scholarly journals A Survey of Few-Shot Learning: An Effective Method for Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Ruixue Duan ◽  
Dan Li ◽  
Qiang Tong ◽  
Tao Yang ◽  
Xiaotong Liu ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Theoretical Background ◽  
Generative Models ◽  
Multitask Learning ◽  
Data Driven ◽  
Research Progress ◽  
Detection Accuracy ◽  
Data Enrichment ◽  
Previous Discussion ◽  
Meta Learning

Few-shot learning (FSL) is a core topic in the domain of machine learning (ML), in which the focus is on the use of small datasets to train the model. In recent years, there have been many important data-driven ML applications for intrusion detection. Despite these great achievements, however, gathering a large amount of reliable data remains expensive and time-consuming, or even impossible. In this regard, FSL has been shown to have advantages in terms of processing small, abnormal data samples in the huge application space of intrusion detection. FSL can improve ML for scarce data at three levels: the data, the model, and the algorithm levels. Previous knowledge plays an important role in all three approaches. Many promising methods such as data enrichment, the graph neural network model, and multitask learning have also been developed. In this paper, we present a comprehensive review of the latest research progress in the area of FSL. We first introduce the theoretical background to ML and FSL and then describe the general features, advantages, and main methods of FSL. FSL methods such as embedded learning, multitask learning, and generative models are applied to intrusion detection to improve the detection accuracy effectively. Then, the application of FSL to intrusion detection is reviewed in detail, including enriching the dataset by extracting intermediate features, using graph embedding and meta-learning methods to improve the model. Finally, the difficulties of this approach and its prospects for development in the field of intrusion detection are identified based on the previous discussion.

An Anomaly Intrusion Detection Based on Hidden Markov Model System Call Sequenc

2011 ◽  
Vol 225-226 ◽  
pp. 609-613
Author(s):  
Dong Liang Wang ◽  
Zhi Gang Wang
Keyword(s):  
Intrusion Detection ◽  
Markov Model ◽  
Hidden Markov Model ◽  
Hidden Markov ◽  
Research Progress ◽  
Detection Accuracy ◽  
System Call ◽  
Building Model ◽  
Anomaly Intrusion Detection ◽  
Call Sequence

To improve detection accuracy, Utilizing HMM (Hidden Markov model) and BW to building model, the detection accuracy improves greatly. First, the research progress of intrusion detection is recalled, then the model based on Markov and BW is presented. An example of using system call trace data which is used in intrusion detection, is given to illustrate the performance of this model. Finally, comparison of detection ability between the above detection method and others is given. It is found that the IDS based on HMM System Call sequence has improve the accuracy greatly.

scholarly journals Deep Transfer Learning Based Intrusion Detection System for Electric Vehicular Networks

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4736
Author(s):  
Sk. Tanzir Mehedi ◽  
Adnan Anwar ◽  
Ziaur Rahman ◽  
Kawsar Ahmed
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Transfer Learning ◽  
Security Requirements ◽  
Detection Accuracy ◽  
Area Network ◽  
Complex Data ◽  
Network Intrusion

The Controller Area Network (CAN) bus works as an important protocol in the real-time In-Vehicle Network (IVN) systems for its simple, suitable, and robust architecture. The risk of IVN devices has still been insecure and vulnerable due to the complex data-intensive architectures which greatly increase the accessibility to unauthorized networks and the possibility of various types of cyberattacks. Therefore, the detection of cyberattacks in IVN devices has become a growing interest. With the rapid development of IVNs and evolving threat types, the traditional machine learning-based IDS has to update to cope with the security requirements of the current environment. Nowadays, the progression of deep learning, deep transfer learning, and its impactful outcome in several areas has guided as an effective solution for network intrusion detection. This manuscript proposes a deep transfer learning-based IDS model for IVN along with improved performance in comparison to several other existing models. The unique contributions include effective attribute selection which is best suited to identify malicious CAN messages and accurately detect the normal and abnormal activities, designing a deep transfer learning-based LeNet model, and evaluating considering real-world data. To this end, an extensive experimental performance evaluation has been conducted. The architecture along with empirical analyses shows that the proposed IDS greatly improves the detection accuracy over the mainstream machine learning, deep learning, and benchmark deep transfer learning models and has demonstrated better performance for real-time IVN security.

The Research of Intrusion Detection Based on Intelligentization

2014 ◽  
Vol 490-491 ◽  
pp. 1588-1591
Author(s):  
Liang Zhang ◽  
Hao Yue Sun ◽  
Guo Lv ◽  
Xiao Lu Sun
Keyword(s):  
Neural Network ◽  
Genetic Algorithm ◽  
Intrusion Detection ◽  
Convergence Speed ◽  
Global Property ◽  
Detection Accuracy ◽  
Accuracy Rate ◽  
The Neural Network

In this paper, the intelligentized way is applied to detecting anomaly intrusion. Based on the global property of genetic algorithm and the locality of neural network, this method effectively improves the convergence speed of the network and the detection accuracy rate. It not only avoids the defect of the neural network, but also improves the precision.

A Survey on Data-driven Network Intrusion Detection

2022 ◽  
Vol 54 (9) ◽  
pp. 1-36
Author(s):  
Dylan Chou ◽  
Meng Jiang
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Real World ◽  
Data Driven ◽  
Network Intrusion Detection ◽  
Large Network ◽  
Learning Models ◽  
Simulated Environments ◽  
Network Intrusion ◽  
Machine Learning Models

Data-driven network intrusion detection (NID) has a tendency towards minority attack classes compared to normal traffic. Many datasets are collected in simulated environments rather than real-world networks. These challenges undermine the performance of intrusion detection machine learning models by fitting machine learning models to unrepresentative “sandbox” datasets. This survey presents a taxonomy with eight main challenges and explores common datasets from 1999 to 2020. Trends are analyzed on the challenges in the past decade and future directions are proposed on expanding NID into cloud-based environments, devising scalable models for large network data, and creating labeled datasets collected in real-world networks.

scholarly journals Network Intrusion Detection using a Combination of Fuzzy Clustering and Ant Colony Algorithm

2021 ◽  
Vol 5 (2) ◽  
pp. 11-19
Author(s):  
Yadgar Sirwan Abdulrahman
Keyword(s):  
Intrusion Detection ◽  
Ant Colony Algorithm ◽  
Optimization Problems ◽  
Detection System ◽  
Ant Colony ◽  
Detection Accuracy ◽  
Ant Colony Optimization Algorithm ◽  
Network Intrusion ◽  
Secure Network ◽  
Main Component

As information technology grows, network security is a significant issue and challenge. The intrusion detection system (IDS) is known as the main component of a secure network. An IDS can be considered a set of tools to help identify and report abnormal activities in the network. In this study, we use data mining of a new framework using fuzzy tools and combine it with the ant colony optimization algorithm (ACOR) to overcome the shortcomings of the k-means clustering method and improve detection accuracy in IDSs. Introduced IDS. The ACOR algorithm is recognized as a fast and accurate meta-method for optimization problems. We combine the improved ACOR with the fuzzy c-means algorithm to achieve efficient clustering and intrusion detection. Our proposed hybrid algorithm is reviewed with the NSL-KDD dataset and the ISCX 2012 dataset using various criteria. For further evaluation, our method is compared to other tasks, and the results are compared show that the proposed algorithm has performed better in all cases.

scholarly journals RICNN: A ResNet&Inception convolutional neural network for intrusion detection of abnormal traffic

2021 ◽  
pp. 55-55
Author(s):  
Benhui Xia ◽  
Dezhi Han ◽  
Ximing Yin ◽  
Gao Na
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Detection Rate ◽  
Recognition Rate ◽  
Identification Accuracy ◽  
Detection Accuracy ◽  
Traffic Classification ◽  
High Detection Rate ◽  
Network Intrusion

To secure cloud computing and outsourced data while meeting the requirements of automation, many intrusion detection schemes based on deep learn ing are proposed. Though the detection rate of many network intrusion detection solutions can be quite high nowadays, their identification accuracy on imbalanced abnormal network traffic still remains low. Therefore, this paper proposes a ResNet &Inception-based convolutional neural network (RICNN) model to abnormal traffic classification. RICNN can learn more traffic features through the Inception unit, and the degradation problem of the network is eliminated through the direct map ping unit of ResNet, thus the improvement of the model?s generalization ability can be achievable. In addition, to simplify the network, an improved version of RICNN, which makes it possible to reduce the number of parameters that need to be learnt without degrading identification accuracy, is also proposed in this paper. The experimental results on the dataset CICIDS2017 show that RICNN not only achieves an overall accuracy of 99.386% but also has a high detection rate across different categories, especially for small samples. The comparison experiments show that the recognition rate of RICNN outperforms a variety of CNN models and RNN models, and the best detection accuracy can be achieved.

scholarly journals Feature Selection Models Based on Hybrid Firefly Algorithm with Mutation Operator for Network Intrusion Detection

2021 ◽  
Vol 14 (1) ◽  
pp. 192-202
Author(s):  
Karrar Alwan ◽  
◽  
Ahmed AbuEl-Atta ◽  
Hala Zayed ◽  
◽  
...  
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Firefly Algorithm ◽  
Detection System ◽  
Binary Classification ◽  
Feature Reduction ◽  
Detection Accuracy ◽  
Multi Classification ◽  
Modified Firefly Algorithm

Accurate intrusion detection is necessary to preserve network security. However, developing efficient intrusion detection system is a complex problem due to the nonlinear nature of the intrusion attempts, the unpredictable behaviour of network traffic, and the large number features in the problem space. Hence, selecting the most effective and discriminating feature is highly important. Additionally, eliminating irrelevant features can improve the detection accuracy as well as reduce the learning time of machine learning algorithms. However, feature reduction is an NPhard problem. Therefore, several metaheuristics have been employed to determine the most effective feature subset within reasonable time. In this paper, two intrusion detection models are built based on a modified version of the firefly algorithm to achieve the feature selection task. The first and, the second models have been used for binary and multiclass classification, respectively. The modified firefly algorithm employed a mutation operation to avoid trapping into local optima through enhancing the exploration capabilities of the original firefly. The significance of the selected features is evaluated using a Naïve Bayes classifier over a benchmark standard dataset, which contains different types of attacks. The obtained results revealed the superiority of the modified firefly algorithm against the original firefly algorithm in terms of the classification accuracy and the number of selected features under different scenarios. Additionally, the results assured the superiority of the proposed intrusion detection system against other recently proposed systems in both binary classification and multi-classification scenarios. The proposed system has 96.51% and 96.942% detection accuracy in binary classification and multi-classification, respectively. Moreover, the proposed system reduced the number of attributes from 41 to 9 for binary classification and to 10 for multi-classification.

scholarly journals Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM

2012 ◽  
Vol 2012 ◽  
pp. 1-10 ◽  
Author(s):  
S. Ganapathy ◽  
P. Yogesh ◽  
A. Kannan
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Intelligent Agent ◽  
Support Vector ◽  
Detection Accuracy ◽  
Data Set ◽  
Agent Based ◽  
Multiclass Svm

Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set.

scholarly journals A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT

Electronics ◽  
2020 ◽  
Vol 9 (4) ◽  
pp. 629 ◽  
Author(s):  
Junaid Arshad ◽  
Muhammad Ajmal Azad ◽  
Roohi Amad ◽  
Khaled Salah ◽  
Mamoun Alazab ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Resource Constraints ◽  
Extensive Study ◽  
Intrusion Detection Systems ◽  
Detection Accuracy ◽  
Trade Off ◽  
Detection Systems ◽  
Computational Overhead ◽  
Significant Research ◽  
And Performance

Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety of security threats for such systems. However, due to unique characteristics of such systems i.e., battery power, bandwidth and processor overheads and network dynamics, intrusion detection for IoT is a challenge, which requires taking into account the trade-off between detection accuracy and performance overheads. In this context, we are focused at highlighting this trade-off and its significance to achieve effective intrusion detection for IoT. Specifically, this paper presents a comprehensive study of existing intrusion detection systems for IoT systems in three aspects: computational overhead, energy consumption and privacy implications. Through extensive study of existing intrusion detection approaches, we have identified open challenges to achieve effective intrusion detection for IoT infrastructures. These include resource constraints, attack complexity, experimentation rigor and unavailability of relevant security data. Further, this paper is envisaged to highlight contributions and limitations of the state-of-the-art within intrusion detection for IoT, and aid the research community to advance it by identifying significant research directions.

Sign in / Sign up

Export Citation Format

Share Document