Denial-of-Service Attack Detection over IPv6 Network Based on KNN Algorithm

With the rapid increase and complexity of IPv6 network traffic, the traditional intrusion detection system Snort detects DoS attacks based on specific rules, which reduces the detection performance of IDS. To solve the DoS intrusion detection problem in the IPv6 network environment, the lightweight KNN optimization algorithm in machine learning is adopted. First, the double dimensionality reduction of features is achieved through the information gain rate, and discrete features with more subfeatures are selected and aggregated to further dimensionality reduction and feature dimension of the actual operation. Secondly, the information gain rate is used as the weight to optimize the sample Euclidean distance measurement. Based on the proposed measure of the reverse distance influence, the classification decision algorithm of the KNN algorithm is optimized to make the detection technology better. The effect is further improved. The experimental results show that the traditional TAD-KNN algorithm based on average distance and the GR-KNN algorithm that only optimizes the distance definition, the GR-AD-KNN algorithm can not only improve the overall detection performance in the detection of IPv6 network traffic characteristics but also for small groups of samples. As a result, classification has better detection results.

Download Full-text

An Improved Anomalous Intrusion Detection Model

FUOYE Journal of Engineering and Technology ◽

10.46792/fuoyejet.v4i2.418 ◽

2019 ◽

Vol 4 (2) ◽

Author(s):

Bodunde O Akinyemi ◽

Johnson B Adekunle ◽

Temitope A Aladesanmi ◽

Adesola G Aderounmu ◽

Beman H Kamagate

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Clustering Algorithm ◽

Information Gain ◽

Attack Detection ◽

Detection Accuracy ◽

Cyber Attack ◽

Network Resources ◽

Detection Model ◽

Normal Network

The volume of cyber-attack targeting network resources within the cyberspace is steadily increasing and evolving. Network intrusions compromise the confidentiality, integrity or availability of network resources causing reputational damage and the consequential financial loss. One of the key cyber-defense tools against these attacks is the Intrusion Detection System. Existing anomalous intrusion detection models often misclassified normal network traffics as attacks while minority attacks go undetected due to an extreme imbalance in network traffic data. This leads to a high false positive and low detection rate. This study focused on improving the detection accuracy by addressing the class imbalanced problem which is often associated with network traffic dataset. Live network traffic packets were collected within the test case environment with Wireshark during normal network activities, Syncflood attack, slowhttppost attack and exploitation of known vulnerabilities on a targeted machine. Fifty-two features including forty-two features similar to Knowledge Discovery in Database (KDD ’99) intrusion detection dataset were extracted from the packet meta-data using Spleen tool. The features were normalized with min-max normalization algorithm and Information Gain algorithm was used to select the best discriminatory features from the feature space. An anomalous intrusion detection model was formulated by a cascade of k-means clustering algorithm and random-forest classifier. The proposed model was simulated and its performance was evaluated using detection accuracy, sensitivity, and specificity as metrics. The result of the evaluation showed 10% higher detection accuracy, 29% sensitivity, and 0.2% specificity than the existing model. Keywords— anomalous, cyber-attack, Detection, Intrusion

Download Full-text

LA-GRU: Building Combined Intrusion Detection Model Based on Imbalanced Learning and Gated Recurrent Unit Neural Network

Security and Communication Networks ◽

10.1155/2018/6026878 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13 ◽

Cited By ~ 4

Author(s):

Binghao Yan ◽

Guodong Han

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Network Traffic ◽

Detection Performance ◽

Imbalanced Learning ◽

Traffic Distribution ◽

Proposed Model ◽

Gated Recurrent Unit

The intrusion detection models (IDMs) based on machine learning play a vital role in the security protection of the network environment, and, by learning the characteristics of the network traffic, these IDMs can divide the network traffic into normal behavior or attack behavior automatically. However, existing IDMs cannot solve the imbalance of traffic distribution, while ignoring the temporal relationship within traffic, which result in the reduction of the detection performance of the IDM and increase the false alarm rate, especially for low-frequency attacks. So, in this paper, we propose a new combined IDM called LA-GRU based on a novel imbalanced learning method and gated recurrent unit (GRU) neural network. In the proposed model, a modified local adaptive synthetic minority oversampling technique (LA-SMOTE) algorithm is provided to handle imbalanced traffic, and then the GRU neural network based on deep learning theory is used to implement the anomaly detection of traffic. The experimental results evaluated on the NSL-KDD dataset confirm that, compared with the existing state-of-the-art IDMs, the proposed model not only obtains excellent overall detection performance with a low false alarm rate but also more effectively solves the learning problem of imbalanced traffic distribution.

Download Full-text

Extracting salient features for network intrusion detection using machine learning methods

South African Computer Journal ◽

10.18489/sacj.v52i0.200 ◽

2014 ◽

Vol 52 ◽

Cited By ~ 13

Author(s):

Ralf C. Staudemeyer ◽

Christian W. Omlin

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Information Gain ◽

Selection Process ◽

Denial Of Service ◽

Reduction Process ◽

Feature Reduction ◽

General Nature ◽

Network Intrusion ◽

Salient Features

This work presents a data preprocessing and feature selection framework to support data mining and network security experts in minimal feature set selection of intrusion detection data. This process is supported by detailed visualisation and examination of class distributions. Distribution histograms, scatter plots and information gain are presented as supportive feature reduction tools. The feature reduction process applied is based on decision tree pruning and backward elimination. This paper starts with an analysis of the KDD Cup '99 datasets and their potential for feature reduction. The dataset consists of connection records with 41 features whose relevance for intrusion detection are not clear. All traffic is either classified `normal' or into the four attack types denial-of-service, network probe, remote-to-local or user-to-root. Using our custom feature selection process, we show how we can significantly reduce the number features in the dataset to a few salient features. We conclude by presenting minimal sets with 4--8 salient features for two-class and multi-class categorisation for detecting intrusions, as well as for the detection of individual attack classes; the performance using a static classifier compares favourably to the performance using all features available. The suggested process is of general nature and can be applied to any similar dataset.

Download Full-text

Application of Deep Learning Technique in an Intrusion Detection System

International Journal of Computational Intelligence and Applications ◽

10.1142/s1469026820500169 ◽

2020 ◽

Vol 19 (02) ◽

pp. 2050016

Author(s):

Shideh Saraeian ◽

Mahya Mohammadi Golchi

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Visual Analysis ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Hybrid Network ◽

Machine Learning Techniques ◽

Learning Technique

Comprehensive development of computer networks causes the increment of Distributed Denial of Service (DDoS) attacks. These types of attacks can easily restrict communication and computing. Among all the previous researches, the accuracy of the attack detection has not been properly addressed. In this study, deep learning technique is used in a hybrid network-based Intrusion Detection System (IDS) to detect intrusion on network. The performance of the proposed technique is evaluated on the NSL-KDD and ISCXIDS 2012 datasets. We performed traffic visual analysis using Wireshark tool and did some experimentations to prove the superiority of the proposed method. The results have shown that our proposed method achieved higher accuracy in comparison with other useful machine learning techniques.

Download Full-text

The effect of probe interval estimation on attack detection performance of a WLAN independent intrusion detection system

IET International Conference on Wireless Communications and Applications (ICWCA 2012) ◽

10.1049/cp.2012.2110 ◽

2012 ◽

Cited By ~ 2

Author(s):

J. Milliken ◽

K.M. Yap ◽

A. Marshall ◽

V. Selis

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Interval Estimation ◽

Detection Performance ◽

Attack Detection

Download Full-text

Deep Learning Based Attack Detection in IIoT using Two-Level Intrusion Detection System

10.21203/rs.3.rs-997888/v1 ◽

2021 ◽

Author(s):

Kathiroli Raja ◽

Krithika Karthikeyan ◽

Abilash B ◽

Kapal Dev ◽

Gunasekaran Raja

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Production Management ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Sensitive Information ◽

Smart Meters ◽

Network Intrusion

Abstract The Industrial Internet of Things (IIoT), also known as Industry 4.0, has brought a revolution in the production and manufacturing sectors as it assists in the automation of production management and reduces the manual effort needed in auditing and managing the pieces of machinery. IoT-enabled industries, in general, use sensors, smart meters, and actuators. Most of the time, the data held by these devices is surpassingly sensitive and private. This information might be modified, 1 stolen, or even the devices may be subjected to a Denial of Service (DoS) attack. As a consequence, the product quality may deteriorate or sensitive information may be leaked. An Intrusion Detection System (IDS), implemented in the network layer of IIoT, can detect attacks, thereby protecting the data and devices. Despite substantial advancements in attack detection in IIoT, existing works fail to detect certain attacks obfuscated from detectors resulting in a low detection performance. To address the aforementioned issue, we propose a Deep Learning-based Two Level Network Intrusion Detection System (DLTL-NIDS) for IIoT environment, emphasizing challenging attacks. The attacks that attain low accuracy or low precision in level-1 detection are marked as challenging attacks. Experimental results show that the proposed model, when tested against TON IoT, figures out the challenging attacks well and achieves an accuracy of 99.97%, precision of 95.62%, recall of 99.5%, and F1-score of 99.65%. The proposed DL-TLNIDS, when compared with state-of-art models, achieves a decrease in false alarm rate to 2.34% (flagging normal traffic as an attack) in IIoT.

Download Full-text

Anomaly Detection in Distributed Denial of Service Attack using Map Reduce Improvised Counter Based Algorithm in Hadoop

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d8431.118419 ◽

2019 ◽

Vol 8 (4) ◽

pp. 4668-4671

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Map Reduce ◽

Distributed Denial Of Service ◽

Unusual Pattern ◽

Denial Of Service Attack

A Distributed denial of Service attacks(DDoS) is one of the major threats in the cyber network and it attacks the computers flooded with the Users Data Gram packet. These types of attacks causes major problem in the network in the form of crashing the system with large volume of traffic to attack the victim and make the victim idle in which not responding the requests. To detect this DDOS attack traditional intrusion detection system is not suitable to handle huge volume of data. Hadoop is a frame work which handles huge volume of data and is used to process the data to find any malicious activity in the data. In this research paper anomaly detection technique is implemented in Map Reduce Algorithm which detects the unusual pattern of data in the network traffic. To design a proposed model, Map Reduce platform is used to hold the improvised algorithm which detects the (DDoS) attacks by filtering and sorting the network traffic and detects the unusual pattern from the network. Improvised Map reduce algorithm is implemented with Map Reduce functionalities at the stage of verifying the network IPS. This Proposed algorithm focuses on the UDP flooding attack using Anomaly based Intrusion detection system technique which detects kind of pattern and flow of packets in the node is more than the threshold and also identifies the source code causing UDP Flood Attack.

Download Full-text

Design Of Intrusion Detection System For Dos Attack In 6lowpan And RPL Based IoT Network

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.k2288.0981119 ◽

2019 ◽

Vol 8 (11) ◽

pp. 3840-3844

Keyword(s):

Intrusion Detection ◽

Low Power ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Area Network ◽

Dos Attack ◽

Resource Constrained ◽

Ipv6 Protocol

Internet of Things (IoT) is a network spread globally and accommodates maximum things under it. All these things are connected globally using IPv6 protocol which satisfies the need of connecting maximum devices by supporting 2^128 addresses. Because of heavy-weight nature of IPv6 protocol, a compressed version of it known as IPv6 Low Power Personal Area Network (6LoWPAN) protocol is used for a resource-constrained network that communicates over low power and lossy links. In IoT, devices are resource-constrained in terms of low battery power, less processing power, less transceiver power, etc. Also these devices are directly connected to insecure internet hence it is very challenging to maintain security in IoT network. In this paper, we have discussed various attacks on 6LoWPAN and RPL network along with countermeasures to reduce the attacks. DoS attack is one of the severe attacks in IoT which has various patterns of execution. Out of various attacks we have designed Intrusion Detection System (IDS) for Denial of Service (DOS) attack detection using Contiki OS and Cooja simulator.

Download Full-text

Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Security and Communication Networks ◽

10.1155/2019/1574749 ◽

2019 ◽

Vol 2019 ◽

pp. 1-15 ◽

Cited By ~ 6

Author(s):

Francisco Sales de Lima Filho ◽

Frederico A. F. Silveira ◽

Agostinho de Medeiros Brito Junior ◽

Genoveva Vargas-Solar ◽

Luiz F. Silveira

Keyword(s):

Machine Learning ◽

Network Traffic ◽

Service Providers ◽

Detection System ◽

Denial Of Service ◽

Sampling Rate ◽

Attack Detection ◽

Dos Attacks ◽

Internet Service ◽

Benchmark Datasets

Users and Internet service providers (ISPs) are constantly affected by denial-of-service (DoS) attacks. This cyber threat continues to grow even with the development of new protection technologies. Developing mechanisms to detect this threat is a current challenge in network security. This article presents a machine learning- (ML-) based DoS detection system. The proposed approach makes inferences based on signatures previously extracted from samples of network traffic. The experiments were performed using four modern benchmark datasets. The results show an online detection rate (DR) of attacks above 96%, with high precision (PREC) and low false alarm rate (FAR) using a sampling rate (SR) of 20% of network traffic.

Download Full-text

Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

Applied Sciences ◽

10.3390/app11041674 ◽

2021 ◽

Vol 11 (4) ◽

pp. 1674

Author(s):

Nuno Oliveira ◽

Isabel Praça ◽

Eva Maia ◽

Orlando Sousa

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Information And Communication Technologies ◽

Network Traffic ◽

Short Term Memory ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Machine Learning Techniques ◽

Cyber Attack ◽

Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

Download Full-text