A Lightweight Intrusion Detection System using Benford's Law and Network Flow Size Difference

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Download Full-text

Design of ARP Intrusion Detection System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.539.326 ◽

2014 ◽

Vol 539 ◽

pp. 326-330

Author(s):

Xie Chao Guo

Keyword(s):

Information Technology ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Network Flow ◽

Detection System ◽

Rapid Development ◽

High Security

According to the rapid development of information technology and network flow, ARP intrusion attack from internet is more and more popular, which damages a lot to normal working, especially in some high security demand fields. Therefore, this paper analyzes the principle of ARP intrusion attack, designed the data collect and analyze module of networks, and then developed an ARP intrusion detection system. It shows this system can detect the ARP intrusion correctly and find where the attack occurs.

Download Full-text

A Detailed Analysis of Benchmark Datasets for Network Intrusion Detection System

Asian Journal of Research in Computer Science ◽

10.9734/ajrcos/2021/v7i430185 ◽

2021 ◽

pp. 14-33

Author(s):

Mossa Ghurab ◽

Ghaleb Gaphari ◽

Faisal Alshami ◽

Reem Alshamy ◽

Suad Othman

Keyword(s):

Intrusion Detection ◽

Detailed Analysis ◽

Intrusion Detection System ◽

Network Flow ◽

Detection System ◽

Attack Detection ◽

Network Intrusion Detection ◽

Detection Techniques ◽

Network Intrusion ◽

Network Intrusion Detection System

The enormous increase in the use of the Internet in daily life has provided an opportunity for the intruder attempt to compromise the security principles of availability, confidentiality, and integrity. As a result, organizations are working to increase the level of security by using attack detection techniques such as Network Intrusion Detection System (NIDS), which monitors and analyzes network flow and attacks detection. There are a lot of researches proposed to develop the NIDS and depend on the dataset for the evaluation. Datasets allow evaluating the ability in detecting intrusion behavior. This paper introduces a detailed analysis of benchmark and recent datasets for NIDS. Specifically, we describe eight well-known datasets that include: KDD99, NSL-KDD, KYOTO 2006+, ISCX2012, UNSW-NB 15, CIDDS-001, CICIDS2017, and CSE-CIC-IDS2018. For each dataset, we provide a detailed analysis of its instances, features, classes, and the nature of the features. The main objective of this paper is to offer overviews of the datasets are available for the NIDS and what each dataset is comprised of. Furthermore, some recommendations were made to use network-based datasets.

Download Full-text