Evolutive Modeling of TCP/IP Network Traffic for Intrusion Detection

2000 ◽  
pp. 214-223
Author(s):  
Filippo Neri
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Ip Network

scholarly journals Intrusion Dataset Over Network Traffic of SDN and TCP/IP Network

2021 ◽  
pp. 694-701
Author(s):  
Karan Shingare ◽  
Rohit Nandurkar ◽  
Prashant Shrivastav ◽  
Shailesh Bendale
Keyword(s):  
Intrusion Detection ◽  
Network Topology ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Host System ◽  
Ip Network ◽  
The World

As the world is moving toward newer technologies and to meet the requirements of the same adapting toward different network topology. SDN is such example of a network which solves many issues or limitations of a traditional TCP/IP network. As majority of workspace is moving towards SDN, many new vulnerabilities are also emerging, and to protect the network and systems on these networks, in this paper we discuss and propose a dataset which would be helpful in training an intrusion detection system over SDN which would also include the intrusion dataset for traditional TCP/IP network too. We generate this data over SDN topology by attacking the host system present in the network, then analyse the generated data using CICFlowmeter which would give us the desired dataset for intrusion detection.

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

2018 ◽  
Vol 3 (2) ◽  
pp. 93
Author(s):  
Gervais Hatungimana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Significant Feature ◽  
Features Selection ◽  
Number Of Clusters ◽  
Network Intrusion

 Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and  0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

scholarly journals LA-GRU: Building Combined Intrusion Detection Model Based on Imbalanced Learning and Gated Recurrent Unit Neural Network

2018 ◽  
Vol 2018 ◽  
pp. 1-13 ◽  
Author(s):  
Binghao Yan ◽  
Guodong Han
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Network Traffic ◽  
Detection Performance ◽  
Imbalanced Learning ◽  
Traffic Distribution ◽  
Proposed Model ◽  
Gated Recurrent Unit

The intrusion detection models (IDMs) based on machine learning play a vital role in the security protection of the network environment, and, by learning the characteristics of the network traffic, these IDMs can divide the network traffic into normal behavior or attack behavior automatically. However, existing IDMs cannot solve the imbalance of traffic distribution, while ignoring the temporal relationship within traffic, which result in the reduction of the detection performance of the IDM and increase the false alarm rate, especially for low-frequency attacks. So, in this paper, we propose a new combined IDM called LA-GRU based on a novel imbalanced learning method and gated recurrent unit (GRU) neural network. In the proposed model, a modified local adaptive synthetic minority oversampling technique (LA-SMOTE) algorithm is provided to handle imbalanced traffic, and then the GRU neural network based on deep learning theory is used to implement the anomaly detection of traffic. The experimental results evaluated on the NSL-KDD dataset confirm that, compared with the existing state-of-the-art IDMs, the proposed model not only obtains excellent overall detection performance with a low false alarm rate but also more effectively solves the learning problem of imbalanced traffic distribution.

scholarly journals Lightweight Convolutional Neural Network Based Intrusion Detection System

2020 ◽  
pp. 808-817
Author(s):  
Vinh Pham ◽  
◽  
Eunil Seo ◽  
Tai-Myoung Chung
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Detection System ◽  
Image Data ◽  
Training Data ◽  
Deep Packet Inspection ◽  
Detection Model

Identifying threats contained within encrypted network traffic poses a great challenge to Intrusion Detection Systems (IDS). Because traditional approaches like deep packet inspection could not operate on encrypted network traffic, machine learning-based IDS is a promising solution. However, machine learning-based IDS requires enormous amounts of statistical data based on network traffic flow as input data and also demands high computing power for processing, but is slow in detecting intrusions. We propose a lightweight IDS that transforms raw network traffic into representation images. We begin by inspecting the characteristics of malicious network traffic of the CSE-CIC-IDS2018 dataset. We then adapt methods for effectively representing those characteristics into image data. A Convolutional Neural Network (CNN) based detection model is used to identify malicious traffic underlying within image data. To demonstrate the feasibility of the proposed lightweight IDS, we conduct three simulations on two datasets that contain encrypted traffic with current network attack scenarios. The experiment results show that our proposed IDS is capable of achieving 95% accuracy with a reasonable detection time while requiring relatively small size training data.

Generic IP Network Traffic Management from Measurement through Analyses to Simulation

2014 ◽  
pp. 167-192 ◽  
Author(s):  
Seferin Mirtchev ◽  
Constandinos X. Mavromoustakis ◽  
Rossitza Goleva ◽  
Kiril Kassev ◽  
George Mastorakis
Keyword(s):  
Network Traffic ◽  
Traffic Management ◽  
Ip Network
Sign in / Sign up

Export Citation Format

Share Document