The Architecture of Host-based Intrusion Detection Model Generation System for the Frequency Per System Call

2006 ◽  
Author(s):  
Seung-hyun Paek ◽  
Yoon-keun Oh ◽  
Joobeom Yun ◽  
Do-hoon Lee
Keyword(s):  
Intrusion Detection ◽  
Model Generation ◽  
System Call ◽  
Generation System ◽  
Detection Model

Research on Dynamic Intrusion Detection Model Based on Risk Coefficient

2010 ◽  
Vol 129-131 ◽  
pp. 124-127 ◽  
Author(s):  
Zheng Wei ◽  
Jun Yi Hou ◽  
Hua Tan ◽  
Guang Nan Guo
Keyword(s):  
Intrusion Detection ◽  
Detection Method ◽  
System Call ◽  
Security Technology ◽  
Detection Model ◽  
Risk Coefficient ◽  
Detection Technology ◽  
System Risk ◽  
Effectiveness And Efficiency ◽  
Definition Of

Intrusion detection technology is a kind of network security technology that can protect system from attacks. Based on the definition of system call risk coefficient, the paper brought out a system risk coefficient based dynamic intrusion detection model. Using the model, the drawbacks of traditional intrusion detection method based on system call was solved, which speeds up detection process and decreased false rate and error rate. It can also effectively identify error operations or users. The experiment result also proves the effectiveness and efficiency of the method.

Real-Time Intrusion Detection Based on System Call and ARTIS Model

2014 ◽  
Vol 926-930 ◽  
pp. 3157-3160
Author(s):  
Zhan Huang ◽  
Yu Ying Jiang ◽  
Lu Bin Li
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Methods ◽  
System Call ◽  
Detection Model ◽  
Fixed Length ◽  
Computer Intrusion Detection ◽  
Abnormal Behaviors

The main purpose of a computer intrusion detection system is to accurately distinguish between self and non-self. A novel intrusion detection model based on ARTIS model is proposed by introducing the Red Flower and Green Leaf concepts, and by coordinated use of RF variable length and GL fixed length detectors. Intrusion detection methods are optimized to ensure the quick detection of abnormal behaviors making the model more suitable for real-time intrusion detection and more accurately to distinguish between self-and non-self.

scholarly journals Improvement of the Classification Performance of an Intrusion Detection Model for Rare and Unknown Attack Traffic

Electronics ◽  
2021 ◽  
Vol 10 (18) ◽  
pp. 2268
Author(s):  
Sangsoo Han ◽  
Youngwon Kim ◽  
Soojin Lee
Keyword(s):  
Intrusion Detection ◽  
Classification Performance ◽  
Training Dataset ◽  
Validation Dataset ◽  
Model Generation ◽  
Traffic Classification ◽  
Classification Models ◽  
Test Dataset ◽  
Data Imbalance ◽  
Detection Model

How to deal with rare and unknown data in traffic classification has a decisive influence on classification performance. Rare data make it difficult to generate validation datasets to prevent overfitting, and unknown data interferes with learning and degrades the performance of the model. This paper presents a model generation method that accurately classifies rare data and new types of attacks, and does not result in overfitting. First, we use oversampling methods to solve the data imbalance caused by rare data. We separate the test dataset into a training dataset and a validation dataset. A model is created using separate training and validation datasets. Furthermore, the test dataset is used only for evaluating the performance capabilities of classification models, in order to make the test dataset independent of learning. We also use a softmax function that numerically indicates the probability that the model’s predictive results are accurate in detecting new, unknown attacks. Consequently, when applying the proposed method to the NSL_KDD dataset, the accuracy is 91.66%—an improvement of 6–16% compared to existing methods.

scholarly journals Detecting cybersecurity attacks across different network features and learners

2021 ◽  
Vol 8 (1) ◽  
Author(s):  
Joffrey L. Leevy ◽  
John Hancock ◽  
Richard Zuech ◽  
Taghi M. Khoshgoftaar
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Operating Characteristic ◽  
Characteristic Curve ◽  
Machine Learning Algorithms ◽  
Feature Selection Technique ◽  
Impact Performance ◽  
Detection Model ◽  
Wide Range ◽  
Research Questions

AbstractMachine learning algorithms efficiently trained on intrusion detection datasets can detect network traffic capable of jeopardizing an information system. In this study, we use the CSE-CIC-IDS2018 dataset to investigate ensemble feature selection on the performance of seven classifiers. CSE-CIC-IDS2018 is big data (about 16,000,000 instances), publicly available, modern, and covers a wide range of realistic attack types. Our contribution is centered around answers to three research questions. The first question is, “Does feature selection impact performance of classifiers in terms of Area Under the Receiver Operating Characteristic Curve (AUC) and F1-score?” The second question is, “Does including the Destination_Port categorical feature significantly impact performance of LightGBM and Catboost in terms of AUC and F1-score?” The third question is, “Does the choice of classifier: Decision Tree (DT), Random Forest (RF), Naive Bayes (NB), Logistic Regression (LR), Catboost, LightGBM, or XGBoost, significantly impact performance in terms of AUC and F1-score?” These research questions are all answered in the affirmative and provide valuable, practical information for the development of an efficient intrusion detection model. To the best of our knowledge, we are the first to use an ensemble feature selection technique with the CSE-CIC-IDS2018 dataset.

Sign in / Sign up

Export Citation Format

Share Document