scholarly journals Explanation Framework for Intrusion Detection

2020 ◽  
pp. 83-91
Author(s):  
Nadia Burkart ◽  
Maximilian Franz ◽  
Marco F. Huber
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positives ◽  
Human Reasoning ◽  
Malicious Activity ◽  
Specific Policy ◽  
Decision Boundaries

AbstractMachine learning and deep learning are widely used in various applications to assist or even replace human reasoning. For instance, a machine learning based intrusion detection system (IDS) monitors a network for malicious activity or specific policy violations. We propose that IDSs should attach a sufficiently understandable report to each alert to allow the operator to review them more efficiently. This work aims at complementing an IDS by means of a framework to create explanations. The explanations support the human operator in understanding alerts and reveal potential false positives. The focus lies on counterfactual instances and explanations based on locally faithful decision-boundaries.

An intrusion detection system for health-care system using machine and deep learning

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Sagar Pande ◽  
Aditya Khamparia ◽  
Deepak Gupta
Keyword(s):  
Machine Learning ◽  
Health Care ◽  
Deep Learning ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Machine Learning Techniques ◽  
Content Type ◽  
Learning Techniques

Purpose One of the important key components of health care–based system is a reliable intrusion detection system. Traditional techniques are not adequate to handle complex data. Also, the diversified intrusion techniques cannot meet current network requirements. Not only the data is getting increased but also the attacks are increasing very rapidly. Deep learning and machine learning techniques are very trending in the area of research in the area of network security. A lot of work has been done in this area by still evolutionary algorithms along with machine learning is very rarely explored. The purpose of this study is to provide novel deep learning framework for the detection of attacks. Design/methodology/approach In this paper, novel deep learning is the framework is proposed for the detection of attacks. Also, a comparison of machine learning and deep learning algorithms is provided. Findings The obtained results are more than 99% for both the data sets. Research limitations/implications The diversified intrusion techniques cannot meet current network requirements. Practical implications The data is getting increased but also the attacks are increasing very rapidly. Social implications Deep learning and machine learning techniques are very trending in the area of research in the area of network security. Originality/value Novel deep learning is the framework is proposed for the detection of attacks.

scholarly journals Sequential Model Based Intrusion Detection System for IoT Servers Using Deep Learning Methods

Sensors ◽  
2021 ◽  
Vol 21 (4) ◽  
pp. 1113
Author(s):  
Ming Zhong ◽  
Yajin Zhou ◽  
Gang Chen
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Language Processing ◽  
Intrusion Detection System ◽  
Detection System ◽  
Learning Methods ◽  
Sequential Model ◽  
Machine Learning Methods ◽  
Model Based

IoT plays an important role in daily life; commands and data transfer rapidly between the servers and objects to provide services. However, cyber threats have become a critical factor, especially for IoT servers. There should be a vigorous way to protect the network infrastructures from various attacks. IDS (Intrusion Detection System) is the invisible guardian for IoT servers. Many machine learning methods have been applied in IDS. However, there is a need to improve the IDS system for both accuracy and performance. Deep learning is a promising technique that has been used in many areas, including pattern recognition, natural language processing, etc. The deep learning reveals more potential than traditional machine learning methods. In this paper, sequential model is the key point, and new methods are proposed by the features of the model. The model can collect features from the network layer via tcpdump packets and application layer via system routines. Text-CNN and GRU methods are chosen because the can treat sequential data as a language model. The advantage compared with the traditional methods is that they can extract more features from the data and the experiments show that the deep learning methods have higher F1-score. We conclude that the sequential model-based intrusion detection system using deep learning method can contribute to the security of the IoT servers.

scholarly journals Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

2021 ◽  
Author(s):  
Md. Rayhan Ahmed ◽  
salekul Islam ◽  
Swakkhar Shatabda ◽  
A. K. M. Muzahidul Islam ◽  
Md. Towhidul Islam Robin
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Benchmark Datasets ◽  
Comprehensive Survey

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

scholarly journals Intelligent and Effective Intrusion Detection System using Machine Learning Algorithm

2020 ◽  
Vol 9 (6) ◽  
pp. 237-240
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Support Vector ◽  
Machine Learning Algorithm ◽  
Data Set ◽  
Training Time

Intrusion Detection System observes the network traffic and identifies the attack and also inform the admin to corrective action. Powerful Intrusion Detection system is required for detection to various modern attack. There is need of efficient Intrusion Detection system .The focus of IDS research is the application of machine Learning and Deep Learning techniques. Projected work is combination of Deep Learning Technique in which Non Symmetric Deep Auto Encoder and Machine Learning Algorithm, Support Vector Machine Classifier is used to develop the Model. Stack power of the Non symmetric Deep Auto Encoder and Quickness with exactness of the SVM makes the Model very efficient. This Model not only improves the accuracy value but also improve recall and precision. It also cause the reduction of training time .To evaluate the performance of the Model and do the analysis the special Data set which are used are KDD CUP and NSL KDD Dataset.

scholarly journals A Mean Convolutional Layer for Intrusion Detection System

2020 ◽  
Vol 2020 ◽  
pp. 1-16
Author(s):  
Leila Mohammadpour ◽  
T.C. Ling ◽  
C.S. Liew ◽  
Alihossein Aryanfar
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
False Alarm ◽  
Intrusion Detection System ◽  
Detection System ◽  
Internet Applications ◽  
Real World Application ◽  
Network Intrusion ◽  
Proposed Model

The significant development of Internet applications over the past 10 years has resulted in the rising necessity for the information network to be secured. An intrusion detection system is a fundamental network infrastructure defense that must be able to adapt to the ever-evolving threat landscape and identify new attacks that have low false alarm. Researchers have developed several supervised as well as unsupervised methods from the data mining and machine learning disciplines so that anomalies can be detected reliably. As an aspect of machine learning, deep learning uses a neuron-like structure to learn tasks. A successful deep learning technique method is convolution neural network (CNN); however, it is presently not suitable to detect anomalies. It is easier to identify expected contents within the input flow in CNNs, whereas there are minor differences in the abnormalities compared to the normal content. This suggests that a particular method is required for identifying such minor changes. It is expected that CNNs would learn the features that form the characteristic of the content of an image (flow) rather than variations that are unrelated to the content. Hence, this study recommends a new CNN architecture type known as mean convolution layer (CNN-MCL) that was developed for learning the anomalies’ content features and then identifying the particular abnormality. The recommended CNN-MCL helps in designing a strong network intrusion detection system that includes an innovative form of convolutional layer that can teach low-level abnormal characteristics. It was observed that assessing the proposed model on the CICIDS2017 dataset led to favorable results in terms of real-world application regarding detecting anomalies that are highly accurate and have low false-alarm rate as opposed to other best models.

scholarly journals Intrusion Detection System using Machine Learning

2020 ◽  
pp. 61-71
Author(s):  
Jayesh Zala ◽  
Aditya Panchal ◽  
Advait Thakkar ◽  
Bhagirath Prajapati ◽  
Priyanka Puvar
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Machine Learning Technique ◽  
Software Application ◽  
Malicious Activity ◽  
The Past ◽  
Learning Technique

Intrusion Detection System (IDS) is a tool, or software application, that monitors network or system activity and detects malicious activity occurring. The protected evolution of the network must incorporate new threats and related approaches to avoid these threats. The key role of the IDS is to secure resources against the attacks. Several approaches, methods and algorithms of the intrusion detection help to detect a plethora of attacks. The main objective of this paper is to provide a complete system to detect intruding attacks using the Machine Learning technique which identifies the unknown attacks using the past information gained from the known attacks. The paper explains preprocessing techniques, model comparisons for training as well as testing, and evaluation technique.

Machine Learning-Based Early Intrusion Detection System in Industrial LAN Networks Using Honeypots

2021 ◽  
Author(s):  
Abbasgholi Pashaei ◽  
Mohammad Esmaeil Esmaeil Akbari ◽  
‪Mina Zolfy Lighvan ◽  
Asghar Charmin
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positives ◽  
Environmental Damage ◽  
Financial Loss ◽  
Industrial Control ◽  
High Detection Rate ◽  
Industrial Systems

Abstract The emergence of industrial Cyberinfrastructures, the development of information communication technology in industrial fields, and the remote accessibility of automated Industrial Control Systems (ICS) lead to various cyberattacks on industrial networks and Supervisory Control and Data Acquisition (SCADA) networks. The development of ICS industry-specific cybersecurity mechanisms can reduce the vulnerability of systems to fire, explosion, human accidents, environmental damage, and financial loss. Given that vulnerabilities are the points of penetration into industrial systems, and using these weaknesses, threats are organized, and intrusion into industrial systems occurs. Thus, it is essential to continuously improve the security of the networks of industrial control facilities. Traditional intrusion detection systems have been shown to be sluggish and prone to false positives. As a result, these algorithms' performance and speed must be improved. This paper proposes a novel Honeypot enhanced industrial Early Intrusion Detection System (EIDS) incorporated with Machine Learning (ML) algorithms. The proposed scheme collects data from all sensors of Honeypot and industrial devices from the industrial control network, stores it in the database of EIDS, analyses it using expert ML algorithms. The designed system for early intrusion detection can protect industrial systems against vulnerabilities by alerting the shortest possible time using online data mining in the EIDS database. The results show that the proposed EIDS detects anomalous behavior of the data with a high detection rate, low false positives, and better classification accuracy.

Sign in / Sign up

Export Citation Format

Share Document