Detecting Temporal Attacks: An Intrusion Detection System for Train Communication Ethernet Based on Dynamic Temporal Convolutional Network

The train communication Ethernet (TCE) of modern intelligent trains is under an ever-increasing threat of serious network attacks. Denial of service (DoS) and man in the middle (MITM), the two most destructive attacks against TCE, are difficult to detect by conventional methods. Aiming at their highly time-correlated properties, a novel dynamic temporal convolutional network-based intrusion detection system (DyTCN-IDS) is proposed in this paper to detect these temporal attacks. A semiphysical TCE testbed that is capable of simulating real situations in TCE-based trains is first built to generate an effective dataset for training and testing. DyTCN-IDS consists of two phases, and in the first phase, systematic feature engineering is designed to optimize the dataset. In the second phase, a basic detection model that is good at dealing with temporal features is first built by utilizing the temporal convolutional network with several architectural optimizations. Then, in order to decrease the computational consumption waste on network packet sequences with different lengths of inner temporal relationships, dynamic neural network technology is further adopted to optimize the basic detection model. Diverse experiments were carried out to evaluate the proposed system from different angles. The experimental results indicate that our system is easy to train, converges fast, costs less computational resources, and achieves satisfying detection performance with a macro false alarm rate of 0.09%, a macro F-score of 99.39%, and an accuracy of 99.40%. Compared to some canonical DL-based IDS and some latest IDS, our system acquires the best overall detection performance as well.

Download Full-text

IntruDTree: A Machine Learning-Based Cyber Security Intrusion Detection Model

10.20944/preprints202004.0481.v1 ◽

2020 ◽

Author(s):

Iqbal H. Sarker ◽

Yoosef B. Abushark ◽

Fawaz Alsolami ◽

Asif Irshad Khan

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Cyber Security ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Techniques ◽

Support Vector ◽

Security Model ◽

K Nearest Neighbor ◽

Detection Model

Cyber security has recently received enormous attention in today’s security concerns, due to the popularity of the Internet-of-Things (IoT), the tremendous growth of computer networks, and the huge number of relevant applications. Thus, detecting various cyber-attacks or anomalies in a network and building an effective intrusion detection system that performs an essential role in today’s security is becoming more important. Artificial intelligence, particularly machine learning techniques, can be used for building such a data-driven intelligent intrusion detection system. In order to achieve this goal, in this paper, we present an Intrusion Detection Tree (“IntruDTree”) machine-learning-based security model that first takes into account the ranking of security features according to their importance and then build a tree-based generalized intrusion detection model based on the selected important features. This model is not only effective in terms of prediction accuracy for unseen test cases but also minimizes the computational complexity of the model by reducing the feature dimensions. Finally, the effectiveness of our IntruDTree model was examined by conducting experiments on cybersecurity datasets and computing the precision, recall, fscore, accuracy, and ROC values to evaluate. We also compare the outcome results of IntruDTree model with several traditional popular machine learning methods such as the naive Bayes classifier, logistic regression, support vector machines, and k-nearest neighbor, to analyze the effectiveness of the resulting security model.

Download Full-text

Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

10.21203/rs.3.rs-748765/v1 ◽

2021 ◽

Author(s):

Navroop Kaur ◽

Meenakshi Bansal ◽

Sukhwinder Singh S

Keyword(s):

Feature Selection ◽

Performance Evaluation ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Cyber Attacks ◽

Support Vector ◽

K Nearest Neighbor ◽

Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

Download Full-text

The Study of the Ontology and Context Verification Based Intrusion Detection Model

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.3338 ◽

2014 ◽

Vol 644-650 ◽

pp. 3338-3341 ◽

Cited By ~ 1

Author(s):

Guang Feng Guo

Keyword(s):

Intrusion Detection ◽

Knowledge Base ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

False Positives ◽

The Real ◽

Detection Model ◽

Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Download Full-text

Adaptive Ensemble Multi-Agent Based Intrusion Detection Model

Developing Advanced Web Services through P2P Computing and Autonomous Agents - Advances in Web Technologies and Engineering ◽

10.4018/978-1-61520-973-6.ch003 ◽

2010 ◽

pp. 36-48 ◽

Cited By ~ 1

Author(s):

Tarek Helmy

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Algorithms ◽

Agent Based ◽

Detection Model ◽

Detection Analysis ◽

Proposed Model ◽

Multi Agent

The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as intrusion detection system. The performance of the intrusion detection system can be improved by combing anomaly and misuse analysis. This chapter proposes an ensemble multi-agent-based intrusion detection model. The proposed model combines anomaly, misuse, and host-based detection analysis. The agents in the proposed model use rules to check for intrusions, and adopt machine learning algorithms to recognize unknown actions, to update or create new rules automatically. Each agent in the proposed model encapsulates a specific classification technique, and gives its belief about any packet event in the network. These agents collaborate to determine the decision about any event, have the ability to generalize, and to detect novel attacks. Empirical results indicate that the proposed model is efficient, and outperforms other intrusion detection models.

Download Full-text

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Sensors ◽

10.3390/s20185305 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5305

Author(s):

Panagiotis Radoglou Grammatikis ◽

Panagiotis Sarigiannidis ◽

Georgios Efstathopoulos ◽

Emmanouil Panaousis

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Intrusion Detection System ◽

Network Flow ◽

Network Flows ◽

Detection System ◽

Random Noise ◽

Denial Of Service ◽

The Third ◽

Operational Data

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Download Full-text

Application of Deep Learning Technique in an Intrusion Detection System

International Journal of Computational Intelligence and Applications ◽

10.1142/s1469026820500169 ◽

2020 ◽

Vol 19 (02) ◽

pp. 2050016

Author(s):

Shideh Saraeian ◽

Mahya Mohammadi Golchi

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Visual Analysis ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Hybrid Network ◽

Machine Learning Techniques ◽

Learning Technique

Comprehensive development of computer networks causes the increment of Distributed Denial of Service (DDoS) attacks. These types of attacks can easily restrict communication and computing. Among all the previous researches, the accuracy of the attack detection has not been properly addressed. In this study, deep learning technique is used in a hybrid network-based Intrusion Detection System (IDS) to detect intrusion on network. The performance of the proposed technique is evaluated on the NSL-KDD and ISCXIDS 2012 datasets. We performed traffic visual analysis using Wireshark tool and did some experimentations to prove the superiority of the proposed method. The results have shown that our proposed method achieved higher accuracy in comparison with other useful machine learning techniques.

Download Full-text

ANALISIS NETWORK SECURITY SNORT METODE INTRUSION DETECTION SYSTEM UNTUK OPTIMASI KEAMANAN JARINGAN KOMPUTER

Jursima ◽

10.47024/js.v6i1.107 ◽

2018 ◽

Vol 6 (1) ◽

pp. 1

Author(s):

Parningotan Panggabean

Keyword(s):

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service

<p><em>Perkembangan teknologi informasi, khususnya jaringan komputer memungkinkan terjadinya pertukaran informasi yang mudah, cepat dan semakin kompleks. Keamanan jaringan komputer harus diperhatikan guna menjaga validitas dan integritas data serta informasi yang berada dalam jaringan tersebut. Masalah yang dihadapi adalah adanya Log Bug yang didapatkan pada komputer server Dinas Lingkungan Hidup Kota Batam yang diindikasikan adanya serangan Denial of Service (DoS) pada komputer tersebut. Berdasarkan masalah diatas maka penulis mencoba membuat sebuah penelitian yang berjudul “Analisis Network Security Snort menggunakan metode Intrusion Detection System (IDS) untuk Optimasi Keamanan Jaringan Komputer” dan diharapkan dapat mendeteksi serangan Denial of Service (DoS). Intrusion Detection System (IDS) adalah sebuah tool, metode, sumber daya yang memberikan bantuan untuk melakukan identifikasi, memberikan laporan terhadap aktivitas jaringan komputer. Aplikasi yang digunakan untuk mendeteksi serangan menggunakan Snort. Snort dapat mendeteksi serangan DoS. Serangan DoS dilakukan dengan menggunakan aplikasi Loic.</em></p>

Download Full-text