrusion detection systems (IDS) have relied on the DARPA dataset which was obtained by simulating a conventional network environment. In the current thesis, we show empirically that the DARPA dataset by failing to meet important statistical characteristics of real-world cloud traffic data centers is inadequate for evaluating cloud IDS. We analyze, as an alternative, a new public dataset collected through cooperation between our lab and a non-profit cloud service provider, which contains benign data and a wide variety of attack data. Furthermore, we present a new hypervisor-based cloud IDS using an instance-oriented feature model and supervised machine learning techniques. We investigate 3 different classifiers: Logistic Regression (LR), Random Forest (RF), and Support Vector Machine (SVM) algorithms. Experimental evaluation on a diversified dataset yields a detection rate of 92.08% and a false-positive rate of 1.49% for the random forest, the best performing of the three classifiers.<br>Graduate
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Network-based IDPS"

1

Burkart, Nadia, Maximilian Franz, and Marco F. Huber. "Explanation Framework for Intrusion Detection." In Machine Learning for Cyber Physical Systems. Springer Berlin Heidelberg, 2020. http://dx.doi.org/10.1007/978-3-662-62746-4_9.

Full text
Abstract:
AbstractMachine learning and deep learning are widely used in various applications to assist or even replace human reasoning. For instance, a machine learning based intrusion detection system (IDS) monitors a network for malicious activity or specific policy violations. We propose that IDSs should attach a sufficiently understandable report to each alert to allow the operator to review them more efficiently. This work aims at complementing an IDS by means of a framework to create explanations. The explanations support the human operator in understanding alerts and reveal potential false positives. The focus lies on counterfactual instances and explanations based on locally faithful decision-boundaries.
APA, Harvard, Vancouver, ISO, and other styles
2

Wurzenberger, Markus, Max Landauer, Agron Bajraktari, and Florian Skopik. "Automatic Attack Pattern Mining for Generating Actionable CTI Applying Alert Aggregation." In Cybersecurity of Digital Service Chains. Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-04036-8_7.

Full text
Abstract:
AbstractIntrusion Detection Systems (IDSs) monitor all kinds of IT infrastructures to automatically detect malicious activities related to cyber attacks. Unfortunately, especially anomaly-based IDS are known to produce large numbers of alerts, including false positives, that often become overwhelming for manual analysis. However, due to a fast changing threat landscape, quickly evolving attack techniques, and ever growing number of vulnerabilities, novel anomaly detection systems that enable detection of unknown attacks are indispensable. Therefore, to reduce the number of alerts that have to be reviewed by security analysts, aggregation methods have been developed for filtering, grouping, and correlating alerts. Yet, existing techniques either rely on manually defined attack scenarios or require specific alert formats, such as IDMEF that includes IP addresses. This makes the application of existing aggregation methods infeasible for alerts from host-based or anomaly-based IDSs that frequently lack such network-related data. In this chapter, we present a domain-independent alert aggregation technique that enables automatic attack pattern mining and generation of actionable CTI. The chapter describes the concept of the proposed alert aggregation process as well as a dashboard that enables visualization and filtering of the results. Finally, the chapter demonstrates all features in course of an application example.
APA, Harvard, Vancouver, ISO, and other styles
3

Joshi, Priyanka, Ritu Prasad, Pradeep Mewada, and Praneet Saurabh. "A New Neural Network-Based IDS for Cloud Computing." In Advances in Intelligent Systems and Computing. Springer Singapore, 2018. http://dx.doi.org/10.1007/978-981-10-7871-2_16.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Cheng, Jie, Ru Zhang, Siyuan Tian, Bingjie Lin, Jiahui Wei, and Shulin Zhang. "Fusion of Traffic Data and Alert Log Based on Sensitive Information." In Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications. Springer Nature Singapore, 2022. http://dx.doi.org/10.1007/978-981-19-2456-9_9.

Full text
Abstract:
AbstractAt present, the attack behavior that occurs in the network has gradually developed from a single-step, simple attack method to a complex multi-step attack method. Therefore, the researchers conducted a series of studies on this multi-step attack. Common methods usually use IDS to obtain network alert data as the data source, and then match a multi-step attack based on the correlation nature of the data. However, the false positives and omissions of the alert data based on IDS will lead to the failure of the resulting multi-step attack. Multi-source data is the basis of analysis and prediction in the field of network security, and fusion analysis technology is an important means of processing multi-source data. In response to this problem, this paper studies how to use sensitive information traffic as data to assist IDS alert data, and proposes a method for fusion of traffic and log data based on sensitive information. This article analyzes the purpose of each stage of the kill chain, and relies on the purpose to divide the multi-step attack behavior in stages, which is used to filter the source data. And according to the purpose of the multi-step attack, the kill chain model is used to define the multi-step attack model.
APA, Harvard, Vancouver, ISO, and other styles
5

Nehra, Divya, Krishan Kumar, and Veenu Mangat. "Pragmatic Analysis of Machine Learning Techniques in Network Based IDS." In Communications in Computer and Information Science. Springer Singapore, 2019. http://dx.doi.org/10.1007/978-981-15-0108-1_39.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Sriram, S., A. Shashank, R. Vinayakumar, and K. P. Soman. "DCNN-IDS: Deep Convolutional Neural Network Based Intrusion Detection System." In Communications in Computer and Information Science. Springer Singapore, 2020. http://dx.doi.org/10.1007/978-981-15-9700-8_7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Jarke, Matthias, and Christoph Quix. "Federated Data Integration in Data Spaces." In Designing Data Spaces. Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-030-93975-5_11.

Full text
Abstract:
AbstractData Spaces form a network for sovereign data sharing. In this chapter, we explore the implications that the IDS reference architecture will have on typical scenarios of federated data integration and question answering processes. After a classification of data integration scenarios and their special requirements, we first present a workflow-based solution for integrated data materialization that has been used in several IDS use cases. We then discuss some limitations of such approaches and propose an additional approach based on logic formalisms and machine learning methods that promise to reduce data traffic, security, and privacy risks while helping users to select more meaningful data sources.
APA, Harvard, Vancouver, ISO, and other styles
8

Tabia, Karim, and Philippe Leray. "Bayesian Network-Based Approaches for Severe Attack Prediction and Handling IDSs’ Reliability." In Communications in Computer and Information Science. Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-14058-7_65.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Han, Mu, Pengzhou Cheng, and Shidian Ma. "CVNNs-IDS: Complex-Valued Neural Network Based In-Vehicle Intrusion Detection System." In Communications in Computer and Information Science. Springer Singapore, 2020. http://dx.doi.org/10.1007/978-981-15-9129-7_19.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Pramodya, U. J. C., K. T. Y. U. De Silva Wijesiriwardhana, K. T. D. Dharmakeerthi, E. A. K. V. Athukorala, A. N. Senarathne, and D. Tharindu. "AgentHunt: Honeypot and IDS Based Network Monitoring Device to Secure Home Networks." In Proceedings of the Future Technologies Conference (FTC) 2021, Volume 3. Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-89912-7_16.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Network-based IDPS"

1

Canpolat, Kursad Muratkan, and Ilhan Firat Kilincer. "Boosting Based IDS System for Local Network Intrusions." In 2024 8th International Artificial Intelligence and Data Processing Symposium (IDAP). IEEE, 2024. http://dx.doi.org/10.1109/idap64064.2024.10710953.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Augello, Andrea, Giuseppe Lo Re, Daniele Peri, and Partheepan Thiyagalingam. "NEP-IDS: a Network Intrusion Detection System Based on Entropy Prediction Error." In 2024 IEEE 49th Conference on Local Computer Networks (LCN). IEEE, 2024. http://dx.doi.org/10.1109/lcn60385.2024.10639755.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Patel, N. D., V. Sudarsan Rao, and Ajeet Singh. "QDNN-IDS: Quantized Deep Neural Network based Computational Strategy for Intrusion Detection in IoT." In 2024 IEEE Silchar Subsection Conference (SILCON). IEEE, 2024. https://doi.org/10.1109/silcon63976.2024.10910857.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Catillo, Marta, Antonio Pecchia, and Umberto Villano. "USB-IDS-TC: A Flow-Based Intrusion Detection Dataset of DoS Attacks in Different Network Scenarios." In 11th International Conference on Information Systems Security and Privacy. SCITEPRESS - Science and Technology Publications, 2025. https://doi.org/10.5220/0013248600003899.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Swetha, R., and Sudha Senthilkumar. "Genetic Algorithms-based Feature Selection (GAFS-IDS) for Attack Detection in the Internet of Medical Things Network." In 2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.0. IEEE, 2024. http://dx.doi.org/10.1109/otcon60325.2024.10687851.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Gladić, Dejana, Jelena Petrovački, Srđan Sladojević, Marko Arsenović, and Sonja Ristić. "IDS-based Machine Learning Model Specific for Secure Data Transmission within the Frame of IoT Network Infrastructure." In 2024 IEEE 17th International Scientific Conference on Informatics (Informatics). IEEE, 2024. https://doi.org/10.1109/informatics62280.2024.10900811.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Le, Tan Nhat Linh, Boussad Ait Salem, Dave Appadoo, Nadjib Aitsaadi, and Xiaojiang Du. "AI/ML-Based IDS as 5G Core Network Function in the Control Plane for IP/non-IP CIoT Traffic." In 2024 IEEE 49th Conference on Local Computer Networks (LCN). IEEE, 2024. http://dx.doi.org/10.1109/lcn60385.2024.10639697.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Onashoga, Adebukola, Adebayo Akinde, and Adesina Sodiya. "A Strategic Review of Existing Mobile Agent-Based Intrusion Detection Systems." In InSITE 2009: Informing Science + IT Education Conference. Informing Science Institute, 2009. http://dx.doi.org/10.28945/3372.

Full text
Abstract:
Intrusion Detection Systems (IDS) is defined as a component that analyses system and user operations in computer and network systems in search of activities considered undesirable from security perspectives. Applying mobile agent (MA) to intrusion detection design is a recent development and it is aimed at effective intrusion detection in distributed environment. From the literature, it is clear that most MA-based IDS that are available are not quite effective because their time to detection is high and detect limited intrusions.This paper proposes a way of classifying a typical IDS and then strategically reviews the existing mobile agent-based IDSs focusing on each of the categories of the classification, for example architecture, mode of data collection, the techniques for analysis, and the security of these intelligent codes. Their strengths and problems are stated wherever applicable. Furthermore, suggested ways of improving on current MA-IDS designs are presented in order to achieve an efficient mobile agent-based IDS for future security of distributed network.
APA, Harvard, Vancouver, ISO, and other styles
9

Leandro, Maurício S. G. A., Paulo Freitas de Araujo-Filho, Divanilson R. Campelo, and Luigi F. Marques da Luz. "SeqWatch: Unsupervised Sequence-based Intrusion Detection System for Automotive Ethernet." In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Sociedade Brasileira de Computação, 2025. https://doi.org/10.5753/sbrc.2025.5949.

Full text
Abstract:
Modern connected vehicles are increasing the demand for Ethernet in automotive networks due to its ability to provide high-bandwidth and flexible in-vehicle communication. However, Ethernet lacks built-in authentication and encryption, which has led to growing interest in Intrusion Detection Systems (IDS) as a defense mechanism to detect malicious activities when other security mechanisms are not present or fail. In this work, we present SeqWatch, an unsupervised IDS that uses a sequence-based deep learning model capable of capturing the temporal relationships in network traffic. SeqWatch can identify previously unseen (zero-day) attacks by training only on normal traffic data. Our experimental results show that SeqWatch outperforms other state-of-the-art unsupervised automotive IDSs, achieving higher detection rates in attacks from two publicly available datasets.
APA, Harvard, Vancouver, ISO, and other styles
10

Adam, Norbert, Branislav Mados, Anton Balaz, and Tomas Pavlik. "Artificial neural network based IDS." In 2017 IEEE 15th International Symposium on Applied Machine Intelligence and Informatics (SAMI). IEEE, 2017. http://dx.doi.org/10.1109/sami.2017.7880294.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Network-based IDPS' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography