Design of Intrusion Detection and Prevention in SCADA System for the Detection of Bias Injection Attacks

Intrusion detection and prevention system detects malicious activities that occur in the real-time SCADA systems. This system has a problem without a profound solution. The challenge of the existing intrusion detection is accuracy in the process of detecting the anomalies. In SCADA, wind turbine data are modified by the intruders and forged details are given to the server. To overcome this, the biased intrusion detection system is used for detecting the intrusion with encrypted date, time, and file location with less false-positive and false-negative rates and thereby preventing the SCADA system from further intrusion. It is done in three phases. First, Modified Grey Wolf Optimization (MGWO) is used to extract the features needed for classification and to find the best weight. Second, Entropy-based Extreme Learning Machine (EELM) is used to extort the features and detect the intruded data with its intruded time, file location, and date. Finally, the data are encrypted using the Hybrid Elliptical Curve Cryptography (HECC) to prevent further attack. Experimental results show better accuracy in both detection as well as prevention.

Download Full-text

Using response action with intelligent intrusion detection and prevention system against web application malware

Information Management & Computer Security ◽

10.1108/imcs-02-2013-0007 ◽

2014 ◽

Vol 22 (5) ◽

pp. 431-449 ◽

Cited By ~ 8

Author(s):

Ammar Alazab ◽

Michael Hobbs ◽

Jemal Abawajy ◽

Ansam Khraisat ◽

Mamoun Alazab

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection Efficiency ◽

Detection System ◽

Content Type ◽

Novel Approach ◽

Prevention System ◽

Intrusion Detection And Prevention

Purpose – The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. Design/methodology/approach – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). Findings – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. Research limitations/implications – Data limitation. Originality/value – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Download Full-text

A HYBRID APPROACH OF INTRUSION DETECTION SYSTEM BASED ON NEURAL NETWORK AND NORMALIZATION

INTERNATIONAL JOURNAL ONLINE OF SCIENCE ◽

10.24113/ijoscience.v2i2.76 ◽

2016 ◽

Vol 2 (2) ◽

Author(s):

Kavita Patil ◽

Dr. Bhupesh Gour ◽

Mr. Deepak Tomar

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Hybrid Approach ◽

Attack Detection ◽

Proper Action ◽

Prevention System ◽

Event Handling ◽

Intrusion Detection And Prevention

In the whole world, the most famous threat that are spread around is done by the intruder computers over the internet. The types of external activity found over the system are termed as intrusion and the mechanism that is applied for the preservation of the information against these intrusions are called as intrusion detection system. For protecting the network, first there is a need to detect the attacks then take the proper action regarding it. There are techniques applied for scanning and analysing for highlighting the susceptibilities and loop-holes within the components of security, various aspects of network that are not secured and also implementation of the intrusion-detection and prevention-system techniques are also described here. In this paper, proposed methods based on Neural Network is described that provides better way of attack detection, that are required in various applications of security such as network forensics, portable computer and the event handling systems by applying various different approaches. Proposed work is implemented in MATALB.

Download Full-text

RELEVANCE OF THE DEVELOPMENT OF AN INTRUSION DETECTION SYSTEM WITH A TRAP MODULE

Interexpo GEO-Siberia ◽

10.33764/2618-981x-2020-8-1-165-167 ◽

2020 ◽

Vol 8 (1) ◽

pp. 165-167

Author(s):

Midat O. Maxudov ◽

Ivan E. Doroshenko ◽

Andrey S. Grehov ◽

Diana G. Makarova

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Detailed Report ◽

Prevention System ◽

Intrusion Detection And Prevention

The article presents the relevance of developing an intrusion detection system with a trap module. The trap module implemented as a part of the intrusion detection system allows providing a detailed report and information about the attacker for the intrusion detection and prevention system SNORT.

Download Full-text

Behavioral Host-Based Intrusion Detection and Prevention System for Android

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.36191 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 5268-5274

Author(s):

Yashavant Darange

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Training Dataset ◽

User Privacy ◽

Android Malware ◽

Android Malware Detection ◽

Prevention System ◽

Evaluation Outcome ◽

Intrusion Detection And Prevention

Intrusion Detection System (IDS) is vital to protect smartphones from about to happen security breach and make sure user privacy. Android is the most popular mobile Operating System (OS), holding many markets share. Android malware detection has received important concentration, existing solutions typically rely on performing resource intensive analysis on a server, assuming an uninterrupted link between the device and the server. In this paper, we propose a behavior Host-based IDS (HIDS) by using permissions incorporating arithmetical and ML algorithms. The benefit of our proposed IDS is two folds. First, it is completely independent and runs on the smartphone device, without need any link to a server. Second, it requires only training dataset consisting of some of examples from both benign and malicious datasets for tuning. though, in put into practice, collecting malicious examples is exciting since its important infecting the device and collecting many of samples in order to characterize the malware’s behavior and the labelling has to be done. The evaluation outcome show that the proposed IDS gives a very hopeful accuracy.

Download Full-text

Http Rule Base Intrusion Detection and Prevention System

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i1093.0789s219 ◽

2019 ◽

Vol 8 (9S2) ◽

pp. 438-441

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Rule Base ◽

Application Layer ◽

Malicious Activity ◽

Input Text ◽

Prevention System ◽

Hyper Text Transfer Protocol ◽

Intrusion Detection And Prevention

The objective of HTTP Rule Base Intrusion Detection and Prevention System (IDPS) is to provide security for one of the application layer protocols namely HTTP (Hyper-Text Transfer Protocol). Such an HTTP based Intrusion Detection System (IDS) detects header attacks and attacks in payload (includes HTML and scripting). Misuse detection uses signature based approach where predefined patterns are defined. The input text or pattern is compared with the predefined signatures to detect malicious activity. Furthermore new types of attacks are continuously created. The new attacks created by attacker are also detected by these IDS, only if attacks are in the form of signatures. Signatures are defined either in a single-line or by complex script languages and are used in rule base to detect attacks. These signatures and rules have to be updated periodically as the attacks are continuously changing its nature of attacks

Download Full-text

Intrusion Detection System Using Data Stream Classification

Iraqi Journal of Science ◽

10.24996/ijs.2021.62.1.30 ◽

2021 ◽

pp. 319-328

Author(s):

Amer Abdulmajeed Abdualrahman ◽

Mahmood Khalel Ibrahem

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Data Stream ◽

Detection System ◽

Data Communication ◽

Computation Time ◽

Stream Classification ◽

Data Stream Classification ◽

Network Intrusion ◽

Learning Machine

Secure data communication across networks is always threatened with intrusion and abuse. Network Intrusion Detection System (IDS) is a valuable tool for in-depth defense of computer networks. Most research and applications in the field of intrusion detection systems was built based on analysing the several datasets that contain the attacks types using the classification of batch learning machine. The present study presents the intrusion detection system based on Data Stream Classification. Several data stream algorithms were applied on CICIDS2017 datasets which contain several new types of attacks. The results were evaluated to choose the best algorithm that satisfies high accuracy and low computation time.

Download Full-text

IDS-attention: an efficient algorithm for intrusion detection systems using attention mechanism

Journal Of Big Data ◽

10.1186/s40537-021-00544-5 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

FatimaEzzahra Laghrissi ◽

Samira Douzi ◽

Khadija Douzi ◽

Badr Hssina

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Short Term Memory ◽

Detection System ◽

False Negative ◽

False Negative Rate ◽

Attention Mechanism ◽

Intrusion Detection Systems ◽

Network Attacks ◽

Detection Systems

AbstractNetwork attacks are illegal activities on digital resources within an organizational network with the express intention of compromising systems. A cyber attack can be directed by individuals, communities, states or even from an anonymous source. Hackers commonly conduct network attacks to alter, damage, or steal private data. Intrusion detection systems (IDS) are the best and most effective techniques when it comes to tackle these threats. An IDS is a software application or hardware device that monitors traffic to search for malevolent activity or policy breaches. Moreover, IDSs are designed to be deployed in different environments, and they can either be host-based or network-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system is located on the network. IDSs based on deep learning have been used in the past few years and proved their effectiveness. However, these approaches produce a big false negative rate, which impacts the performance and potency of network security. In this paper, a detection model based on long short-term memory (LSTM) and Attention mechanism is proposed. Furthermore, we used four reduction algorithms, namely: Chi-Square, UMAP, Principal Components Analysis (PCA), and Mutual information. In addition, we evaluated the proposed approaches on the NSL-KDD dataset. The experimental results demonstrate that using Attention with all features and using PCA with 03 components had the best performance, reaching an accuracy of 99.09% and 98.49% for binary and multiclass classification, respectively.

Download Full-text

An Application and Performance Evaluation of Twin Extreme Learning Machine Classifier for Intrusion Detection

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.h6821.078919 ◽

2019 ◽

Vol 8 (9) ◽

pp. 219-222

Keyword(s):

Intrusion Detection ◽

Extreme Learning Machine ◽

Intrusion Detection System ◽

Detection System ◽

Twin Support Vector Machine ◽

Support Vector ◽

Detection Techniques ◽

Learning Machines ◽

And Performance ◽

Learning Machine

Network along with Security is most significant in the digitalized environment. It is necessary to secure data from hackers and intruders. A strategy involved in protection of information from hackers will be termed as Intrusion Detection System (IDS).By taking into nature of attack or the usual conduct of user, investigation along with forecasting activities of the clients will be performed by mentioned system.Variousstrategies are utilized for the intrusion detection system. For the purpose of identification of hacking activity, utilization of machine learning based approach might be considered as novel strategy.In this paper, for identification of the hacking activity will be carried out by Twin Extreme Learning Machines (TELM).Employing the concept of Twin Support Vector Machine with the fundamental structure of Extreme Learning Machine is considered in the establishment of Twin Extreme Learning Machine (TELM).Also, its performance and accuracy are compared with the other intrusion detection techniques

Download Full-text

Expert Knowledge Correlated Evaluation of Intrusion Detection System in Heterogeneous IoT

10.36227/techrxiv.16722784.v1 ◽

2021 ◽

Author(s):

Nitish A ◽

Prof.(Dr).Hanumanthapppa J ◽

Shiva Prakash S.P ◽

Kirill Krinkin

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Expert Knowledge ◽

Detection System ◽

Evaluation Framework ◽

Network Intrusion Detection ◽

Root Cause ◽

Network Intrusion ◽

Misclassification Rates ◽

Intrusion Detection And Prevention

<div>The dynamic heterogeneous IoT contexts adversely affect the performance of learning-based network intrusion detection and prevention systems resulting in increased misclassification rates—necessitating an expert knowledge correlated evaluation framework. The proposed framework includes intrusion root cause analysis and a correlation model that can be generalized over any network intrusion dataset, corresponding expert knowledge, detection technique, and learning-based algorithm. The experimentations prove the robustness of the propounded</div><div>framework on imbalanced datasets.</div>

Download Full-text

An Autoencoder-Based Network Intrusion Detection System for the SCADA System

Journal of Communications ◽

10.12720/jcm.16.6.210-216 ◽

2021 ◽

pp. 210-216

Author(s):

Mustafa Altaha ◽

◽

Jae-Myeong Lee ◽

Muhammad Aslam ◽

Sugwon Hong

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Communication Protocol ◽

Detection System ◽

Main Tool ◽

Detection Model ◽

Scada System ◽

Network Intrusion ◽

Power Substation

The intrusion detection system (IDS) is the main tool to do security monitoring that is one of the security strategies for the supervisory control and data acquisition (SCADA) system. In this paper, we develop an IDS based on the autoencoder deep learning model (AE-IDS) for the SCADA system. The target SCADA communication protocol of the detection model is the Distributed Network Protocol 3 (DNP3), which is currently the most commonly utilized communication protocol in the power substation. Cyberattacks that we consider are data injection or modification attacks, which are the most critical attacks in the SCADA systems. In this paper, we extracted 17 data features from DNP3 communication, and use them to train the autoencoder network. We measure accuracy and loss of detection and compare them with different supervised deep learning algorithms. The unsupervised AE-IDS model shows better performance than the other deep learning IDS models.

Download Full-text