DECISION MAKING FOR NETWORK HEALTH ASSESSMENT IN AN INTELLIGENT INTRUSION DETECTION SYSTEM ARCHITECTURE

2004 ◽  
Vol 03 (02) ◽  
pp. 281-306 ◽  
Author(s):  
AMBAREEN SIRAJ ◽  
RAYFORD B. VAUGHN ◽  
SUSAN M. BRIDGES
Keyword(s):  
Intrusion Detection ◽  
Computer Security ◽  
Intrusion Detection System ◽  
Detection System ◽  
Health Assessment ◽  
Fuzzy Rule ◽  
Fuzzy Cognitive Maps ◽  
Causal Knowledge ◽  
Knowledge Reasoning ◽  
Decision Engine

This paper describes the use of artificial intelligence techniques in the creation of a network-based decision engine for decision support in an Intelligent Intrusion Detection System (IIDS). In order to assess overall network health, the decision engine fuses outputs from different intrusion detection sensors serving as "experts" and then analyzes the integrated information to present an overall security view of the system for the security administrator. This paper reports on the workings of a decision engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research, Mississippi State University. The decision engine uses Fuzzy Cognitive Maps (FCM)s and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process.

scholarly journals Deep Learning Approaches for Intrusion Detection

2021 ◽  
pp. 50-64
Author(s):  
Azar Abid Salih ◽  
Siddeeq Y. Ameen ◽  
Subhi R. M. Zeebaree ◽  
Mohammed A. M. Sadeeq ◽  
Shakir Fattah Kak ◽  
...  
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Computer Security ◽  
Intrusion Detection System ◽  
Detection System ◽  
Feature Learning ◽  
Detailed Comparison ◽  
Learning Approaches ◽  
Network Intrusion ◽  
Research Problems

Recently, computer networks faced a big challenge, which is that various malicious attacks are growing daily. Intrusion detection is one of the leading research problems in network and computer security. This paper investigates and presents Deep Learning (DL) techniques for improving the Intrusion Detection System (IDS). Moreover, it provides a detailed comparison with evaluating performance, deep learning algorithms for detecting attacks, feature learning, and datasets used to identify the advantages of employing in enhancing network intrusion detection.

scholarly journals Evaluation of DDoS attacks Detection in a New Intrusion Dataset Based on Classification Algorithms

2019 ◽  
Vol 1 (3) ◽  
pp. 49-55 ◽  
Author(s):  
Amer A. Abdulrahman ◽  
Mahmood K. Ibrahem
Keyword(s):  
Intrusion Detection ◽  
Computer Security ◽  
System Architecture ◽  
Intrusion Detection System ◽  
Network Flows ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Strategic Decision ◽  
Classification Algorithms ◽  
Ddos Attack

Intrusion detection system is an imperative role in increasing security and decreasing the harm of the computer security system and information system when using of network. It observes different events in a network or system to decide occurring an intrusion or not and it is used to make strategic decision, security purposes and analyzing directions. This paper describes host based intrusion detection system architecture for DDoS attack, which intelligently detects the intrusion periodically and dynamically by evaluating the intruder group respective to the present node with its neighbors. We analyze a dependable dataset named CICIDS 2017 that contains benign and DDoS attack network flows, which meets certifiable criteria and is openly accessible. It evaluates the performance of a complete arrangement of machine learning algorithms and network traffic features to indicate the best features for detecting the assured attack classes. Our goal is storing the address of destination IP that is utilized to detect an intruder by method of misuse detection.

scholarly journals A New Neural Network-Based Intrusion Detection System for Detecting Malicious Nodes in WSNs

2020 ◽  
Vol 1 (3) ◽  
pp. 1-8
Author(s):  
Narmatha C ◽  
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Key Management ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Fuzzy Rule ◽  
Sensor Nodes ◽  
Abnormal Behavior ◽  
Malicious Nodes

The Wireless Sensor Networks (WSNs) are vulnerable to numerous security hazards that could affect the entire network performance, which could lead to catastrophic problems such as a denial of service attacks (DoS). The WSNs cannot protect these types of attacks by key management protocols, authentication protocols, and protected routing. A solution to this issue is the intrusion detection system (IDS). It evaluates the network with adequate data obtained and detects the sensor node(s) abnormal behavior. For this work, it is proposed to use the intrusion detection system (IDS), which recognizes automated attacks by WSNs. This IDS uses an improved LEACH protocol cluster-based architecture designed to reduce the energy consumption of the sensor nodes. In combination with the Multilayer Perceptron Neural Network, which includes the Feed Forward Neutral Network (FFNN) and the Backpropagation Neural Network (BPNN), IDS is based on fuzzy rule-set anomaly and abuse detection based learning methods based on the fugitive logic sensor to monitor hello, wormhole and SYBIL attacks.

scholarly journals Analisis Forensik Jaringan Studi Kasus Serangan SQL Injection pada Server Universitas Gadjah Mada

2013 ◽  
Vol 7 (1) ◽  
Author(s):  
Resi Utami Putri ◽  
Jazi Eko Istiyanto
Keyword(s):  
Intrusion Detection ◽  
Computer Security ◽  
Intrusion Detection System ◽  
Process Model ◽  
Detection System ◽  
Process Models ◽  
Sql Injection ◽  
Ip Address ◽  
Security Investigation ◽  
Automated Tools

AbstrakForensik jaringan merupakan ilmu keamanan komputer berkaitan dengan investigasi untuk menemukan sumber serangan pada jaringan berdasarkan bukti log, mengidentifikasi, menganalisis serta merekonstruksi ulang kejadian tersebut. Penelitian forensik jaringan dilakukan di Pusat Pelayanan Teknologi Informasi dan Komunikasi (PPTIK) Universitas Gadjah Mada.Metode yang digunakan adalah model proses forensik (The Forensic Process Model) sebuah model proses investigasi forensik digital, yang terdiri dari tahap pengkoleksian, pemeriksaan, analisis dan pelaporan. Penelitian dilakukan selama lima bulan dengan mengambil data dari Intrusion Detection System (IDS) Snort. Beberapa file log digabungkan menjadi satu file log, lalu data dibersihkan agar sesuai untuk penelitian.Berdasarkan hasil penelitian yang telah dilakukan, terdapat 68 IP address  yang melakukan tindakan illegal SQL Injection pada server www.ugm.ac.id. Kebanyakan penyerang menggunakan tools SQL Injection yaitu Havij dan SQLMap sebagai tool otomatis untuk memanfaatkan celah keamanan pada suatu website. Selain itu, ada yang menggunakan skrip Python yaitu berasal dari benua Eropa yaitu di Romania. Kata kunci—forensik jaringan, model proses forensik, SQL injection AbstractNetwork forensic is a computer security investigation to find the sources of the attacks on the network by examining log evidences, identifying, analyzing and reconstructing the incidents. This research has been conducted at The Center of Information System and Communication Service, Gadjah Mada University.The method that used was The Forensic Process Model, a model of the digital investigation process, consisted of collection, examination, analysis, and reporting. This research has been conducted over five months by retrieving data that was collected from Snort Intrusion Detection System (IDS). Some log files were retrieved and merged into a single log file, and then the data cleaned to fit for research.Based on the research, there are 68 IP address was that did illegal action, SQL injection, on server www.ugm.ac.id. Most of attackers using Havij and SQLmap (automated tools to exploit vulnerabilities on a website). Beside that, there was also Python script that was derived from the continent of Europe in Romania. Keywords— Network Forensics, The Forensic Process Models, SQL Injection

Fuzzy Rule-Based Layered Classifier and Entropy-Based Feature Selection for Intrusion Detection System

2021 ◽  
pp. 289-309
Author(s):  
Devaraju Sellappan ◽  
Ramakrishnan Srinivasan
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Fuzzy Rule ◽  
Intrusion Detection Systems ◽  
Rule Based ◽  
Detection Systems ◽  
Positive Rate ◽  
Rule Based Classifier

Intrusion detection systems must detect the vulnerability consistently in a network and also perform efficiently with the huge amount of traffic. Intrusion detection systems must be capable of detecting emerging and proactive threats in the networks. Various classifiers are used to classify the threats as normal or intrusive by supervising the system activity. In this chapter, layered fuzzy rule-based classifier is proposed to detect the various intrusions, and fuzzy entropy-based feature selection is proposed to identify the relevant features. Layered fuzzy rule-based classifier is proposed to improve the performance of the intrusion detection system. KDD dataset contains various attacks; these attacks are grouped into four classes, namely Denial-of-Service (DoS), Probe, Remote-to-Local (R2L), and User-to-Root (U2R). Real-time dataset is also considered in this research. Experimental result shows that the proposed method provides good detection rate, minimizes the false positive rate, and less computational time.

Sign in / Sign up

Export Citation Format

Share Document