Survey of Network Intrusion Detection Methods From the Perspective of the Knowledge Discovery in Databases Process

Cybersecurity is an arms race, with both the security and the adversaries attempting to outsmart one another, coming up with new attacks, new ways to defend against those attacks, and again with new ways to circumvent those defences. This situation creates a constant need for novel, realistic cybersecurity datasets. This paper introduces the effects of using machine-learning-based intrusion detection methods in network traffic coming from a real-life architecture. The main contribution of this work is a dataset coming from a real-world, academic network. Real-life traffic was collected and, after performing a series of attacks, a dataset was assembled. The dataset contains 44 network features and an unbalanced distribution of classes. In this work, the capability of the dataset for formulating machine-learning-based models was experimentally evaluated. To investigate the stability of the obtained models, cross-validation was performed, and an array of detection metrics were reported. The gathered dataset is part of an effort to bring security against novel cyberthreats and was completed in the SIMARGL project.

Download Full-text

Intrusion Detection Using Few-shot Learning Based on Triplet Graph Convolutional Network

Journal of Web Engineering ◽

10.13052/jwe1540-9589.2059 ◽

2021 ◽

Author(s):

Yue Wang ◽

Yiming Jiang ◽

Julong Lan

Keyword(s):

Intrusion Detection ◽

Small Sample ◽

Detection Methods ◽

Small Samples ◽

Network Intrusion Detection ◽

Graph Structure ◽

Convolutional Network ◽

Status Monitoring ◽

Network Intrusion ◽

As Graph

Machine learning and deep learning methods have been widely used in network intrusion detection, most of which are supervised intrusion detection methods, which need to train a lot of marked data. However, in some cases, a small amount of exception data is hidden in a large amount of exception data, making methods that require a large amount of the same markup data to learn features invalid. In order to solve this problem, this paper proposes an innovative method of small sample network intrusion detection. The innovation point is that network data is modeled as graph structure to effectively mine the correlation features between data samples, and by comparing the distance similarity, the triplet network structure is used to detect anomalies. The triplet network is composed of triplet graph convolutional neural network which shares the same parameters and is trained by providing triplet samples to the network. Experiments on network traffic datasets CSE-CIC-IDS2018 and UNSW-NB15 as well as system status monitoring datasets verify the effectiveness of the proposed method in network intrusion detection of small samples.

Download Full-text

Application of Representation Learning based Chronological Modeling for Network Intrusion Detection

International Journal of Information Security and Privacy ◽

10.4018/ijisp.291701 ◽

2022 ◽

Vol 16 (1) ◽

pp. 0-0

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Representation Learning ◽

Detection Methods ◽

Network Intrusion Detection ◽

Moving Averages ◽

Malicious Activity ◽

Network Intrusion ◽

Individual Observation

An autoencoder has the potential to overcome the limitations of current intrusion detection methods by recognizing benign user activity rather than differentiating between benign and malicious activity. However, the line separating them is quite blurry with a significant overlap. The first part of this study aims to investigate the rationale behind this overlap. The results suggest that although a subset of traffic cannot be separated without labels, timestamps have the potential to be leveraged for identification of activity that does not conform to the normal or expected behavior of the network. The second part aims to eliminate dependence on visual-inspections by exploring automation. The trend of errors for HTTP traffic was modeled chronologically using resampled data and moving averages. This model successfully identified attacks that had orchestrated over HTTP within their respective time slots. These results support the hypothesis that it is technically feasible to build an anomaly-based intrusion detection system where each individual observation need not be categorized.

Download Full-text

LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection

Electronics ◽

10.3390/electronics9050800 ◽

2020 ◽

Vol 9 (5) ◽

pp. 800 ◽

Cited By ~ 2

Author(s):

Robertas Damasevicius ◽

Algimantas Venckauskas ◽

Sarunas Grigaliunas ◽

Jevgenijus Toldinas ◽

Nerijus Morkevicius ◽

...

Keyword(s):

Intrusion Detection ◽

Real World ◽

Network Traffic ◽

Network Flow ◽

Detection Methods ◽

Network Intrusion Detection ◽

Clustering Methods ◽

Modern Computer ◽

Network Intrusion ◽

Flow Features

Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent efforts, there is still a lack of real-world network-based datasets which can capture modern network traffic cases and provide examples of many different types of network attacks and intrusions. To alleviate this need, we present LITNET-2020, a new annotated network benchmark dataset obtained from the real-world academic network. The dataset presents real-world examples of normal and under-attack network traffic. We describe and analyze 85 network flow features of the dataset and 12 attack types. We present the analysis of the dataset features by using statistical analysis and clustering methods. Our results show that the proposed feature set can be effectively used to identify different attack classes in the dataset. The presented network dataset is made freely available for research purposes.

Download Full-text

Network Intrusion Detection Methods Based on Deep Learning

Recent Patents on Engineering ◽

10.2174/1872212114999200403092708 ◽

2020 ◽

Vol 14 ◽

Author(s):

Xiangwen Li ◽

Shuang Zhang

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

False Positive Rate ◽

Detection Algorithm ◽

Detection Methods ◽

Network Intrusion Detection ◽

Test Time ◽

Data Set ◽

Network Intrusion ◽

Kdd Cup 99

: To detect network attacks more effectively, this study uses Honeypot techniques to collect the latest network attack data and proposes network intrusion detection classification models based on deep learning combined with DNN and LSTM models. Experiments showed that the data set training models gave better results than the KDD CUP 99 training model’s detection rate and false positive rate. The DNN-LSTM intrusion detection algorithm proposed in this study gives better results than KDD CUP 99 training model. Compared to other algorithms such as LeNet, DNN-LSTM intrusion detection algorithm exhibits shorter classification test time along with better accuracy and recall rate of intrusion detection.

Download Full-text

Design of a Network Intrusion Detection System Using Complex Deep Neuronal Networks

International Journal of Communication Networks and Information Security (IJCNIS) ◽

10.54039/ijcnis.v13i3.5148 ◽

2021 ◽

Vol 13 (3) ◽

Author(s):

Mohammed Abdulhammed Al-Shabi

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Neuronal Networks ◽

Detection System ◽

Machine Learning Algorithms ◽

Detection Methods ◽

Network Intrusion Detection ◽

Detection Accuracy ◽

Network Intrusion ◽

Network Intrusion Detection System

Recent years have witnessed a tremendous development in various scientific and industrial fields. As a result, different types of networks are widely introduced which are vulnerable to intrusion. In view of the same, numerous studies have been devoted to detecting all types of intrusion and protect the networks from these penetrations. In this paper, a novel network intrusion detection system has been designed to detect cyber-attacks using complex deep neuronal networks. The developed system is trained and tested on the standard dataset KDDCUP99 via pycharm program. Relevant to existing intrusion detection methods with similar deep neuronal networks and traditional machine learning algorithms, the proposed detection system achieves better results in terms of detection accuracy.

Download Full-text

A formal assessment of anomaly network intrusion detection methods and techniques using various datasets

2015 International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT) ◽

10.1109/icatcct.2015.7456894 ◽

2015 ◽

Author(s):

Sunil M. Sangve ◽

Ravindra Thool

Keyword(s):

Intrusion Detection ◽

Detection Methods ◽

Network Intrusion Detection ◽

Formal Assessment ◽

Network Intrusion ◽

Methods And Techniques

Download Full-text

Sistem Pendeteksian Penyusupan Jaringan Komputer dengan Active Response Menggunakan Metode Hybrid Intrusion Detection

10.31219/osf.io/83bes ◽

2020 ◽

Author(s):

afdhal

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Current System ◽

Internet Technology ◽

Network Activity ◽

Detection Methods ◽

Network Intrusion Detection ◽

Active Response ◽

Network Intrusion

ABSTRACTCurrent network intrusion detection systems are generally able to detect various types of attacks but are unable to take further action. In addition the current system does not have interactivity with the administrator when the administrator is not administering the system. This is an ineffective matter especially when the system is in critical condition. This research will be designed and implemented a network intrusion detection system that has the ability to detect suspicious network activity, take further countermeasures.The progress of internet technology increase the need of security data. The progress of tools which have intrusion ability, also influence these needed. The methods of Intrusion Detection System (IDS) implementation and methods of analyze intrusion have excess and lack, which mutually completes. There are a lot of IDS now, but just an IDS open source based is snort. Method of snort implementation is network based restricted. This FinalTask’s system used Hybrid Intrusion Detection System, Signatures and Anomaly Detection Methods. The indicator which used to detect intrusion are IP Address and Port Number. This system use TCP, UDP and ICMP protocols. This system also, is completed by active response, like blocking access for intruder. This System Implementation with Java Programming Language for engine perform and Java Server Pages (JSP) to develop user interface, The database which used is MYSQL. There are two of development test; Link system test and intrusion test. The link system test show the connect each interface. Intrusion is executed by host detection which used DoS HTTP tools and network detection which used Ping of Death’s scripts. The intrusion testing conclusions are; can be detected, analyze and active response for intrusion..

Download Full-text