scholarly journals An Effective Algorithm for Intrusion Detection Using Random Shapelet Forest

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Gongliang Li ◽  
Mingyong Yin ◽  
Siyuan Jing ◽  
Bing Guo
Keyword(s):  
Time Series ◽  
Intrusion Detection ◽  
Traffic Flow ◽  
Network Traffic ◽  
Time Complexity ◽  
Sampling Technique ◽  
Flow Patterns ◽  
Detection Systems ◽  
Symbolic Aggregate Approximation ◽  
Time Series Mining

Detection of abnormal network traffic is an important issue when builds intrusion detection systems. An effective way to address this issue is time series mining, in which the network traffic is naturally represented as a set of time series. In this paper, we propose a novel efficient algorithm, called RSFID (Random Shapelet Forest for Intrusion Detection), to detect abnormal traffic flow patterns in periodic network packets. Firstly, the Fast Correlation-based Filter (FCBF) algorithm is employed to remove irrelevant features to decrease the overfitting as well as the time complexity. Then, a random forest which is built upon a set of shapelet candidates is used to classify the normal and abnormal traffic flow patterns. Specifically, the Symbolic Aggregate approXimation (SAX) and random sampling technique are adopted to mitigate the high time complexity caused by enumerating shapelet candidates. Experimental results show the effectiveness and efficiency of the proposed algorithm.

NETWORK TRAFFIC ANOMALIES DETECTION USING AN ENSEMBLE OF CLASSIFIERS

2020 ◽  
pp. 38-46
Author(s):  
S. A. Sakulin ◽  
A. N. Alfimtsev ◽  
K. N. Kvitchenko ◽  
L. Ya. Dobkach ◽  
Yu. A. Kalgin
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Hybrid Approach ◽  
Stochastic Gradient Descent ◽  
Type I ◽  
Network Attacks ◽  
Detection Systems ◽  
Accuracy Increase

Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.

scholarly journals Identifying Basal Nighttime Radiance Levels for Estimating Traffic Flow based on VIIRS/DNB data

2021 ◽  
Vol 73 (4) ◽  
pp. 1106-1117
Author(s):  
Gabriel da Rocha Bragion ◽  
Gabriel Crivellaro Gonçalves ◽  
Ana Paula Dal’Asta ◽  
Ana Carolina de Faria Santos ◽  
Lucas Maia de Oliveira ◽  
...  
Keyword(s):  
Remote Sensing ◽  
Time Series ◽  
Traffic Flow ◽  
Time Complexity ◽  
Regions Of Interest ◽  
Empirical Estimation ◽  
Viable Option ◽  
Similar Time ◽  
Nighttime Lights ◽  
Control Samples

The recent COVID-19 outbreak drove the attention to methods for monitoring the flow of people between human settlements, including traffic flow. Although the remote sensing of nighttime lights is a viable option to estimate traffic flow-derived indicators, changes in radiance levels at night are not all associated with traffic. This paper presents the theoretical approach proposed on the development of an algorithm able to identify spectrally unbiased control samples for regions of interest (ROI), namely roadway sections. Firstly, an experiment is presented to put in evidence the background dependency of the DNB monthly composites (vcm) radiance levels. Then, an overview of the algorithm is presented, followed by an empirical estimation of its time complexity. The results showed that the algorithm has an O(n) time complexity and that control samples and ROIs can have similar time series features, indicating that analysis without the use of control samples can lead to biased results.

scholarly journals Development of software application for network traffic analysis and intrusion detection

2021 ◽  
pp. 57-64
Author(s):  
Alexander Ivanov ◽  
◽  
Alexander Kutischev ◽  
Elena Nikitina ◽  
◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Network Intrusion Detection ◽  
Network Attacks ◽  
Software Application ◽  
Detection Systems ◽  
Network Traffic Analysis ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

This paper demonstrated the use of neural networks in the development of network intrusion detection systems, described the structure of the developed software application for network traffic analysis and network attacks detection, and presented the software application results.

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

scholarly journals Dynamic Spatiotemporal Causality Analysis for Network Traffic Flow Based on Transfer Entropy and Sliding Window Approach

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Senyan Yang ◽  
Lianju Ning ◽  
Xilong Cai ◽  
Mingyu Liu
Keyword(s):  
Time Series ◽  
Traffic Flow ◽  
Network Traffic ◽  
Road Network ◽  
Time Series Data ◽  
Sliding Window ◽  
Transfer Entropy ◽  
Series Data ◽  
Window Approach ◽  
Road Segments

With the rapid development of sensor and communication technologies, a large amount of spatiotemporal traffic data has been accumulated, presenting the characteristics of big data. The potential information and regularity of traffic state evolution can be extracted from the huge traffic flow time series data and applied to intelligent transportation systems. This study proposes a dynamic spatiotemporal causality modeling approach to analyze traffic causal relationships for the large-scale road network. Transfer entropy algorithm is utilized to detect the spatiotemporal causality of network traffic states based on the extensive traffic time series data, which could measure the amount and direction of information transmission. A combination of Gaussian kernel density estimation and sliding window approach is proposed to calculate the transfer entropy and construct dynamic spatiotemporal causality graphs based on the causality significance test. The indexes of affected coefficient, influence coefficient, input degree, and output degree are defined to evaluate the causal interaction of traffic states among different road segments and identify the critical roads and potential bottlenecks of the existing road network. Experimental results based on real-world traffic sensor data indicate that the structures of traffic causality graphs are time-varying; the traffic cause-effect interaction among different road segments during the peak time is more significant than that during the nonpeak time; and the critical road segments can be identified, which are mainly located at the intersections of arterial roads, undertaking the convergence and dispersion of large traffic flows.

scholarly journals Efficacy Improvement of Anomaly Detection by Using Intelligence Sharing Scheme

2019 ◽  
Vol 9 (3) ◽  
pp. 364
Author(s):  
Muhammad Tahir ◽  
Mingchu Li ◽  
Naeem Ayoub ◽  
Muhammad Aamir
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Base Line ◽  
The Novel ◽  
Average Case ◽  
Additional Information ◽  
Detection Systems ◽  
Intelligence Sharing ◽  
Encrypted Traffic

Computer networks are facing threats of ever-increasing frequency and sophistication. Encryption is becoming the norm in both legitimate and malicious network traffic. Therefore, intrusion detection systems (IDSs) are now required to work efficiently regardless of the encryption. In this study, we propose two new methods to improve the efficacy of the Cisco Cognitive Threat Analytics (CTA) system. In the first method, the efficacy of CTA is improved by sharing of intelligence information across a large number of enterprise networks. In the second method, a four variant-based global reputation model (GRM) is designed by employing an outlier ensemble normalization algorithm in the presence of missing data. Intelligence sharing provides additional information in the intrusion detection process, which is much needed, particularly for analysis of encrypted traffic with inherently low information content. Robustness of the novel outlier ensemble normalization algorithm is also demonstrated. These improvements are measured using both encrypted and non-encrypted network traffic. Results show that the proposed information sharing methods greatly improve the anomaly detection efficacy of malicious network behavior with bad base-line detection efficacy and slightly improve upon the average case.

scholarly journals A System to automate the development of anomaly-based network intrusion detection model

2021 ◽  
Vol 2089 (1) ◽  
pp. 012006
Author(s):  
B Padmaja ◽  
K Sai Sravan ◽  
E Krishna Rao Patro ◽  
G Chandra Sekhar
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Network Traffic ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
The Internet ◽  
Detection Systems ◽  
Network Intrusion

Abstract Cyber security is the major concern in today’s world. Over the past couple of decades, the internet has grown to such an extent that almost every individual living on this planet has the access to the internet today. This can be viewed as one of the major achievements in the human race, but on the flip side of the coin, this gave rise to a lot of security issues for every individual or the company that is accessing the web through the internet. Hackers have become active and are always monitoring the networks to grab every possible opportunity to attack a system and make the best fortune out of its vulnerabilities. To safeguard people’s and organization’s privacy in this cyberspace, different network intrusion detection systems have been developed to detect the hacker’s presence in the networks. These systems fall under signature based and anomaly based intrusion detection systems. This paper deals with using anomaly based intrusion detection technique to develop an automation system to both train and test supervised machine learning models, which is developed to classify real time network traffic as to whether it is malicious or not. Currently the best models by considering both detection success rate and the false positives rate are Artificial Neural Networks(ANN) followed by Support Vector Machines(SVM). In this paper, it is verified that Artificial Neural Network (ANN) based machine learning with wrapper feature selection outperforms support vector machine (SVM) technique while classifying network traffic as harmful or harmless. Initially to evaluate the performance of the system, NSL-KDD dataset is used to train and test the SVM and ANN models and finally classify real time network traffic using these models. This system can be used to carry out model building automatically on the new datasets and also for classifying the behaviour of the provided dataset without having to code.

scholarly journals Machine Learning Approach for Detection of nonTor Traffic

2017 ◽  
Author(s):  
Elike Hodo ◽  
Xavier Bellekens ◽  
Ephraim Iorkyase ◽  
Andrew Hamilton ◽  
Christos Tachtatzis ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Traffic Flow ◽  
Network Traffic ◽  
Classification Performance ◽  
Support Vector ◽  
Privacy And Security ◽  
Hybrid Classifier ◽  
Internet Users ◽  
Tor Network

Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.  

scholarly journals Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity

2019 ◽  
Vol 9 (20) ◽  
pp. 4381
Author(s):  
Alvaro Parres-Peredo ◽  
Ivan Piza-Davila ◽  
Francisco Cervantes
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Network Traffic ◽  
Similarity Measures ◽  
Intrusion Detection Systems ◽  
The Real ◽  
Behavior Detection ◽  
Detection Systems ◽  
Real Time Traffic ◽  
Entire Network

Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user’s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.

Sign in / Sign up

Export Citation Format

Share Document