Soft Computing‐Based Intrusion Detection System With Reduced False Positive Rate

Detection System ◽

False Positive Rate ◽

False Positives ◽

The Real ◽

Detection Model ◽

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Minimize the False Positive Rate in a Database Intrusion Detection System

International Journal of Computer Science and Information Technology ◽

10.5121/ijcsit.2011.3503 ◽

2011 ◽

Vol 3 (5) ◽

pp. 29-38 ◽

Cited By ~ 2

Author(s):

Rezk ◽

H Ali ◽

El Mikkawy ◽

Barakat

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Positive Rate ◽

Database Intrusion Detection

Evaluation Of Efficiency For Intrusion Detection System Using Gini Index C5 Algorithm

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8593.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 2196-2200 ◽

Cited By ~ 1

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Gini Index ◽

Detection System ◽

False Positive Rate ◽

Principal Component ◽

Statistical Technique ◽

Data Mining Technique ◽

Security is the critical part in the computers and the networks which connect the computers each other’s through network for communication or exchange the data. It is a wide complex to secure the data while transmitting the data between the system/networks. The intrusion detection is a mechanism to protect the data. There are various existing mechanisms for intrusion detection namely neural network, data mining technique, fuzzy logic, statistical technique etc. In this paper, Principal Component Analysis is applied to reduce the features and Gini index C5 algorithm is used to investigate and evaluate the efficiency and false positive rate. The benchmark KDD dataset is used to evaluate the efficiency and minimize the false positive rate using Gini index C5 algorithm and compare with other algorithm which shows significant improvement and to experiment the KDD Dataset to improve the efficiency and minimize the false positive rate using MATLAB software and demonstrated with the KDD dataset

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

MALAYSIAN JOURNAL OF COMPUTING ◽

10.24191/mjoc.v3i2.3598 ◽

2018 ◽

Vol 3 (2) ◽

pp. 93

Author(s):

Gervais Hatungimana

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Significant Feature ◽

Features Selection ◽

Number Of Clusters ◽

Network Intrusion

Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and 0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

Handbook of Research on Intelligent Data Processing and Information Security Systems - Advances in Information Security, Privacy, and Ethics ◽

Association Rule-Mining-Based Intrusion Detection System With Entropy-Based Feature Selection

10.4018/978-1-7998-1290-6.ch001 ◽

2020 ◽

pp. 1-24

Author(s):

Devaraju Sellappan ◽

Ramakrishnan Srinivasan

Keyword(s):

Intrusion Detection ◽

Association Rule ◽

Association Rule Mining ◽

Detection System ◽

False Positive Rate ◽

Rule Mining ◽

Detection Rates ◽

Mining Algorithm ◽

Intrusion detection system (IDSs) are important to industries and organizations to solve the problems of networks, and various classifiers are used to classify the activity as malicious or normal. Today, the security has become a decisive part of any industrial and organizational information system. This chapter demonstrates an association rule-mining algorithm for detecting various network intrusions. The KDD dataset is used for experimentation. There are three input features classified as basic features, content features, and traffic features. There are several attacks are present in the dataset which are classified into Denial of Service (DoS), Probe, Remote to Local (R2L), and User to Root (U2R). The proposed method gives significant improvement in the detection rates compared with other methods. Association rule mining algorithm is proposed to evaluate the KDD dataset and dynamic data to improve the efficiency, reduce the false positive rate (FPR) and provides less time for processing.

A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks

Electronics ◽

10.3390/electronics8111210 ◽

2019 ◽

Vol 8 (11) ◽

pp. 1210 ◽

Cited By ~ 11

Author(s):

Khraisat ◽

Gondal ◽

Vamplew ◽

Kamruzzaman ◽

Alazab

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Detection System ◽

False Positive Rate ◽

Support Vector ◽

Detection Accuracy ◽

Lower False Positive Rate ◽

Positive Rate ◽

Iot Devices

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

IDSFS: A Signature Based Intrusion Detection System with High Pertinent Feature Selection Method

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2019.8.2.2145 ◽

2019 ◽

Vol 8 (2) ◽

pp. 25-31

Author(s):

S. Latha ◽

Sinthu Janita Prakash

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Detection System ◽

False Positive Rate ◽

Feature Selection Method ◽

Selection Method ◽

Positive Rate ◽

Frame Work ◽

Pertinent Feature

Securing a network from the attackers is a challenging task at present as many users involve in variety of computer networks. To protect any individual host in a network or the entire network, some security system must be implemented. In this case, the Intrusion Detection System (IDS) is essential to protect the network from the intruders. The IDS have to deal with a lot of network packets with different characteristics. A signature-based IDS is a potential tool to understand former attacks and to define suitable method to conquest it in variety of applications. This research article elucidates the objective of IDS with a mechanism which combines the network and host-based IDS. The benchmark dataset for DARPA is considered to generate the IDS mechanism. In this paper, a frame work IDSFS – a signature-based IDS with high pertinent feature selection method is framed. This frame work consists of earlier proposed Feature Selection method (HPFSM), Artificial Neural Network for classification of nodes or packets in the network, then the signatures or attack rules are configured by implementing Association Rule mining algorithm and finally the rules are restructured using a pattern matching algorithm-Aho-Corasick to ease the rule checking. The metrics like number of features, classification accuracy, False Positive Rate (FPR), Precision, Number of rules, Running Time and Memory consumption are checked and proved the proposed frame work’s efficiency.

Association Rule-Mining-Based Intrusion Detection System With Entropy-Based Feature Selection

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch010 ◽

2021 ◽

pp. 183-206

Author(s):

Devaraju Sellappan ◽

Ramakrishnan Srinivasan

Keyword(s):

Intrusion Detection ◽

Association Rule ◽

Association Rule Mining ◽

Detection System ◽

False Positive Rate ◽

Rule Mining ◽

Detection Rates ◽

Mining Algorithm ◽

Intrusion detection system (IDSs) are important to industries and organizations to solve the problems of networks, and various classifiers are used to classify the activity as malicious or normal. Today, the security has become a decisive part of any industrial and organizational information system. This chapter demonstrates an association rule-mining algorithm for detecting various network intrusions. The KDD dataset is used for experimentation. There are three input features classified as basic features, content features, and traffic features. There are several attacks are present in the dataset which are classified into Denial of Service (DoS), Probe, Remote to Local (R2L), and User to Root (U2R). The proposed method gives significant improvement in the detection rates compared with other methods. Association rule mining algorithm is proposed to evaluate the KDD dataset and dynamic data to improve the efficiency, reduce the false positive rate (FPR) and provides less time for processing.

Soft-computing-based false alarm reduction for hierarchical data of intrusion detection system

International Journal of Distributed Sensor Networks ◽

10.1177/1550147719883132 ◽

2019 ◽

Vol 15 (10) ◽

pp. 155014771988313 ◽

Cited By ~ 2

Author(s):

Parminder Singh ◽

Sujatha Krishnamoorthy ◽

Anand Nayyar ◽

Ashish Kr Luhach ◽

Avinash Kaur

Keyword(s):

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Soft Computing ◽

Detection System ◽

False Positive Rate ◽

Real Life ◽

Hierarchical Data ◽

Data Set

A false alarm rate of online anomaly-based intrusion detection system is a crucial concern. It is challenging to implement in the real-world scenarios when these anomalies occur sporadically. The existing intrusion detection system has been developed to limit or decrease the false alarm rate. However, the state-of-the-art approaches are attack or algorithm specific, which is not generic. In this article, a soft-computing-based approach has been designed to reduce the false-positive rate for hierarchical data of anomaly-based intrusion detection system. The recurrent neural network model is applied to classify the data set of intrusion detection system and normal instances for various subclasses. The designed approach is more practical, reason being, it does not require any assumption or knowledge of the data set structure. Experimental evaluation is conducted on various attacks on KDDCup’99 and NSL-KDD data sets. The proposed method enhances the intrusion detection systems that can work with data with dependent and independent features. Furthermore, this approach is also beneficial for real-life scenarios with a low occurrence of attacks.

Support Based Graph Framework for Effective Intrusion Detection and Classification

10.21203/rs.3.rs-1035364/v1 ◽

2021 ◽

Author(s):

Rahul B Adhao ◽

Vinod K Pachghare

Keyword(s):

Intrusion Detection ◽

False Positive ◽

Detection System ◽

False Positive Rate ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Krill Herd ◽

Positive Rate ◽

Time Accuracy

Abstract Intrusion Detection System is one of the worthwhile areas for researchers for a long. Numbers of researchers have worked for increasing the efficiency of Intrusion Detection Systems. But still, many challenges are present in modern Intrusion Detection Systems. One of the major challenges is controlling the false positive rate. In this paper, we have presented an efficient soft computing framework for the classification of intrusion detection dataset to diminish a false positive rate. The proposed processing steps are described as; the input data is at first pre-processed by the normalization process. Afterward, optimal features are chosen for the dimensionality decrease utilizing krill herd optimization. Here, the effective feature assortment is utilized to enhance classification accuracy. Support value is then estimated from ideally chosen features and lastly, a support value-based graph is created for the powerful classification of data into intrusion or normal. The exploratory outcomes demonstrate that the presented technique outperforms the existing techniques regarding different performance examinations like execution time, accuracy, false-positive rate, and their intrusion detection model increases the detection rate and decreases the false rate.