The effect of probe interval estimation on attack detection performance of a WLAN independent intrusion detection system

This paper first engine starting defense from Intrusion Detection, Intrusion detection engine analyzes the hardware platform, the overall structure of the technology and the design of the overall structure of the plug, which on the whole structure from intrusion defense systems were designed; then described in detail improved DDOS attack detection algorithm design thesis, and the design of anomaly detection algorithms.

Download Full-text

HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System

Processes ◽

10.3390/pr9050834 ◽

2021 ◽

Vol 9 (5) ◽

pp. 834

Author(s):

Muhammad Ashfaq Khan

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Recurrent Neural Network ◽

Intrusion Detection System ◽

Detection System ◽

Attack Detection ◽

Network Intrusion Detection ◽

Complex Nature ◽

Network Intrusion ◽

Network Intrusion Detection System

Nowadays, network attacks are the most crucial problem of modern society. All networks, from small to large, are vulnerable to network threats. An intrusion detection (ID) system is critical for mitigating and identifying malicious threats in networks. Currently, deep learning (DL) and machine learning (ML) are being applied in different domains, especially information security, for developing effective ID systems. These ID systems are capable of detecting malicious threats automatically and on time. However, malicious threats are occurring and changing continuously, so the network requires a very advanced security solution. Thus, creating an effective and smart ID system is a massive research problem. Various ID datasets are publicly available for ID research. Due to the complex nature of malicious attacks with a constantly changing attack detection mechanism, publicly existing ID datasets must be modified systematically on a regular basis. So, in this paper, a convolutional recurrent neural network (CRNN) is used to create a DL-based hybrid ID framework that predicts and classifies malicious cyberattacks in the network. In the HCRNNIDS, the convolutional neural network (CNN) performs convolution to capture local features, and the recurrent neural network (RNN) captures temporal features to improve the ID system’s performance and prediction. To assess the efficacy of the hybrid convolutional recurrent neural network intrusion detection system (HCRNNIDS), experiments were done on publicly available ID data, specifically the modern and realistic CSE-CIC-DS2018 data. The simulation outcomes prove that the proposed HCRNNIDS substantially outperforms current ID methodologies, attaining a high malicious attack detection rate accuracy of up to 97.75% for CSE-CIC-IDS2018 data with 10-fold cross-validation.

Download Full-text

Application of Deep Learning Technique in an Intrusion Detection System

International Journal of Computational Intelligence and Applications ◽

10.1142/s1469026820500169 ◽

2020 ◽

Vol 19 (02) ◽

pp. 2050016

Author(s):

Shideh Saraeian ◽

Mahya Mohammadi Golchi

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Visual Analysis ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Hybrid Network ◽

Machine Learning Techniques ◽

Learning Technique

Comprehensive development of computer networks causes the increment of Distributed Denial of Service (DDoS) attacks. These types of attacks can easily restrict communication and computing. Among all the previous researches, the accuracy of the attack detection has not been properly addressed. In this study, deep learning technique is used in a hybrid network-based Intrusion Detection System (IDS) to detect intrusion on network. The performance of the proposed technique is evaluated on the NSL-KDD and ISCXIDS 2012 datasets. We performed traffic visual analysis using Wireshark tool and did some experimentations to prove the superiority of the proposed method. The results have shown that our proposed method achieved higher accuracy in comparison with other useful machine learning techniques.

Download Full-text

Deep Learning Based Attack Detection in IIoT using Two-Level Intrusion Detection System

10.21203/rs.3.rs-997888/v1 ◽

2021 ◽

Author(s):

Kathiroli Raja ◽

Krithika Karthikeyan ◽

Abilash B ◽

Kapal Dev ◽

Gunasekaran Raja

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Production Management ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Sensitive Information ◽

Smart Meters ◽

Network Intrusion

Abstract The Industrial Internet of Things (IIoT), also known as Industry 4.0, has brought a revolution in the production and manufacturing sectors as it assists in the automation of production management and reduces the manual effort needed in auditing and managing the pieces of machinery. IoT-enabled industries, in general, use sensors, smart meters, and actuators. Most of the time, the data held by these devices is surpassingly sensitive and private. This information might be modified, 1 stolen, or even the devices may be subjected to a Denial of Service (DoS) attack. As a consequence, the product quality may deteriorate or sensitive information may be leaked. An Intrusion Detection System (IDS), implemented in the network layer of IIoT, can detect attacks, thereby protecting the data and devices. Despite substantial advancements in attack detection in IIoT, existing works fail to detect certain attacks obfuscated from detectors resulting in a low detection performance. To address the aforementioned issue, we propose a Deep Learning-based Two Level Network Intrusion Detection System (DLTL-NIDS) for IIoT environment, emphasizing challenging attacks. The attacks that attain low accuracy or low precision in level-1 detection are marked as challenging attacks. Experimental results show that the proposed model, when tested against TON IoT, figures out the challenging attacks well and achieves an accuracy of 99.97%, precision of 95.62%, recall of 99.5%, and F1-score of 99.65%. The proposed DL-TLNIDS, when compared with state-of-art models, achieves a decrease in false alarm rate to 2.34% (flagging normal traffic as an attack) in IIoT.

Download Full-text

Building attack detection system base on machine learning

Global Journal of Engineering and Technology Advances ◽

10.30574/gjeta.2021.6.2.0010 ◽

2021 ◽

Vol 6 (2) ◽

pp. 018-032

Author(s):

Rasha Thamer Shawe ◽

Kawther Thabt Saleh ◽

Farah Neamah Abbas

Keyword(s):

Data Mining ◽

Support Vector Machine ◽

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Attack Detection ◽

Support Vector ◽

Data Set ◽

Kdd Cup 99

These days, security threats detection, generally discussed to as intrusion, has befitted actual significant and serious problem in network, information and data security. Thus, an intrusion detection system (IDS) has befitted actual important element in computer or network security. Avoidance of such intrusions wholly bases on detection ability of Intrusion Detection System (IDS) which productions necessary job in network security such it identifies different kinds of attacks in network. Moreover, the data mining has been playing an important job in the different disciplines of technologies and sciences. For computer security, data mining are presented for serving intrusion detection System (IDS) to detect intruders accurately. One of the vital techniques of data mining is characteristic, so we suggest Intrusion Detection System utilizing data mining approach: SVM (Support Vector Machine). In suggest system, the classification will be through by employing SVM and realization concerning the suggested system efficiency will be accomplish by executing a number of experiments employing KDD Cup’99 dataset. SVM (Support Vector Machine) is one of the best distinguished classification techniques in the data mining region. KDD Cup’99 data set is utilized to execute several investigates in our suggested system. The experimental results illustration that we can decrease wide time is taken to construct SVM model by accomplishment suitable data set pre-processing. False Positive Rate (FPR) is decrease and Attack detection rate of SVM is increased .applied with classification algorithm gives the accuracy highest result. Implementation Environment Intrusion detection system is implemented using Mat lab 2015 programming language, and the examinations have been implemented in the environment of Windows-7 operating system mat lab R2015a, the processor: Core i7- Duo CPU 2670, 2.5 GHz, and (8GB) RAM.

Download Full-text

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

Download Full-text

DNA Encoding for Misuse Intrusion Detection System based on UNSW-NB15 Data Set

Iraqi Journal of Science ◽

10.24996/ijs.2020.61.12.29 ◽

2020 ◽

pp. 3408-3416

Author(s):

Omar Fitian Rashid

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Attack Detection ◽

High Rate ◽

Dna Encoding ◽

Data Set ◽

Detection Rates ◽

Detection Systems ◽

Threat Environment

Recent researches showed that DNA encoding and pattern matching can be used for the intrusion-detection system (IDS), with results of high rate of attack detection. The evaluation of these intrusion detection systems is based on datasets that are generated decades ago. However, numerous studies outlined that these datasets neither inclusively reflect the network traffic, nor the modern low footprint attacks, and do not cover the current network threat environment. In this paper, a new DNA encoding for misuse IDS based on UNSW-NB15 dataset is proposed. The proposed system is performed by building a DNA encoding for all values of 49 attributes. Then attack keys (based on attack signatures) are extracted and, finally, Raita algorithm is applied to classify records, either attacks or normal, based on the extracted keys. The results of the current experiment showed that the proposed system achieved good detection rates for all of attacks, which included the Analysis, Backdoor, DoS, Exploits, Fuzzers, Generic, Reconnaissance, Shellcode, and Worms, with values of 82.56%, 92.68%, 75.59%, 75.42%, 67%, 99.28%, 81.02%, 73.6%, 85%, and 90.91%, respectively. The values of false alarm rate and accuracy were equal to 24% and 89.05%, respectively. Also, the execution time for the proposed system was found to be short, where the values of the encoding time and matching time for one record were 0.45 and 0.002 second, respectively.

Download Full-text

Design Of Intrusion Detection System For Dos Attack In 6lowpan And RPL Based IoT Network

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k2288.0981119 ◽

2019 ◽

Vol 8 (11) ◽

pp. 3840-3844

Keyword(s):

Intrusion Detection ◽

Low Power ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Area Network ◽

Dos Attack ◽

Resource Constrained ◽

Ipv6 Protocol

Internet of Things (IoT) is a network spread globally and accommodates maximum things under it. All these things are connected globally using IPv6 protocol which satisfies the need of connecting maximum devices by supporting 2^128 addresses. Because of heavy-weight nature of IPv6 protocol, a compressed version of it known as IPv6 Low Power Personal Area Network (6LoWPAN) protocol is used for a resource-constrained network that communicates over low power and lossy links. In IoT, devices are resource-constrained in terms of low battery power, less processing power, less transceiver power, etc. Also these devices are directly connected to insecure internet hence it is very challenging to maintain security in IoT network. In this paper, we have discussed various attacks on 6LoWPAN and RPL network along with countermeasures to reduce the attacks. DoS attack is one of the severe attacks in IoT which has various patterns of execution. Out of various attacks we have designed Intrusion Detection System (IDS) for Denial of Service (DOS) attack detection using Contiki OS and Cooja simulator.

Download Full-text

I2DS: Interpretable Intrusion Detection System Using Autoencoder and Additive Tree

Security and Communication Networks ◽

10.1155/2021/5564354 ◽

2021 ◽

Vol 2021 ◽

pp. 1-9

Author(s):

Wenfeng Xu ◽

Yongxian Fan ◽

Changyong Li

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Predictive Performance ◽

Detection Performance ◽

Detection Methods ◽

Detection Accuracy ◽

Learning Models ◽

Model Based ◽

Additive Tree

Intrusion detection system (IDS), the second security gate behind the firewall, can monitor the network without affecting the network performance and ensure the system security from the internal maximum. Many researches have applied traditional machine learning models, deep learning models, or hybrid models to IDS to improve detection effect. However, according to Predicted accuracy, Descriptive accuracy, and Relevancy (PDR) framework, most of detection models based on model-based interpretability lack good detection performance. To solve the problem, in this paper, we have proposed a novel intrusion detection system model based on model-based interpretability, called Interpretable Intrusion Detection System (I2DS). We firstly combine normal and attack samples reconstructed by AutoEncoder (AE) with training samples to highlight the normal and attack features, so that the classifier has a gorgeous effect. Then, Additive Tree (AddTree) is used as a binary classifier, which can provide excellent predictive performance in the combined dataset while maintaining good model-based interpretability. In the experiment, UNSW-NB15 dataset is used to evaluate our proposed model. For detection performance, I2DS achieves a detection accuracy of 99.95%, which is better than most of state-of-the-art intrusion detection methods. Moreover, I2DS maintains higher simulatability and captures the decision rules easily.

Download Full-text

A Dual Attack Detection Technique to Identify Black and Gray Hole Attacks Using an Intrusion Detection System and a Connected Dominating Set in MANETs

Future Internet ◽

10.3390/fi11030061 ◽

2019 ◽

Vol 11 (3) ◽

pp. 61 ◽

Cited By ~ 7

Author(s):

Zulfiqar Ali Zardari ◽

Jingsha He ◽

Nafei Zhu ◽

Khalid Mohammadani ◽

Muhammad Pathan ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Ad Hoc ◽

Detection System ◽

Dominating Set ◽

Attack Detection ◽

Connected Dominating Set ◽

Malicious Nodes ◽

Mobile Ad Hoc ◽

Behavioral Information

A mobile ad-hoc network (MANET) is a temporary network of wireless mobile nodes. In a MANET, it is assumed that all of the nodes cooperate with each other to transfer data packets in a multi-hop fashion. However, some malicious nodes don’t cooperate with other nodes and disturb the network through false routing information. In this paper, we propose a prominent technique, called dual attack detection for black and gray hole attacks (DDBG), for MANETs. The proposed DDBG technique selects the intrusion detection system (IDS) node using the connected dominating set (CDS) technique with two additional features; the energy and its nonexistence in the blacklist are also checked before putting the nodes into the IDS set. The CDS is an effective, distinguished, and localized approach for detecting nearly-connected dominating sets of nodes in a small range in mobile ad hoc networks. The selected IDS nodes broadcast a kind of status packet within a size of the dominating set for retrieving the complete behavioral information from their nodes. Later, IDS nodes use our DDBG technique to analyze the collected behavioral information to detect the malicious nodes and add them to the blacklist if the behavior of the node is suspicious. Our experimental results show that the quality of the service parameters of the proposed technique outperforms the existing routing schemes.

Download Full-text