To see the other types of publications on this topic, follow the link: Network Intrusion Detection Systems (NIDS).
Journal articles on the topic 'Network Intrusion Detection Systems (NIDS)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Network Intrusion Detection Systems (NIDS).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Kumar, Satish, Sunanda Gupta, and Sakshi Arora. "A comparative simulation of normalization methods for machine learning-based intrusion detection systems using KDD Cup’99 dataset." Journal of Intelligent & Fuzzy Systems 42, no. 3 (2022): 1749–66. http://dx.doi.org/10.3233/jifs-211191.
Full textAbstract:
Network Intrusion detection systems (NIDS) detect malicious and intrusive information in computer networks. Presently, commercial NIDS is based on machine learning approaches that have complex algorithms and increase intrusion detection efficiency and efficacy. These machine learning-based NIDS use high dimensional network traffic data from which intrusive information is to be detected. This high-dimensional network traffic data in NIDS needs to be preprocessed and normalized to make it suitable for machine learning tools. A machine learning approach with appropriate normalization and prepossessing increases NIDS performance. This paper presents an empirical study on various normalization methods implemented on a benchmark network traffic dataset, KDD Cup’99, that has been used to evaluate the NIDS model. The present study shows decimal normalization has a better prediction performance than non-normalized traffic data categorized into ‘normal’ or ‘intrusive’ classes.
2
Mulyanto, Mulyanto, Muhamad Faisal, Setya Widyawan Prakosa, and Jenq-Shiou Leu. "Effectiveness of Focal Loss for Minority Classification in Network Intrusion Detection Systems." Symmetry 13, no. 1 (2020): 4. http://dx.doi.org/10.3390/sym13010004.
Full textAbstract:
As the rapid development of information and communication technology systems offers limitless access to data, the risk of malicious violations increases. A network intrusion detection system (NIDS) is used to prevent violations, and several algorithms, such as shallow machine learning and deep neural network (DNN), have previously been explored. However, intrusion detection with imbalanced data has usually been neglected. In this paper, a cost-sensitive neural network based on focal loss, called the focal loss network intrusion detection system (FL-NIDS), is proposed to overcome the imbalanced data problem. FL-NIDS was applied using DNN and convolutional neural network (CNN) to evaluate three benchmark intrusion detection datasets that suffer from imbalanced distributions: NSL-KDD, UNSW-NB15, and Bot-IoT. The results showed that the proposed algorithm using FL-NIDS in DNN and CNN architecture increased the detection of intrusions in imbalanced datasets compared to vanilla DNN and CNN in both binary and multiclass classifications.
3
Hu, Qinwen, Muhammad Rizwan Asghar, and Nevil Brownlee. "Effectiveness of Intrusion Detection Systems in High-speed Networks." International Journal of Information, Communication Technology and Applications 4, no. 1 (2018): 1–10. http://dx.doi.org/10.17972/ijicta20184138.
Full textAbstract:
Network Intrusion Detection Systems (NIDSs) play a crucial role in detecting malicious activities within networks. Basically, a NIDS monitors network flows and compares them with a set of pre-defined suspicious patterns. To be effective, different intrusion detection algorithms and packet capturing methods have been implemented. With rapidly increasing network speeds, NIDSs face a challenging problem of monitoring large and diverse traffic volumes; in particular, high packet drop rates can have a significant impact on detection accuracy. In this work, we investigate three popular open-source NIDSs: Snort, Suricata, and Bro along with their comparative performance benchmarks. We investigate key factors (including system resource usage, packet processing speed and packet drop rate) that limit the applicability of NIDSs to large-scale networks. Moreover, we also analyse and compare the performance of NIDSs when configurations and traffic volumes are changed.
4
Albasheer, Hashim, Maheyzah Md Siraj, Azath Mubarakali, et al. "Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey." Sensors 22, no. 4 (2022): 1494. http://dx.doi.org/10.3390/s22041494.
Full textAbstract:
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterprise networks against cyber-attacks. However, NIDS networks suffer from several limitations, such as generating a high volume of low-quality alerts. Moreover, 99% of the alerts produced by NIDSs are false positives. As well, the prediction of future actions of an attacker is one of the most important goals here. The study has reviewed the state-of-the-art cyber-attack prediction based on NIDS Intrusion Alert, its models, and limitations. The taxonomy of intrusion alert correlation (AC) is introduced, which includes similarity-based, statistical-based, knowledge-based, and hybrid-based approaches. Moreover, the classification of alert correlation components was also introduced. Alert Correlation Datasets and future research directions are highlighted. The AC receives raw alerts to identify the association between different alerts, linking each alert to its related contextual information and predicting a forthcoming alert/attack. It provides a timely, concise, and high-level view of the network security situation. This review can serve as a benchmark for researchers and industries for Network Intrusion Detection Systems’ future progress and development.
5
Han, Jonghoo, and Wooguil Pak. "Hierarchical LSTM-Based Network Intrusion Detection System Using Hybrid Classification." Applied Sciences 13, no. 5 (2023): 3089. http://dx.doi.org/10.3390/app13053089.
Full textAbstract:
Most existing network intrusion detection systems (NIDSs) perform intrusion detection using only a partial packet data of fixed size, but they suffer to increase the detection rate. In this study, in order to find the cause of a limited detection rate, accurate intrusion detection performance was analyzed by adjusting the amount of information used as features according to the size of the packet and length of the session. The results indicate that the total packet data and all packets in the session should be used for the maximum detection rate. However, existing NIDS cannot be extended to use all packet data of each session because the model could be too large owing to the excessive number of features, hampering realistic training and classification speeds. Therefore, in this paper, we present a novel approach for the classifier of NIDSs. The proposed NIDS can effectively handle the entire packet information using the hierarchical long short-term memory and achieves higher detection accuracy than existing methods. Performance evaluation confirms that detection performance can be greatly improved compared to existing NIDSs that use only partial packet information. The proposed NIDS achieves a detection rate of 95.16% and 99.70% when the existing NIDS show the highest detection rate of 93.49% and 98.31% based on the F1-score using two datasets. The proposed method can improve the limitations of existing NIDS and safeguard the network from malicious users by utilizing information on the entire packet.
6
Han, Jonghoo, and Wooguil Pak. "High Performance Network Intrusion Detection System Using Two-Stage LSTM and Incremental Created Hybrid Features." Electronics 12, no. 4 (2023): 956. http://dx.doi.org/10.3390/electronics12040956.
Full textAbstract:
Currently, most network intrusion detection systems (NIDSs) use information about an entire session to detect intrusion, which has the fatal disadvantage of delaying detection. To solve this problem, studies have been proposed to detect intrusions using only some packets belonging to the session but have limited effectiveness in increasing the detection performance compared to conventional methods. In addition, space complexity is high because all packets used for classification must be stored. Therefore, we propose a novel NIDS that requires low memory storage space and exhibits high detection performance without detection delay. The proposed method does not need to store packets for the current session and uses only some packets, as in conventional methods, but achieves very high detection performance. Through experiments, it was confirmed that the proposed NIDS uses only a small memory of 25.8% on average compared to existing NIDSs by minimizing memory consumption for feature creation, while its intrusion detection performance is equal to or higher than those of existing ones. As a result, this method is expected to significantly help increase network safety by overcoming the disadvantages of machine-learning-based NIDSs using existing sessions and packets.
7
Kim, Taehoon, and Wooguil Pak. "Integrated Feature-Based Network Intrusion Detection System Using Incremental Feature Generation." Electronics 12, no. 7 (2023): 1657. http://dx.doi.org/10.3390/electronics12071657.
Full textAbstract:
Machine learning (ML)-based network intrusion detection systems (NIDSs) depend entirely on the performance of machine learning models. Therefore, many studies have been conducted to improve the performance of ML models. Nevertheless, relatively few studies have focused on the feature set, which significantly affects the performance of ML models. In addition, features are generated by analyzing data collected after the session ends, which requires a significant amount of memory and a long processing time. To solve this problem, this study presents a new session feature set to improve the existing NIDSs. Current session-feature-based NIDSs are largely classified into NIDSs using a single-host feature set and NIDSs using a multi-host feature set. This research merges two different session feature sets into an integrated feature set, which is used to train an ML model for the NIDS. In addition, an incremental feature generation approach is proposed to eliminate the delay between the session end time and the integrated feature creation time. The improved performance of the NIDS using integrated features was confirmed through experiments. Compared to a NIDS based on ML models using existing single-host feature sets and multi-host feature sets, the NIDS with the proposed integrated feature set improves the detection rate by 4.15% and 5.9% on average, respectively.
8
Yang, Hao, Jinyan Xu, Yongcai Xiao, and Lei Hu. "SPE-ACGAN: A Resampling Approach for Class Imbalance Problem in Network Intrusion Detection Systems." Electronics 12, no. 15 (2023): 3323. http://dx.doi.org/10.3390/electronics12153323.
Full textAbstract:
Network Intrusion Detection Systems (NIDSs) play a vital role in detecting and stopping network attacks. However, the prevalent imbalance of training samples in network traffic interferes with NIDS detection performance. This paper proposes a resampling method based on Self-Paced Ensemble and Auxiliary Classifier Generative Adversarial Networks (SPE-ACGAN) to address the imbalance problem of sample classes. To deal with the class imbalance problem, SPE-ACGAN oversamples the minority class samples by ACGAN and undersamples the majority class samples by SPE. In addition, we merged the CICIDS-2017 dataset and the CICIDS-2018 dataset into a more imbalanced dataset named CICIDS-17-18 and validated the effectiveness of the proposed method using the three datasets mentioned above. SPE-ACGAN is more effective than other resampling methods in improving NIDS detection performance. In particular, SPE-ACGAN improved the F1-score of Random Forest, CNN, GoogLeNet, and CNN + WDLSTM by 5.59%, 3.75%, 3.60%, and 3.56% after resampling.
9
Wang, Minxiao, Ning Yang, and Ning Weng. "Securing a Smart Home with a Transformer-Based IoT Intrusion Detection System." Electronics 12, no. 9 (2023): 2100. http://dx.doi.org/10.3390/electronics12092100.
Full textAbstract:
Machine learning (ML)-based Network Intrusion Detection Systems (NIDSs) can classify each network’s flow behavior as benign or malicious by detecting heterogeneous features, including both categorical and numerical features. However, the present ML-based NIDSs are deemed insufficient in terms of their ability to generalize, particularly in changing network environments such as the Internet of Things (IoT)-based smart home. Although IoT devices add so much to home comforts, they also introduce potential risks and vulnerabilities. Recently, many NIDS studies on other IoT scenarios, such as the Internet of Vehicles (IoV) and smart cities, focus on utilizing the telemetry data of IoT devices for IoT intrusion detection. Because when IoT devices are under attack, their abnormal telemetry data values can reflect the anomaly state of those devices. Those telemetry data-based IoT NIDS methods detect intrusion events from a different view, focusing on the attack impact, from the traditional network traffic-based NIDS, which focuses on analyzing attack behavior. The telemetry data-based NIDS is more suitable for IoT devices without built-in security mechanisms. Considering the smart home IoT scenario, which has a smaller scope and a limited number of IoT devices compared to other IoT scenarios, both NIDS views can work independently. This motivated us to propose a novel ML-based NIDS to combine the network traffic-based and telemetry data-based NIDS together. In this paper, we propose a Transformer-based IoT NIDS method to learn the behaviors and effects of attacks from different types of data that are generated in the heterogeneous IoT environment. The proposed method utilizes a self-attention mechanism to learn contextual embeddings for input network features. Based on the contextual embeddings, our method can solve the feature set challenge, including both continuous and categorical features. Our method is the first to utilize both network traffic data and IoT sensors’ telemetry data at the same time for intrusion detection. Experiments reveal the effectiveness of our method on a realistic network traffic intrusion detection dataset named ToN_IoT, with an accuracy of 97.95% for binary classification and 95.78% for multiple classifications on pure network data. With the extra IoT information, the performance of our method has been improved to 98.39% and 97.06%, respectively. A comparative study with existing works shows that our method can achieve state-of-the-art performance on the ToN_IoT dataset.
10
Wang, Zhen Qi, and Dan Kai Zhang. "HIDS and NIDS Hybrid Intrusion Detection System Model Design." Advanced Engineering Forum 6-7 (September 2012): 991–94. http://dx.doi.org/10.4028/www.scientific.net/aef.6-7.991.
Full textAbstract:
With the popularity of Internet applications, network security has become one of the issues affecting the world economy. Currently, there is a large space to develop for intrusion detection systems as a relatively new field. For the faults of HIDS or NIDS network intrusion detection system, Papers has designed a hybrid HIDS and NIDS intrusion detection system model, and the introduction of Agent systems, finally through analysis the hybrid model of intrusion detection system, we can acquire its advantages.
11
Wang, Yunhui, Zifei Liu, Weichu Zheng, Jinyan Wang, Hongjian Shi, and Mingyu Gu. "A Combined Multi-Classification Network Intrusion Detection System Based on Feature Selection and Neural Network Improvement." Applied Sciences 13, no. 14 (2023): 8307. http://dx.doi.org/10.3390/app13148307.
Full textAbstract:
Feature loss in IoT scenarios is a common problem. This situation poses a greater challenge in terms of real-time and accuracy for the security of intelligent edge computing systems, which also includes network security intrusion detection systems (NIDS). Losing some packet information can easily confuse NIDS and cause an oversight of security systems. We propose a novel network intrusion detection framework based on an improved neural network. The new framework uses 23 subframes and a mixer for multi-classification work, which improves the parallelism of NIDS and is more adaptable to edge networks. We also incorporate the K-Nearest Neighbors (KNN) algorithm and Genetic Algorithm (GA) for feature selection, reducing parameters, communication, and memory overhead. We named the above system as Combinatorial Multi-Classification-NIDS (CM-NIDS). Experiments demonstrate that our framework can be more flexible in terms of the parameters of binary classification, has a fairly high accuracy in multi-classification, and is less affected by feature loss.
12
Xu, J., and C. R. Shelton. "Intrusion Detection using Continuous Time Bayesian Networks." Journal of Artificial Intelligence Research 39 (December 23, 2010): 745–74. http://dx.doi.org/10.1613/jair.3050.
Full textAbstract:
Intrusion detection systems (IDSs) fall into two high-level categories: network-based systems (NIDS) that monitor network behaviors, and host-based systems (HIDS) that monitor system calls. In this work, we present a general technique for both systems. We use anomaly detection, which identifies patterns not conforming to a historic norm. In both types of systems, the rates of change vary dramatically over time (due to burstiness) and over components (due to service difference). To efficiently model such systems, we use continuous time Bayesian networks (CTBNs) and avoid specifying a fixed update interval common to discrete-time models. We build generative models from the normal training data, and abnormal behaviors are flagged based on their likelihood under this norm. For NIDS, we construct a hierarchical CTBN model for the network packet traces and use Rao-Blackwellized particle filtering to learn the parameters. We illustrate the power of our method through experiments on detecting real worms and identifying hosts on two publicly available network traces, the MAWI dataset and the LBNL dataset. For HIDS, we develop a novel learning method to deal with the finite resolution of system log file time stamps, without losing the benefits of our continuous time model. We demonstrate the method by detecting intrusions in the DARPA 1998 BSM dataset.
13
Figueiredo, João, Carlos Serrão, and Ana Maria de Almeida. "Deep Learning Model Transposition for Network Intrusion Detection Systems." Electronics 12, no. 2 (2023): 293. http://dx.doi.org/10.3390/electronics12020293.
Full textAbstract:
Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.
14
Song, Youngrok, Sangwon Hyun, and Yun-Gyung Cheong. "Analysis of Autoencoders for Network Intrusion Detection." Sensors 21, no. 13 (2021): 4294. http://dx.doi.org/10.3390/s21134294.
Full textAbstract:
As network attacks are constantly and dramatically evolving, demonstrating new patterns, intelligent Network Intrusion Detection Systems (NIDS), using deep-learning techniques, have been actively studied to tackle these problems. Recently, various autoencoders have been used for NIDS in order to accurately and promptly detect unknown types of attacks (i.e., zero-day attacks) and also alleviate the burden of the laborious labeling task. Although the autoencoders are effective in detecting unknown types of attacks, it takes tremendous time and effort to find the optimal model architecture and hyperparameter settings of the autoencoders that result in the best detection performance. This can be an obstacle that hinders practical applications of autoencoder-based NIDS. To address this challenge, we rigorously study autoencoders using the benchmark datasets, NSL-KDD, IoTID20, and N-BaIoT. We evaluate multiple combinations of different model structures and latent sizes, using a simple autoencoder model. The results indicate that the latent size of an autoencoder model can have a significant impact on the IDS performance.
15
Lama, Amin, and Dr Preeti Savant. "A SURVEY ON NETWORK-BASED INTRUSION DETECTION SYSTEMS USING MACHINE LEARNING ALGORITHMS." International Journal of Engineering Applied Sciences and Technology 6, no. 9 (2022): 225–30. http://dx.doi.org/10.33564/ijeast.2022.v06i09.031.
Full textAbstract:
Network security is of central significance in the current information world. Due to the rapid increase of network-enabled devices, there is a significant risk of network intrusion more than ever. Hackers and intruders can successfully attack to cause the crash of the networks and web services by the unauthorized intrusion, which may cause a significant loss to an organization in terms of data and money. So, it is high time to create an intrusion detection system that can detect all types of intrusion. Due to the rapid growth and significant results of machine learning (ML) algorithms in several areas, there has recently been much interest in applying them to network security. The network-based intrusion detection system (NIDS) has much promise to be the borderline of defense against intrusions in the current information communication technology (ICT) era, and it's a critical aspect of network security. Due to the dynamic nature of attacks, intrusion detection datasets are available publicly. Intrusion detection systems are the backbone of the networks and data protection. Various IDS approaches have been used over time to achieve maximum detection accuracy. This paper investigates the different machine learning methods used to deploy network-based intrusion detection systems. This survey could give scholars a better grasp of present methodologies and help them find research possibilities and do further research in this area.
16
Song, Jiaming, Xiaojuan Wang, Mingshu He, and Lei Jin. "CSK-CNN: Network Intrusion Detection Model Based on Two-Layer Convolution Neural Network for Handling Imbalanced Dataset." Information 14, no. 2 (2023): 130. http://dx.doi.org/10.3390/info14020130.
Full textAbstract:
In computer networks, Network Intrusion Detection System (NIDS) plays a very important role in identifying intrusion behaviors. NIDS can identify abnormal behaviors by analyzing network traffic. However, the performance of classifier is not very good in identifying abnormal traffic for minority classes. In order to improve the detection rate on class imbalanced dataset, we propose a network intrusion detection model based on two-layer CNN and Cluster-SMOTE + K-means algorithm (CSK-CNN) to process imbalanced dataset. CSK combines the cluster based Synthetic Minority Over Sampling Technique (Cluster-SMOTE) and K-means based under sampling algorithm. Through the two-layer network, abnormal traffic can not only be identified, but also be classified into specific attack types. This paper has been verified on UNSW-NB15 dataset and CICIDS2017 dataset, and the performance of the proposed model has been evaluated using such indicators as accuracy, recall, precision, F1-score, ROC curve, AUC value, training time and testing time. The experiment shows that the proposed CSK-CNN in this paper is obviously superior to other comparison algorithms in terms of network intrusion detection performance, and is suitable for deployment in the real network environment.
17
Kim, Taehoon, and Wooguil Pak. "Scalable Inline Network-Intrusion Detection System with Minimized Memory Requirement." Electronics 12, no. 9 (2023): 2061. http://dx.doi.org/10.3390/electronics12092061.
Full textAbstract:
Currently used network-intrusion detection systems (NIDSs) using deep learning have limitations in processing large amounts of data in real time. This is because collecting flow information and creating features are time consuming and require considerable memory. To solve this problem, a novel NIDS with θ(1) memory complexity for processing a flow is proposed in this study. Owing to its small memory requirement, the proposed model can handle numerous concurrent flows. In addition, it uses raw packet data as input features for the deep learning models, resulting in a lightweight feature-creation process. For fast detection, the proposed NIDS classifies a flow using a received packet, though it is prone to false detection. This weakness is solved through the validation model proposed in this research, resulting in high detection accuracy. Furthermore, real-time detection is possible since intrusion detection can be performed for every received packet using the Inception model. A performance comparison with existing methods confirmed an effectively improved detection time and lower memory requirement by 73% and 77% on average while maintaining high detection accuracy. Thus, the proposed model can effectively overcome the problems with modern deep-learning-based NIDSs.
18
Al Lail, Mustafa, Alejandro Garcia, and Saul Olivo. "Machine Learning for Network Intrusion Detection—A Comparative Study." Future Internet 15, no. 7 (2023): 243. http://dx.doi.org/10.3390/fi15070243.
Full textAbstract:
Modern society has quickly evolved to utilize communication and data-sharing media with the advent of the internet and electronic technologies. However, these technologies have created new opportunities for attackers to gain access to confidential electronic resources. As a result, data breaches have significantly impacted our society in multiple ways. To mitigate this situation, researchers have developed multiple security countermeasure techniques known as Network Intrusion Detection Systems (NIDS). Despite these techniques, attackers have developed new strategies to gain unauthorized access to resources. In this work, we propose using machine learning (ML) to develop a NIDS system capable of detecting modern attack types with a very high detection rate. To this end, we implement and evaluate several ML algorithms and compare their effectiveness using a state-of-the-art dataset containing modern attack types. The results show that the random forest model outperforms other models, with a detection rate of modern network attacks of 97 percent. This study shows that not only is accurate prediction possible but also a high detection rate of attacks can be achieved. These results indicate that ML has the potential to create very effective NIDS systems.
19
Hussien et al., Zaid. "Anomaly Detection Approach Based on Deep Neural Network and Dropout." Baghdad Science Journal 17, no. 2(SI) (2020): 0701. http://dx.doi.org/10.21123/bsj.2020.17.2(si).0701.
Full textAbstract:
Regarding to the computer system security, the intrusion detection systems are fundamental components for discriminating attacks at the early stage. They monitor and analyze network traffics, looking for abnormal behaviors or attack signatures to detect intrusions in early time. However, many challenges arise while developing flexible and efficient network intrusion detection system (NIDS) for unforeseen attacks with high detection rate. In this paper, deep neural network (DNN) approach was proposed for anomaly detection NIDS. Dropout is the regularized technique used with DNN model to reduce the overfitting. The experimental results applied on NSL_KDD dataset. SoftMax output layer has been used with cross entropy loss function to enforce the proposed model in multiple classification, including five labels, one is normal and four others are attacks (Dos, R2L, U2L and Probe). Accuracy metric was used to evaluate the model performance. The proposed model accuracy achieved to 99.45%. Commonly the recognition time is reduced in the NIDS by using feature selection technique. The proposed DNN classifier implemented with feature selection algorithm, and obtained on accuracy reached to 99.27%.
20
Imtiaz, Syed Ibrahim, Liaqat Ali Khan, Ahmad S. Almadhor, et al. "Efficient Approach for Anomaly Detection in Internet of Things Traffic Using Deep Learning." Wireless Communications and Mobile Computing 2022 (September 10, 2022): 1–15. http://dx.doi.org/10.1155/2022/8266347.
Full textAbstract:
The network intrusion detection system (NIDs) is a significant research milestone in information security. NIDs can scan and analyze the network to detect an attack or anomaly, which may be a continuing intrusion or perhaps an intrusion that has just occurred. During the pandemic, cybercriminals realized that home networks lurked with vulnerabilities due to a lack of security and computational limitations. A fundamental difficulty in NIDs is providing an effective, robust, lightweight, and rapid framework to perform real-time intrusion detection. This research proposes an efficient, functional cybersecurity approach based on machine/deep learning algorithms to detect anomalies using lightweight network-based IDs. A lightweight, real-time, network-based anomaly detection system can be used to secure connected IoT devices. The UNSW-NB15 dataset is used to evaluate the proposed approach DeepNet and compare results alongside other state-of-the-art existing techniques. For the classification of network-based anomalies, the proposed model achieves 99.16% accuracy by using all features and 99.14% accuracy after feature reduction. The experimental results show that the network anomalies depend exceptionally on features selected after selection.
21
Ahmed, Hafiza Anisa, Anum Hameed, and Narmeen Zakaria Bawany. "Network intrusion detection using oversampling technique and machine learning algorithms." PeerJ Computer Science 8 (January 7, 2022): e820. http://dx.doi.org/10.7717/peerj-cs.820.
Full textAbstract:
The expeditious growth of the World Wide Web and the rampant flow of network traffic have resulted in a continuous increase of network security threats. Cyber attackers seek to exploit vulnerabilities in network architecture to steal valuable information or disrupt computer resources. Network Intrusion Detection System (NIDS) is used to effectively detect various attacks, thus providing timely protection to network resources from these attacks. To implement NIDS, a stream of supervised and unsupervised machine learning approaches is applied to detect irregularities in network traffic and to address network security issues. Such NIDSs are trained using various datasets that include attack traces. However, due to the advancement in modern-day attacks, these systems are unable to detect the emerging threats. Therefore, NIDS needs to be trained and developed with a modern comprehensive dataset which contains contemporary common and attack activities. This paper presents a framework in which different machine learning classification schemes are employed to detect various types of network attack categories. Five machine learning algorithms: Random Forest, Decision Tree, Logistic Regression, K-Nearest Neighbors and Artificial Neural Networks, are used for attack detection. This study uses a dataset published by the University of New South Wales (UNSW-NB15), a relatively new dataset that contains a large amount of network traffic data with nine categories of network attacks. The results show that the classification models achieved the highest accuracy of 89.29% by applying the Random Forest algorithm. Further improvement in the accuracy of classification models is observed when Synthetic Minority Oversampling Technique (SMOTE) is applied to address the class imbalance problem. After applying the SMOTE, the Random Forest classifier showed an accuracy of 95.1% with 24 selected features from the Principal Component Analysis method.
22
Mijalkovic, Jovana, and Angelo Spognardi. "Reducing the False Negative Rate in Deep Learning Based Network Intrusion Detection Systems." Algorithms 15, no. 8 (2022): 258. http://dx.doi.org/10.3390/a15080258.
Full textAbstract:
Network Intrusion Detection Systems (NIDS) represent a crucial component in the security of a system, and their role is to continuously monitor the network and alert the user of any suspicious activity or event. In recent years, the complexity of networks has been rapidly increasing and network intrusions have become more frequent and less detectable. The increase in complexity pushed researchers to boost NIDS effectiveness by introducing machine learning (ML) and deep learning (DL) techniques. However, even with the addition of ML and DL, some issues still need to be addressed: high false negative rates and low attack predictability for minority classes. Aim of the study was to address these problems that have not been adequately addressed in the literature. Firstly, we have built a deep learning model for network intrusion detection that would be able to perform both binary and multiclass classification of network traffic. The goal of this base model was to achieve at least the same, if not better, performance than the models observed in the state-of-the-art research. Then, we proposed an effective refinement strategy and generated several models for lowering the FNR and increasing the predictability for the minority classes. The obtained results proved that using the proper parameters is possible to achieve a satisfying trade-off between FNR, accuracy, and detection of the minority classes.
23
Li, Guoquan, Zheng Yan, Yulong Fu, and Hanlu Chen. "Data Fusion for Network Intrusion Detection: A Review." Security and Communication Networks 2018 (2018): 1–16. http://dx.doi.org/10.1155/2018/8210614.
Full textAbstract:
Rapid progress of networking technologies leads to an exponential growth in the number of unauthorized or malicious network actions. As a component of defense-in-depth, Network Intrusion Detection System (NIDS) has been expected to detect malicious behaviors. Currently, NIDSs are implemented by various classification techniques, but these techniques are not advanced enough to accurately detect complex or synthetic attacks, especially in the situation of facing massive high-dimensional data. Besides, the inherent defects of NIDSs, namely, high false alarm rate and low detection rate, have not been effectively solved. In order to solve these problems, data fusion (DF) has been applied into network intrusion detection and has achieved good results. However, the literature still lacks thorough analysis and evaluation on data fusion techniques in the field of intrusion detection. Therefore, it is necessary to conduct a comprehensive review on them. In this article, we focus on DF techniques for network intrusion detection and propose a specific definition to describe it. We review the recent advances of DF techniques and propose a series of criteria to compare their performance. Finally, based on the results of the literature review, a number of open issues and future research directions are proposed at the end of this work.
24
Moraboena, Srikanthyadav, Gayatri Ketepalli, and Padmaja Ragam. "A Deep Learning Approach to Network Intrusion Detection Using Deep Autoencoder." Revue d'Intelligence Artificielle 34, no. 4 (2020): 457–63. http://dx.doi.org/10.18280/ria.340410.
Full textAbstract:
The security of computer networks is critical for network intrusion detection systems (NIDS). However, concerns exist about the suitability and sustainable development of current approaches in light of modern networks. Such concerns are particularly related to increasing levels of human interaction required and decreased detection accuracy. These concerns are also highlighted. This post presents a modern intrusion prevention deep learning methodology. For unattended function instruction, we clarify our proposed Symmetric Deep Autoencoder (SDAE). Also, we are proposing our latest deep research classification model developed with stacked SDAEs. The classification proposed by the Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Canadian Institute for Cybersecurity -Intrusion Detection System (CICIDS 2017) data sets was implemented in Tensor Flow, a Graphics Procedure Unit (GPU) enabled and evaluated. We implemented and tested our experiment with different batch sizes using Adam optimizer. Promising findings from our model have been achieved so far, which demonstrates improvements over current solutions and the subsequent improvement for use in advanced NIDS.
25
Alshahrani, Ebtihaj, Daniyal Alghazzawi, Reem Alotaibi, and Osama Rabie. "Adversarial attacks against supervised machine learning based network intrusion detection systems." PLOS ONE 17, no. 10 (2022): e0275971. http://dx.doi.org/10.1371/journal.pone.0275971.
Full textAbstract:
Adversarial machine learning is a recent area of study that explores both adversarial attack strategy and detection systems of adversarial attacks, which are inputs specially crafted to outwit the classification of detection systems or disrupt the training process of detection systems. In this research, we performed two adversarial attack scenarios, we used a Generative Adversarial Network (GAN) to generate synthetic intrusion traffic to test the influence of these attacks on the accuracy of machine learning-based Intrusion Detection Systems(IDSs). We conducted two experiments on adversarial attacks including poisoning and evasion attacks on two different types of machine learning models: Decision Tree and Logistic Regression. The performance of implemented adversarial attack scenarios was evaluated using the CICIDS2017 dataset. Also, it was based on a comparison of the accuracy of machine learning-based IDS before and after attacks. The results show that the proposed evasion attacks reduced the testing accuracy of both network intrusion detection systems models (NIDS). That illustrates our evasion attack scenario negatively affected the accuracy of machine learning-based network intrusion detection systems, whereas the decision tree model was more affected than logistic regression. Furthermore, our poisoning attack scenario disrupted the training process of machine learning-based NIDS, whereas the logistic regression model was more affected than the decision tree.
26
Ahmed, Naveed, Asri bin Ngadi, Johan Mohamad Sharif, et al. "Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction." Sensors 22, no. 20 (2022): 7896. http://dx.doi.org/10.3390/s22207896.
Full textAbstract:
A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.
27
Wanjau, Stephen Kahara, Geoffrey Mariga Wambugu, and Aaron Mogeni Oirere. "Network Intrusion Detection Systems: A Systematic Literature Review o f Hybrid Deep Learning Approaches." International Journal of Emerging Science and Engineering 10, no. 7 (2022): 1–16. http://dx.doi.org/10.35940/ijese.f2530.0610722.
Full textAbstract:
Network Intrusion Detection Systems (NIDSs) have become standard security solutions that endeavours to discover unauthorized access to an organizational computer network by scrutinizing incoming and outgoing network traffic for signs of malicious activity. In recent years, deep learning based NIDSs have emerged as an active area of research in cybersecurity and several surveys have been done on these systems. Although a plethora of surveys exists covering this burgeoning body of research, there lacks in the literature an empirical analysis of the different hybrid deep learning models. This paper presents a review of hybrid deep learning models for network intrusion detection and pinpoints their characteristics which researchers and practitioners are exploiting to develop modern NIDSs. The paper first elucidates the concept of network intrusion detection systems. Secondly, the taxonomy of hybrid deep learning techniques employed in designing NIDSs is presented. Lastly, a survey of the hybrid deep learning based NIDS is presented. The study adopted the systematic literature review methodology, a formal and systematic procedure by conducting bibliographic review, while defining explicit protocols for obtaining information. The survey results suggest that hybrid deep learning-based models yield desirable performance compared to other deep learning algorithms. The results also indicate that optimization, empirical risk minimization and model complexity control are the most important characteristics in the design of hybrid deep learning-based models. Lastly, key issues in the literature exposed in the research survey are discussed and then propose several potential future directions for researchers and practitioners in the design of deep learning methods for network intrusion detection.
28
Li, Xiaonan, Hossein Ghodosi, Chao Chen, Mangalam Sankupellay, and Ickjai Lee. "Improving Network-Based Anomaly Detection in Smart Home Environment." Sensors 22, no. 15 (2022): 5626. http://dx.doi.org/10.3390/s22155626.
Full textAbstract:
The Smart Home (SH) has become an appealing target of cyberattacks. Due to the limitation of hardware resources and the various operating systems (OS) of current SH devices, existing security features cannot protect such an environment. Generally, the traffic patterns of an SH IoT device under attack often changes in the Home Area Network (HAN). Therefore, a Network-Based Intrusion Detection System (NIDS) logically becomes the forefront security solution for the SH. In this paper, we propose a novel method to assist classification machine learning algorithms generate an anomaly-based NIDS detection model, hence, detecting the abnormal SH IoT device network behaviour. Three network-based attacks were used to evaluate our NIDS solution in a simulated SH test-bed environment. The detection model generated by traditional and ensemble classification Mechanical Learning (ML) methods shows outstanding overall performance. The accuracy of all detection models is over 98.8%.
29
Alzahrani, Abdulsalam O., and Mohammed J. F. Alenazi. "Designing a Network Intrusion Detection System Based on Machine Learning for Software Defined Networks." Future Internet 13, no. 5 (2021): 111. http://dx.doi.org/10.3390/fi13050111.
Full textAbstract:
Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.
30
M. Banadaki, Yaser. "Evaluating the performance of machine learning algorithms for network intrusion detection systems in the internet of things infrastructure." Journal of Advanced Computer Science & Technology 9, no. 1 (2020): 14. http://dx.doi.org/10.14419/jacst.v9i1.30992.
Full textAbstract:
As numerous Internet-of-Things (IoT) devices are deploying on a daily basis, network intrusion detection systems (NIDS) are among the most critical tools to ensure the protection and security of networks against malicious cyberattacks. This paper employs four machine learning algorithms: XGBoost, random forest, decision tree, and gradient boosting, and evaluates their performance in NIDS, considering the accuracy, precision, recall, and F-score. The comparative analysis conducted using the CICIDS2017 dataset reveals that the XGBoost performs better than the other algorithms reaching the predicted accuracy of 99.6% in detecting cyberattacks. XGBoost-based attack detectors also have the largest weighted metrics of F1-score, precision, and recall. The paper also studies the effect of class imbalance and the size of the normal and attack classes. The small numbers of some attacks in training datasets mislead the classifier to bias towards the majority classes resulting in a bottleneck to improving macro recall and macro F1 score. The results assist the network engineers in choosing the most effective machine learning-based NIDS to ensure network security for today’s growing IoT network traffic.
31
Ghawade, Miss Manoshri A. "Study of Intrusion Detection System." International Journal for Research in Applied Science and Engineering Technology 9, no. VI (2021): 788–92. http://dx.doi.org/10.22214/ijraset.2021.34935.
Full textAbstract:
An intrusion detection system (IDS) could be a device or software application that observes a network for malicious activity or policy violations. Any malicious activity or violation is often reported or collected centrally employing a security information and event management system. Some IDS’s are proficient of responding to detected intrusion upon discovery. These are classified as intrusion prevention systems (IPS). A system that analyzes incoming network traffic is thought as Network intrusion detection system (NIDS). A system that monitors important software files is understood as Host intrusion detection system (HIDS). Wireless sensor networks (WSNs) are vulnerable to different kinds of security threats which will degenrate the performance of the entire network; that may lead to fatal problems like denial of service (DoS) attacks, direction attacks, Sybil attack etc. Key management protocols, authentication protocols and secure routing cannot provide security to WSNs for these varieties of attacks. Intrusion detection system (IDS) could be a solution to the present problem. It analyzes the network by collecting sufficient amount of knowledge and detects abnormal behavior of sensor node(s).
32
Usman, Saifudin, Idris Winarno, and Amang Sudarsono. "SDN-Based Network Intrusion Detection as DDoS defense system for Virtualization Environment." EMITTER International Journal of Engineering Technology 9, no. 2 (2021): 252–67. http://dx.doi.org/10.24003/emitter.v9i2.616.
Full textAbstract:
Nowadays, DDoS attacks are often aimed at cloud computing environments, as more people use virtualization servers. With so many Nodes and distributed services, it will be challenging to rely solely on conventional networks to control and monitor intrusions. We design and deploy DDoS attack defense systems in virtualization environments based on Software-defined Networking (SDN) by combining signature-based Network Intrusion Detection Systems (NIDS) and sampled flow (sFlow). These techniques are practically tested and evaluated on the Proxmox production Virtualization Environment testbed, adding High Availability capabilities to the Controller. The evaluation results show that it promptly detects several types of DDoS attacks and mitigates their negative impact on network performance. Moreover, it also shows good results on Quality of Service (QoS) parameters such as average packet loss about 0 %, average latency about 0.8 ms, and average bitrate about 860 Mbit/s.
33
de Caldas Filho, Francisco Lopes, Samuel Carlos Meneses Soares, Elder Oroski, et al. "Botnet Detection and Mitigation Model for IoT Networks Using Federated Learning." Sensors 23, no. 14 (2023): 6305. http://dx.doi.org/10.3390/s23146305.
Full textAbstract:
The Internet of Things (IoT) introduces significant security vulnerabilities, raising concerns about cyber-attacks. Attackers exploit these vulnerabilities to launch distributed denial-of-service (DDoS) attacks, compromising availability and causing financial damage to digital infrastructure. This study focuses on mitigating DDoS attacks in corporate local networks by developing a model that operates closer to the attack source. The model utilizes Host Intrusion Detection Systems (HIDS) to identify anomalous behaviors in IoT devices and employs network-based intrusion detection approaches through a Network Intrusion Detection System (NIDS) for comprehensive attack identification. Additionally, a Host Intrusion Detection and Prevention System (HIDPS) is implemented in a fog computing infrastructure for real-time and precise attack detection. The proposed model integrates NIDS with federated learning, allowing devices to locally analyze their data and contribute to the detection of anomalous traffic. The distributed architecture enhances security by preventing volumetric attack traffic from reaching internet service providers and destination servers. This research contributes to the advancement of cybersecurity in local network environments and strengthens the protection of IoT networks against malicious traffic. This work highlights the efficiency of using a federated training and detection procedure through deep learning to minimize the impact of a single point of failure (SPOF) and reduce the workload of each device, thus achieving accuracy of 89.753% during detection and increasing privacy issues in a decentralized IoT infrastructure with a near-real-time detection and mitigation system.
34
Anjum, Naveed, Zohaib Latif, Choonhwa Lee, Ijaz Ali Shoukat, and Umer Iqbal. "MIND: A Multi-Source Data Fusion Scheme for Intrusion Detection in Networks." Sensors 21, no. 14 (2021): 4941. http://dx.doi.org/10.3390/s21144941.
Full textAbstract:
In recent years, there is an exponential explosion of data generation, collection, and processing in computer networks. With this expansion of data, network attacks have also become a congenital problem in complex networks. The resource utilization, complexity, and false alarm rates are major challenges in current Network Intrusion Detection Systems (NIDS). The data fusion technique is an emerging technology that merges data from multiple sources to form more certain, precise, informative, and accurate data. Moreover, most of the earlier intrusion detection models suffer from overfitting problems and lack optimal detection of intrusions. In this paper, we propose a multi-source data fusion scheme for intrusion detection in networks (MIND) , where data fusion is performed by the horizontal emergence of two datasets. For this purpose, the Hadoop MapReduce tool such as, Hive is used. In addition, a machine learning ensemble classifier is used for the fused dataset with fewer parameters. Finally, the proposed model is evaluated with a 10-fold-cross validation technique. The experiments show that the average accuracy, detection rate, false positive rate, true positive rate, and F-measure are 99.80%, 99.80%, 0.29%, 99.85%, and 99.82% respectively. Moreover, the results indicate that the proposed model is significantly effective in intrusion detection compared to other state-of-the-art methods.
35
de Carvalho Bertoli, Gustavo, Lourenço Alves Pereira Júnior, and Osamu Saotome. "Improving detection of scanning attacks on heterogeneous networks with Federated Learning." ACM SIGMETRICS Performance Evaluation Review 49, no. 4 (2022): 118–23. http://dx.doi.org/10.1145/3543146.3543172.
Full textAbstract:
Scanning attacks are the first step in the attempt to compromise the security of systems. Machine learning (ML) has been used for network intrusion detection systems (NIDS) to protect systems by learning misbehavior based on network traffic. This paper demonstrates that Federated Learning (FL) is a promising approach to achieve better detection performance than traditional local training and inference on distributed agents. Also, this FL approach brings privacy, efficiency, and it is suitable for distributed ML-based NIDS solutions. We present a horizontal FL setup using Logistic Regression with FedAvg strategy applied to 13 agents (data silos) capable of providing an iterative process of constant learning improvement. Our results indicate a more stable learning process when observed the F1-score average, whereas the traditional NIDS approach (local trained models) present lesser performance and bigger variability to classify scanning and benign traffic. We tested our model performance on the TON_IoT dataset containing network traffic from a virtualized heterogeneous network composed of cloud, fog, and edge layers.
36
de Carvalho Bertoli, Gustavo, Lourenço Alves Pereira Júnior, and Osamu Saotome. "Improving detection of scanning attacks on heterogeneous networks with Federated Learning." ACM SIGMETRICS Performance Evaluation Review 49, no. 4 (2022): 118–23. http://dx.doi.org/10.1145/3543146.3543172.
Full textAbstract:
Scanning attacks are the first step in the attempt to compromise the security of systems. Machine learning (ML) has been used for network intrusion detection systems (NIDS) to protect systems by learning misbehavior based on network traffic. This paper demonstrates that Federated Learning (FL) is a promising approach to achieve better detection performance than traditional local training and inference on distributed agents. Also, this FL approach brings privacy, efficiency, and it is suitable for distributed ML-based NIDS solutions. We present a horizontal FL setup using Logistic Regression with FedAvg strategy applied to 13 agents (data silos) capable of providing an iterative process of constant learning improvement. Our results indicate a more stable learning process when observed the F1-score average, whereas the traditional NIDS approach (local trained models) present lesser performance and bigger variability to classify scanning and benign traffic. We tested our model performance on the TON_IoT dataset containing network traffic from a virtualized heterogeneous network composed of cloud, fog, and edge layers.
37
Lu, Chunlin, Yue Li, Mingjie Ma, and Na Li. "A Hybrid NIDS Model Using Artificial Neural Network and D-S Evidence." International Journal of Digital Crime and Forensics 8, no. 1 (2016): 37–50. http://dx.doi.org/10.4018/ijdcf.2016010103.
Full textAbstract:
Artificial Neural Networks (ANNs), especially back-propagation (BP) neural network, can improve the performance of intrusion detection systems. However, for the current network intrusion detection methods, the detection precision, especially for low-frequent attacks, detection stability and training time are still needed to be enhanced. In this paper, a new model which based on optimized BP neural network and Dempster-Shafer theory to solve the above problems and help NIDS to achieve higher detection rate, less false positive rate and stronger stability. The general process of the authors' model is as follows: firstly dividing the main extracted feature into several different feature subsets. Then, based on different feature subsets, different ANN models are trained to build the detection engine. Finally, the D-S evidence theory is employed to integration these results, and obtain the final result. The effectiveness of this method is verified by experimental simulation utilizing KDD Cup1999 dataset.
38
Imrana, Yakubu, Yanping Xiang, Liaqat Ali та ін. "χ2-BidLSTM: A Feature Driven Intrusion Detection System Based on χ2 Statistical Model and Bidirectional LSTM". Sensors 22, № 5 (2022): 2018. http://dx.doi.org/10.3390/s22052018.
Full textAbstract:
In a network architecture, an intrusion detection system (IDS) is one of the most commonly used approaches to secure the integrity and availability of critical assets in protected systems. Many existing network intrusion detection systems (NIDS) utilize stand-alone classifier models to classify network traffic as an attack or as normal. Due to the vast data volume, these stand-alone models struggle to reach higher intrusion detection rates with low false alarm rates( FAR). Additionally, irrelevant features in datasets can also increase the running time required to develop a model. However, data can be reduced effectively to an optimal feature set without information loss by employing a dimensionality reduction method, which a classification model then uses for accurate predictions of the various network intrusions. In this study, we propose a novel feature-driven intrusion detection system, namely χ2-BidLSTM, that integrates a χ2 statistical model and bidirectional long short-term memory (BidLSTM). The NSL-KDD dataset is used to train and evaluate the proposed approach. In the first phase, the χ2-BidLSTM system uses a χ2 model to rank all the features, then searches an optimal subset using a forward best search algorithm. In next phase, the optimal set is fed to the BidLSTM model for classification purposes. The experimental results indicate that our proposed χ2-BidLSTM approach achieves a detection accuracy of 95.62% and an F-score of 95.65%, with a low FAR of 2.11% on NSL-KDDTest+. Furthermore, our model obtains an accuracy of 89.55%, an F-score of 89.77%, and an FAR of 2.71% on NSL-KDDTest−21, indicating the superiority of the proposed approach over the standard LSTM method and other existing feature-selection-based NIDS methods.
39
Karimov, M., and M. Sagatov. "Application the Aho-Corasick Algorithm for Improving a Intrusion Detection System." Mathematical and computer modelling. Series: Technical sciences, no. 22 (November 26, 2021): 67–76. http://dx.doi.org/10.32626/2308-5916.2021-22.67-76.
Full textAbstract:
One of the main goals of studying pattern matching techniques is their significant role in real-world applications, such as the intru-sion detection systems branch. The purpose of the network attack detection systems NIDS is to protect the infocommunication net-work from unauthorized access. This article provides an analysis of the exact match and fuzzy matching methods, and discusses a new implementation of the classic Aho-Korasik pattern matching algo-rithm at the hardware level. The proposed approach to the imple-mentation of the Aho-Korasik algorithm can make it possible to ensure the efficient use of resources, such as memory and energy.
40
Dutta, Vibekananda, Michał Choraś, Marek Pawlicki, and Rafał Kozik. "Detection of Cyberattacks Traces in IoT Data." JUCS - Journal of Universal Computer Science 26, no. 11 (2020): 1422–34. http://dx.doi.org/10.3897/jucs.2020.075.
Full textAbstract:
Artificial Intelligence plays a significant role in building effective cybersecurity tools. Security has a crucial role in the modern digital world and has become an essential area of research. Network Intrusion Detection Systems (NIDS) are among the first security systems that encounter network attacks and facilitate attack detection to protect a network. Contemporary machine learning approaches, like novel neural network architectures, are succeeding in network intrusion detection. This paper tests modern machine learning approaches on a novel cybersecurity benchmark IoT dataset. Among other algorithms, Deep AutoEncoder (DAE) and modified Long Short Term Memory (mLSTM) are employed to detect network anomalies in the IoT-23 dataset. The DAE is employed for dimensionality reduction and a host of ML methods, including Deep Neural Networks and Long Short-Term Memory to classify the outputs of into normal/malicious. The applied method is validated on the IoT-23 dataset. Furthermore, the results of the analysis in terms of evaluation matrices are discussed.
41
Song, Jian Hao, Gang Zhao, and Jun Yi Song. "Research on Property and Model Optimization of Multiclass SVM for NIDS." Applied Mechanics and Materials 347-350 (August 2013): 3696–701. http://dx.doi.org/10.4028/www.scientific.net/amm.347-350.3696.
Full textAbstract:
By investigating insufficiency of typical artificial intelligence algorithms aiming at the high rate of False-Positives and False-Negatives in the Intrusion Detection Systems (IDS), this paper presents an approach that Support Vector Machine (SVM) is embedded in Network Intrusion Detection System (NIDS). At the same time, by using online data and K-fold cross-validation method, this paper proposes a method to optimize the attributes and model of SVM respectively. Experimental results show that by using this method as the detection core of the intrusion detection system, the rate of False-Negatives in IDS can be reduced significantly.
42
Sienna Arscott. "Intrusion Detection Technique for Security Statistics." Mathematical Statistician and Engineering Applications 67, no. 1 (2018): 01–08. http://dx.doi.org/10.17762/msea.v67i1.1.
Full textAbstract:
An Intrusion Detection System (IDS) is an hardware device or programming application that screens organize and additionally framework or host exercises for malevolent exercises or strategy infringement, makes and sends reports to a Management Station or System Administrator which concludes whether to make a move on the interruption or it was just a bogus alert. There are two kinds of Intrusion Detection Systems: Host based and Network based. System Intrusion Detection System (NIDS) distinguishes interruptions by inspecting system traffic and screens different hosts associated with the network.It catches all system traffic and investigates the substance of individual bundles for malicious traffic.
43
Vinayakumar R, Soman KP, and Prabaharan Poornachandran. "A Comparative Analysis of Deep Learning Approaches for Network Intrusion Detection Systems (N-IDSs)." International Journal of Digital Crime and Forensics 11, no. 3 (2019): 65–89. http://dx.doi.org/10.4018/ijdcf.2019070104.
Full textAbstract:
Recently, due to the advance and impressive results of deep learning techniques in the fields of image recognition, natural language processing and speech recognition for various long-standing artificial intelligence (AI) tasks, there has been a great interest in applying towards security tasks too. This article focuses on applying these deep taxonomy techniques to network intrusion detection system (N-IDS) with the aim to enhance the performance in classifying the network connections as either good or bad. To substantiate this to NIDS, this article models network traffic as a time series data, specifically transmission control protocol / internet protocol (TCP/IP) packets in a predefined time-window with a supervised deep learning methods such as recurrent neural network (RNN), identity matrix of initialized values typically termed as identity recurrent neural network (IRNN), long short-term memory (LSTM), clock-work RNN (CWRNN) and gated recurrent unit (GRU), utilizing connection records of KDDCup-99 challenge data set. The main interest is given to evaluate the performance of RNN over newly introduced method such as LSTM and IRNN to alleviate the vanishing and exploding gradient problem in memorizing the long-term dependencies. The efficient network architecture for all deep models is chosen based on comparing the performance of various network topologies and network parameters. The experiments of such chosen efficient configurations of deep models were run up to 1,000 epochs by varying learning-rates between 0.01-05. The observed results of IRNN are relatively close to the performance of LSTM on KDDCup-99 NIDS data set. In addition to KDDCup-99, the effectiveness of deep model architectures are evaluated on refined version of KDDCup-99: NSL-KDD and most recent one, UNSW-NB15 NIDS datasets.
44
Pitafi, Shahneela, Toni Anwar, and Zubair Sharif. "An Improved Approach Based on Density-Based Spatial Clustering of Applications with a Noise Algorithm for Intrusion Detection." Journal of Hunan University Natural Sciences 49, no. 12 (2022): 67–77. http://dx.doi.org/10.55463/issn.1674-2974.49.12.7.
Full textAbstract:
Network Intrusion detection systems (NIDS) are extremely important for make the network secure from unauthorized access. Numerous studies have already been conducted to detect the unauthorized access to achieve security. As the NIDS are still lacking in terms of accuracy, true positive rate (TPR) and the false positive rate (FPR) of the invasive events. The main cause of high FPR in intrusion detection systems is run with a default set of signatures. Issues in the detection rate are caused by feature similarities between man-made events and environmental events. Considering this fact, in this paper, we introduced a new intrusion detection algorithm named as I-DBSCAN by focusing on the above-mentioned issues to get the better results from the previously done experiments. We used clustering and classification techniques. The proposed algorithm is an enhanced version of the existing DBSCAN algorithm. However, this research can spot attacks on data from IDS. It is found that the novel algorithm achieved more accuracy when it is applied to four classification methods on KDD Cup 99 and NSL-KDD Cup99 data. The results of our proposed methodology are more efficient with the achievement of better accuracy level and false positive rate (FPR).
45
Alabdulatif, Abdulatif, and Sajjad Hussain Rizvi. "Network intrusion detection system using an optimized machine learning algorithm." Mehran University Research Journal of Engineering and Technology 42, no. 1 (2023): 153. http://dx.doi.org/10.22581/muet1982.2301.14.
Full textAbstract:
The rapid growth of the data-communications network for real-world commercial applications requires security and robustness. Network intrusion is one of the most prominent network attacks. Moreover, the variants of network intrusion have also been extensively reported in the literature. Network Intrusion Detection Systems (NIDS) have already been devised and proposed in the literature to handle this issue. In the recent literature, Kitsune, NIDS, and its dataset have received approx. 500 citations so far in 2019. But, still, the comprehensive parametric evaluation of this dataset using a machine learning algorithm was missing in the literature that could submit the best algorithm for network intrusion attack detection and classification in Kitsune. In this connection, two previous studies were reported to investigate the best machine algorithm (these two studies were reported by us). Through these studies, it was concluded that the Tree algorithm and its variants are best suited to detect and classify all eight types of network attacks available in the Kitsune dataset. In this study, the hyper-parameter optimization of the optimized Tree algorithm is presented for all eight types of network attack. In this study, the optimizer functions Bayesian, Grid Search, and Random Search were chosen. The performance has been ranked based on training and testing accuracy, training and testing cost, and prediction speed for each optimizer. This study will submit the best point hyper-parameter for the respective epoch against each optimizer.
46
Yuvaraja, M., S. Arunkumar, P. Vinodh Kumar, and L. Mary Immaculate Sheela. "Improved Grey Wolf Optimization- (IGWO-) Based Feature Selection on Multiview Features and Enhanced Multimodal-Sequential Network Intrusion Detection Approach." Wireless Communications and Mobile Computing 2023 (February 1, 2023): 1–13. http://dx.doi.org/10.1155/2023/8478457.
Full textAbstract:
The goal of the network intrusion detection system (NIDS) is to spot malicious activity in a network. It seeks to do that by examining the behavior of the traffic network. To find abnormalities, the NIDS heavily use machine learning (ML) and data mining techniques. The performance of NIDSs is significantly impacted by feature selection. This is due to the numerous characteristics that are used in anomaly identification, which take a lot of time. The time required to analyze traffic behavior and raise the accuracy level is thus influenced by the feature selection strategy. In the current work, the researcher’s goal was to provide a feature selection model for NIDSs. IGWO (improved grey wolf optimizations) for FSs (feature selections) was proposed to address these difficulties. The three primary processes in this proposed study are preprocessing, extractions and classifications of FSs, and evaluations of results. IGWOs are used to choose a subset of input variables by minimizing features to measure the accuracy in the search space and discover the best solution. A particular structure of HPNs (hierarchical progressive networks) is controlled by the MDAEs (multimodal deep autoencoders) and ABLSTMs (attention-based long short-term memories) for enhanced multimodal-sequential IDSs, i.e., AB-LSTMs. It is possible to understand relationships between neighboring network connections automatically and efficiently integrate information from many levels of characteristics inside a network connection using the EMS-DHPN technique simultaneously. This work’s suggested hybrid IDSs called IGWO-EMS-DHPN technique were evaluated using two intrusion datasets: UNSW-NB15 and CICIDS-2017 which is compared with other existing classifiers in terms of relative accuracies, precisions, recalls, and F 1 -scores in categorizations. While several classifiers have been developed, the suggested IGWO-EMS-DHPN classifier obtains maximum accuracy.
47
Zhong, Shao Hong, Hua Jun Huang, and Ai Bin Chen. "An Effective Intrusion Detection Model Based on Random Forest and Neural Networks." Advanced Materials Research 267 (June 2011): 308–13. http://dx.doi.org/10.4028/www.scientific.net/amr.267.308.
Full textAbstract:
This document explains and demonstrates how to prepare your camera-ready manuscript for Trans Tech Publications. The best is to read these instructions and follow the outline of this text. The text area for your manuscript must be 17 cm wide and 25 cm high (6.7 and 9.8 inches, resp.). Do not place any text outside this area. Use good quality, white paper of approximately 21 x 29 cm or 8 x 11 inches (please do not change the document setting from A4 to letter). Your manuscript will be reduced by approximately 20% by the publisher. Please keep this in mind when designing your figures and tables etc.Intrusion detection is a very important research domain in network security. Current intrusion detection systems (IDS) especially NIDS (Network Intrusion Detection System) examine all data features to detect intrusions. Also, many machine learning and data mining methods are utilized to fulfill intrusion detection tasks. This paper proposes an effective intrusion detection model that is computationally efficient and effective based on Random Forest based feature selection approach and Neural Networks (NN) model. We firstly utilize random forest method to select the most important features to eliminate the insignificant and/or useless inputs leads to a simplification of the problem, in order to faster and more accurate detection; Secondly, classic NN model is used to learn and detect intrusions using the selected important features. Experimental results on the well-known KDD 1999 dataset demonstrate the proposed hybrid model is actually effective.
48
Abu Al-Haija, Qasem, and Ahmad Al-Badawi. "Attack-Aware IoT Network Traffic Routing Leveraging Ensemble Learning." Sensors 22, no. 1 (2021): 241. http://dx.doi.org/10.3390/s22010241.
Full textAbstract:
Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%.
49
Hagar, Abdulnaser A., and Bharti W. Gawali. "Apache Spark and Deep Learning Models for High-Performance Network Intrusion Detection Using CSE-CIC-IDS2018." Computational Intelligence and Neuroscience 2022 (August 26, 2022): 1–11. http://dx.doi.org/10.1155/2022/3131153.
Full textAbstract:
Keeping computers secure is becoming challenging as networks grow and new network-based technologies emerge. Cybercriminals’ attack surface expands with the release of new internet-enabled products. As many cyberattacks affect businesses’ confidentiality, availability, and integrity, network intrusion detection systems (NIDS) show an essential role. Network-based intrusion detection uses datasets like CSE-CIC-IDS2018 to train prediction models. With fourteen types of attacks included, the latest big data set for intrusion detection is available to the public. This work proposes three models, two deep learning convolutional neural networks (CNN), long short-term memory (LSTM), and Apache Spark, to improve the detection of all types of attacks. To reduce the dimensionality, random forests (RF) was employed to select the important features; it gave 19 from 84 features. The dataset is imbalanced; thus, oversampling and undersampling techniques reduce the imbalance ratio. The Apache Spark model produced the best results across all 15 classes, with accuracy as high as 100% for all classes, as seen by the experiments’ findings. For the F1-score, Apache Spark showed the highest results with 1.00 for most classes. The findings of the three models showed outstanding results for multiclassification network intrusion detection.
50
Saputra, Ferry Astika, Muhammad Salman, Jauari Akhmad Nur Hasim, Isbat Uzzin Nadhori, and Kalamullah Ramli. "The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data." Big Data and Cognitive Computing 6, no. 1 (2022): 19. http://dx.doi.org/10.3390/bdcc6010019.
Full textAbstract:
Snort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and network policy. Additionally, the growing number of sensor instances, followed by a quick increase in log data volume, has caused the present system to face big data challenges. This research paper proposes a novel design for a cloud-based Snort NIDS using containers and implementing big data in the defense center to overcome these problems. Our design consists of Docker as the sensor’s platform, Apache Kafka, as the distributed messaging system, and big data technology orchestrated on lambda architecture. We conducted experiments to measure sensor deployment, optimum message delivery from the sensors to the defense center, aggregation speed, and efficiency in the data-processing performance of the defense center. We successfully developed a cloud-based Snort NIDS and found the optimum method for message-delivery from the sensor to the defense center. We also succeeded in developing the dashboard and attack maps to display the attack statistics and visualize the attacks. Our first design is reported to implement the big data architecture, namely, lambda architecture, as the defense center and utilize rapid deployment of Snort NIDS using Docker technology as the network security monitoring platform.