scholarly journals Generating Abnormal Industrial Control Network Traffic for Intrusion Detection System Testing

2018 ◽  
pp. 265-281 ◽  
Author(s):  
Joo-Yeop Song ◽  
Woomyo Lee ◽  
Jeong-Han Yun ◽  
Hyunjae Park ◽  
Sin-Kyu Kim ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Control Network ◽  
System Testing ◽  
Industrial Control

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

2018 ◽  
Vol 3 (2) ◽  
pp. 93
Author(s):  
Gervais Hatungimana
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Significant Feature ◽  
Features Selection ◽  
Number Of Clusters ◽  
Network Intrusion

 Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and  0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

scholarly journals Intrusion Dataset Over Network Traffic of SDN and TCP/IP Network

2021 ◽  
pp. 694-701
Author(s):  
Karan Shingare ◽  
Rohit Nandurkar ◽  
Prashant Shrivastav ◽  
Shailesh Bendale
Keyword(s):  
Intrusion Detection ◽  
Network Topology ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Host System ◽  
Ip Network ◽  
The World

As the world is moving toward newer technologies and to meet the requirements of the same adapting toward different network topology. SDN is such example of a network which solves many issues or limitations of a traditional TCP/IP network. As majority of workspace is moving towards SDN, many new vulnerabilities are also emerging, and to protect the network and systems on these networks, in this paper we discuss and propose a dataset which would be helpful in training an intrusion detection system over SDN which would also include the intrusion dataset for traditional TCP/IP network too. We generate this data over SDN topology by attacking the host system present in the network, then analyse the generated data using CICFlowmeter which would give us the desired dataset for intrusion detection.

NETWORK TRAFFIC ANOMALIES DETECTION USING AN ENSEMBLE OF CLASSIFIERS

2020 ◽  
pp. 38-46
Author(s):  
S. A. Sakulin ◽  
A. N. Alfimtsev ◽  
K. N. Kvitchenko ◽  
L. Ya. Dobkach ◽  
Yu. A. Kalgin
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Hybrid Approach ◽  
Stochastic Gradient Descent ◽  
Type I ◽  
Network Attacks ◽  
Detection Systems ◽  
Accuracy Increase

Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.

scholarly journals Measurement data intrusion detection in industrial control systems based on unsupervised learning

2021 ◽  
Vol 1 (1) ◽  
pp. 61-74
Author(s):  
Sohrab Mokhtari ◽  
◽  
Kang K Yen
Keyword(s):  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Control Systems ◽  
Intrusion Detection System ◽  
Detection System ◽  
Measurement Data ◽  
Abnormal Behavior ◽  
Learning Models ◽  
Industrial Control ◽  
Industrial Control Systems

<abstract><p>Anomaly detection strategies in industrial control systems mainly investigate the transmitting network traffic called network intrusion detection system. However, The measurement intrusion detection system inspects the sensors data integrated into the supervisory control and data acquisition center to find any abnormal behavior. An approach to detect anomalies in the measurement data is training supervised learning models that can learn to classify normal and abnormal data. But, a labeled dataset consisting of abnormal behavior, such as attacks, or malfunctions is extremely hard to achieve. Therefore, the unsupervised learning strategy that does not require labeled data for being trained can be helpful to tackle this problem. This study evaluates the performance of unsupervised learning strategies in anomaly detection using measurement data in control systems. The most accurate algorithms are selected to train unsupervised learning models, and the results show an accuracy of 98% in stealthy attack detection.</p></abstract>

scholarly journals Anomaly Detection in Distributed Denial of Service Attack using Map Reduce Improvised Counter Based Algorithm in Hadoop

2019 ◽  
Vol 8 (4) ◽  
pp. 4668-4671
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Map Reduce ◽  
Distributed Denial Of Service ◽  
Unusual Pattern ◽  
Denial Of Service Attack

A Distributed denial of Service attacks(DDoS) is one of the major threats in the cyber network and it attacks the computers flooded with the Users Data Gram packet. These types of attacks causes major problem in the network in the form of crashing the system with large volume of traffic to attack the victim and make the victim idle in which not responding the requests. To detect this DDOS attack traditional intrusion detection system is not suitable to handle huge volume of data. Hadoop is a frame work which handles huge volume of data and is used to process the data to find any malicious activity in the data. In this research paper anomaly detection technique is implemented in Map Reduce Algorithm which detects the unusual pattern of data in the network traffic. To design a proposed model, Map Reduce platform is used to hold the improvised algorithm which detects the (DDoS) attacks by filtering and sorting the network traffic and detects the unusual pattern from the network. Improvised Map reduce algorithm is implemented with Map Reduce functionalities at the stage of verifying the network IPS. This Proposed algorithm focuses on the UDP flooding attack using Anomaly based Intrusion detection system technique which detects kind of pattern and flow of packets in the node is more than the threshold and also identifies the source code causing UDP Flood Attack.

scholarly journals DESIGNING RULES TO IMPLEMENT RECONNAISSANCE AND UNAUTHORIZED ACCESS ATTACKS FOR INTRUSION DETECTION SYSTEM

2019 ◽  
Vol 2 (2) ◽  
pp. 25-43
Author(s):  
Subhi A. Mohammed
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Attacks ◽  
Unauthorized Access ◽  
Large Numbers

Abstract- Network attacks are classified according to their objective into three types: Denial of Services (DOS), reconnaissance and unauthorized access. A base signature Intrusion Detection System (IDS) which gives an alarm when the monitor network traffic meets a previously specified set of criteria of attack traffic. This paper will focus on design, compose, and process IDS rules, and then to decide whether that packet is intrusive or not, by examining the signatures of the attacks in both incoming packets headers and payload to networks. Packet sniffer is performs capturing, decoding and reassembling of the network packet traffic, then passes it to the programmed rules. Linux backtrack tools was used to implement an IDS scenario for two types of attacks (Reconnaissance and Unauthorized access). The results show that IDS rules are able to detect large numbers of various attacks.

Sign in / Sign up

Export Citation Format

Share Document