Alert Correlation for Detecting Cyber-Manufacturing Attacks and Intrusions

2019 ◽  
Vol 20 (1) ◽  
Author(s):  
Mingtao Wu ◽  
Young B. Moon
Keyword(s):  
Intrusion Detection System ◽  
Manufacturing System ◽  
Detection System ◽  
Correlation Method ◽  
Detection Accuracy ◽  
Physical Domain ◽  
Alert Correlation ◽  
Fully Integrated ◽  
Manufacturing Operations ◽  
Smart Factories

Abstract Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.

scholarly journals Feature Selection Models Based on Hybrid Firefly Algorithm with Mutation Operator for Network Intrusion Detection

2021 ◽  
Vol 14 (1) ◽  
pp. 192-202
Author(s):  
Karrar Alwan ◽  
◽  
Ahmed AbuEl-Atta ◽  
Hala Zayed ◽  
◽  
...  
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Firefly Algorithm ◽  
Detection System ◽  
Binary Classification ◽  
Feature Reduction ◽  
Detection Accuracy ◽  
Multi Classification ◽  
Modified Firefly Algorithm

Accurate intrusion detection is necessary to preserve network security. However, developing efficient intrusion detection system is a complex problem due to the nonlinear nature of the intrusion attempts, the unpredictable behaviour of network traffic, and the large number features in the problem space. Hence, selecting the most effective and discriminating feature is highly important. Additionally, eliminating irrelevant features can improve the detection accuracy as well as reduce the learning time of machine learning algorithms. However, feature reduction is an NPhard problem. Therefore, several metaheuristics have been employed to determine the most effective feature subset within reasonable time. In this paper, two intrusion detection models are built based on a modified version of the firefly algorithm to achieve the feature selection task. The first and, the second models have been used for binary and multiclass classification, respectively. The modified firefly algorithm employed a mutation operation to avoid trapping into local optima through enhancing the exploration capabilities of the original firefly. The significance of the selected features is evaluated using a Naïve Bayes classifier over a benchmark standard dataset, which contains different types of attacks. The obtained results revealed the superiority of the modified firefly algorithm against the original firefly algorithm in terms of the classification accuracy and the number of selected features under different scenarios. Additionally, the results assured the superiority of the proposed intrusion detection system against other recently proposed systems in both binary classification and multi-classification scenarios. The proposed system has 96.51% and 96.942% detection accuracy in binary classification and multi-classification, respectively. Moreover, the proposed system reduced the number of attributes from 41 to 9 for binary classification and to 10 for multi-classification.

scholarly journals A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks

Electronics ◽  
2019 ◽  
Vol 8 (11) ◽  
pp. 1210 ◽  
Author(s):  
Khraisat ◽  
Gondal ◽  
Vamplew ◽  
Kamruzzaman ◽  
Alazab
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Support Vector ◽  
Detection Accuracy ◽  
Lower False Positive Rate ◽  
Positive Rate ◽  
Iot Devices

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

scholarly journals A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Dhanalakshmi Krishnan Sadhasivan ◽  
Kannapiran Balasubramanian
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Accuracy ◽  
The Real ◽  
Common Path ◽  
Research Areas ◽  
Water Pipeline ◽  
Active Research

Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.

scholarly journals HTBIDS: Hybrid Trust Based Intrusion Detection System for Physical Layer in WSN

2021 ◽  
Vol 10 (1) ◽  
pp. 49-53
Keyword(s):  
Wireless Sensor Network ◽  
Intrusion Detection ◽  
Sensor Network ◽  
Intrusion Detection System ◽  
Detection System ◽  
Physical Layer ◽  
Wireless Sensor ◽  
Network Communication ◽  
Detection Accuracy ◽  
Jamming Attack

In recent years, wireless sensor network (WSN) is the measure concern over network communication. A number of attacks are occurred at the time of network communication as result it hampers the smooth functionality, data flow and data transmission. In this article, we have proposed a trust-based intrusion detection system for physical layers attacks using DRI and Cross Check method. The HTBIDS is effective method to identify the abnormal nodes in wireless sensor network. The abnormal nodes are attacked by periodic jamming attack. We have considered the periodic jamming attack at physical layer for performance evaluation. Results show that HTBIDS performs better using detection accuracy (DA) and false alarm rate (FAR).

scholarly journals I2DS: Interpretable Intrusion Detection System Using Autoencoder and Additive Tree

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Wenfeng Xu ◽  
Yongxian Fan ◽  
Changyong Li
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Predictive Performance ◽  
Detection Performance ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Learning Models ◽  
Model Based ◽  
Additive Tree

Intrusion detection system (IDS), the second security gate behind the firewall, can monitor the network without affecting the network performance and ensure the system security from the internal maximum. Many researches have applied traditional machine learning models, deep learning models, or hybrid models to IDS to improve detection effect. However, according to Predicted accuracy, Descriptive accuracy, and Relevancy (PDR) framework, most of detection models based on model-based interpretability lack good detection performance. To solve the problem, in this paper, we have proposed a novel intrusion detection system model based on model-based interpretability, called Interpretable Intrusion Detection System (I2DS). We firstly combine normal and attack samples reconstructed by AutoEncoder (AE) with training samples to highlight the normal and attack features, so that the classifier has a gorgeous effect. Then, Additive Tree (AddTree) is used as a binary classifier, which can provide excellent predictive performance in the combined dataset while maintaining good model-based interpretability. In the experiment, UNSW-NB15 dataset is used to evaluate our proposed model. For detection performance, I2DS achieves a detection accuracy of 99.95%, which is better than most of state-of-the-art intrusion detection methods. Moreover, I2DS maintains higher simulatability and captures the decision rules easily.

scholarly journals An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

2021 ◽  
Vol 13 (18) ◽  
pp. 10057
Author(s):  
Imran ◽  
Faisal Jamil ◽  
Dohyeun Kim
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Accuracy ◽  
Learning Mechanism ◽  
Detection Systems ◽  
Network Applications ◽  
Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

scholarly journals A Novel Hybrid Intrusion Detection System (IDS) for the Detection of Internet of Things (IoT) Network Attacks

2020 ◽  
Vol 4 (5) ◽  
pp. 61-74
Author(s):  
Rabie A. Ramadan ◽  
Kusum Yadav
Keyword(s):  
Neural Network ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Selection Process ◽  
Detection Accuracy ◽  
Iot Security ◽  
Shuffled Frog Leaping

Nowadays, IoT has been widely used in different applications to improve the quality of life. However, the IoT becomes increasingly an ideal target for unauthorized attacks due to its large number of objects, openness, and distributed nature. Therefore, to maintain the security of IoT systems, there is a need for an efficient Intrusion Detection System (IDS). IDS implements detectors that continuously monitor the network traffic. There are various IDs methods proposed in the literature for IoT security. However, the existing methods had the disadvantages in terms of detection accuracy and time overhead. To enhance the IDS detection accuracy and reduces the required time, this paper proposes a hybrid IDS system where a pre-processing phase is utilized to reduce the required time and feature selection as well as the classification is done in a separate stage. The feature selection process is done by using the Enhanced Shuffled Frog Leaping (ESFL) algorithm and the selected features are classified using Light Convolutional Neural Network with Gated Recurrent Neural Network (LCNN-GRNN) algorithm. This two-stage method is compared to up-to-date methods used for intrusion detection and it over performs them in terms of accuracy and running time due to the light processing required by the proposed method.

scholarly journals Intrusion detection system based on machine learning techniques

2021 ◽  
Vol 23 (2) ◽  
pp. 953
Author(s):  
Musaab Riyadh ◽  
Dina Riadh Alshibani
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Special Kind ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
Detection Accuracy ◽  
K Nearest Neighbor ◽  
Data Set ◽  
Malicious Activity

Recently, the data flow over the internet has exponentially increased due to the massive growth of computer networks connected to it. Some of these data can be classified as a malicious activity which cannot be captured by firewalls and anti-malwares. Due to this, the intrusion detection systems are urgent need in order to recognize malicious activity to keep data integrity and availability. In this study, an intrusion detection system based on cluster feature concepts and KNN classifier has been suggested to handle the various challenges issues in data such as in complete data, mixed-type and noise data. To streng then the proposed system a special kind of patterns similarity measures are supported to deal with these types of challenges. The experimental results show that the classification accuracy of the suggested system is better than K-nearest neighbor (KNN) and support vector machine classifiers when processing incomplete data set, inspite of droping down the overall detection accuracy.

Sign in / Sign up

Export Citation Format

Share Document