scholarly journals Soft-computing-based false alarm reduction for hierarchical data of intrusion detection system

2019 ◽  
Vol 15 (10) ◽  
pp. 155014771988313 ◽  
Author(s):  
Parminder Singh ◽  
Sujatha Krishnamoorthy ◽  
Anand Nayyar ◽  
Ashish Kr Luhach ◽  
Avinash Kaur
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Soft Computing ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
Real Life ◽  
Hierarchical Data ◽  
Data Set

A false alarm rate of online anomaly-based intrusion detection system is a crucial concern. It is challenging to implement in the real-world scenarios when these anomalies occur sporadically. The existing intrusion detection system has been developed to limit or decrease the false alarm rate. However, the state-of-the-art approaches are attack or algorithm specific, which is not generic. In this article, a soft-computing-based approach has been designed to reduce the false-positive rate for hierarchical data of anomaly-based intrusion detection system. The recurrent neural network model is applied to classify the data set of intrusion detection system and normal instances for various subclasses. The designed approach is more practical, reason being, it does not require any assumption or knowledge of the data set structure. Experimental evaluation is conducted on various attacks on KDDCup’99 and NSL-KDD data sets. The proposed method enhances the intrusion detection systems that can work with data with dependent and independent features. Furthermore, this approach is also beneficial for real-life scenarios with a low occurrence of attacks.

scholarly journals A determinant fuzzy apparoach for intrusion detection system

2018 ◽  
Vol 7 (1.9) ◽  
pp. 245
Author(s):  
S. Vimala ◽  
V. Khanna ◽  
C. Nalini
Keyword(s):  
Data Collection ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Great Degree ◽  
Intrusion Detection System ◽  
Detection System ◽  
Information Mining ◽  
The Past ◽  
Recognition Systems

In MANETs, versatile hubs can impart transparently to each other without the need of predefined framework. Interruption location framework is a fundamental bit of security for MANETs. It is uncommonly convincing for identifying the Intrusions and for the most part used to supplement for other security segment. That is the reason Intrusion discovery framework (IDS) is known as the second mass of assurance for any survivable framework security. The proposed fluffy based IDSs for recognition of Intrusions in MANETs are not prepared to adjust up all sort of assaults. We have examined that all proposed fluffy based IDSs are seen as to a great degree obliged segments or qualities for data collection which is specific for a particular assault. So that these IDSs are simply recognize the particular assault in MANETs. The fluffy motor may perceive blockage from channel mistake conditions, and along these lines helps the TCP blunder discovery. Examination has been made on the issues for upgrading the steady quality and precision of the decisions in MANET. This approach offers a strategy for joining remote units' estimation comes to fruition with alliance information open or priori decided at conglomerating hubs. In our investigation work, the best need was to reduce the measure of information required for getting ready and the false alarm rate. We are chiefly endeavoring to improve the execution of a present framework rather than endeavoring to supplant current Intrusion recognition systems with an information mining approach. While current mark based Intrusion identification procedures have imperatives as communicated in the past region, they do even now give basic organizations and this normal us to choose how information mining could be used as a piece of a correlative way to deal with existing measures and improves it.

scholarly journals Reducing the False Alarm Rate in Intrusion Detection System by Providing Authentication and Improving the Efficiency of Intrusion Detection System by using Filtered Clusterer Algorithm using Weka Tool

2021 ◽  
Vol 10 (4) ◽  
pp. 134-142
Author(s):  
Pratik Jain ◽  
Ravikant Kholwal ◽  
Tavneet Singh Khurana,
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positives ◽  
Cyber Safety ◽  
Authentication System ◽  
Similar Issue

An IDS supervises network traffic by searching for skeptical activities and previously determined threats and sends alerts when detected. In the current times, the splendors of Intrusion detection still prevail censorial in cyber safety, but maybe not as a lasting resolution. To study a plant, one must start with roots, so Cambridge dictionary defines an intrusion as "an occasion when someone goes into an area or situation where they're not wanted or expected to be". For understanding the article, we will characterize interruption as any network movement or unapproved framework identified with one or more PCs or networks. This is an interpretation of permissible use of a system attempting to strengthen his advantages to acquire more noteworthy access to the framework that he is at present endowed, or a similar client attempting to associate with an unapproved far-off port of a server. These are the interruptions which will cause from the surface world, a bothered ex-representative who was terminated recently, or from your reliable staff. In this proviso, the fair information is found as an attack when the case is a false positive. Here they are zeroing in on this issue with a representation and offering one answer for a similar issue. The KDD CUP 1999 informational index is utilized. Here we dropped the number of counts and considered the OTP authentication system. In the result of this test, it may be very well seen that on the off chance that a class has a higher number of checks, at that point this class is believed to be an anomaly class. In any case, it will be considered an oddity if the genuine individual is passing the edge esteem is considered an intruder. One arrangement is proposed to distinguish the genuine individual and to eliminate false positives.

Network Intrusion Detection System Using C4.5 Algorithm

2017 ◽  
Vol 10 ◽  
pp. 15
Author(s):  
Saurabh Fegade ◽  
Amey Bhadkamka ◽  
Kamlesh Karekar ◽  
Jaikishan Jeshnani ◽  
Vinayak Kachare
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
Network Intrusion ◽  
C4.5 Algorithm ◽  
Source Of Information

There is a great concern about the security of computer these days. The number of attacks has increased in a great number in the last few years, intrusion detection is the main source of information assurance. While firewalls can provide some protection, they fail to provide protection fully and they even need to be complemented with an intrusion detection system (IDS). A newer approach for Intrusion detection is data mining techniques.IDS system can be developed using individual algorithms like neural networks, clustering, classification, etc. The result of these systems is good detection rate and low false alarm rate. According to a recent study, cascading of multiple algorithms gives a way better performance than single algorithm. Single algorithm systems have a high alarm rate. Therefore, to solve this problem, a combination of different algorithms are required. In this research paper, we use the hybrid algorithm for developing the intrusion detection system. C4.5 Support Vector Machine (SVM) and Decision Tree combined to achieve high accuracy and diminish the false alarm rate. Intrusions can be classified into types like Normal, DOS, R2L and U2R.Intrusion detection with Decision trees and SVM were tested with benchmark standard NSL- KDD, which is the extended version of  KDD Cup 1999 for intrusion detection (ID).

A new hierarchical intrusion detection system based on a binary tree of classifiers

2015 ◽  
Vol 23 (1) ◽  
pp. 31-57 ◽  
Author(s):  
Ahmed Ahmim ◽  
Nacira Ghoualmi Zine
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Binary Tree ◽  
Detection Rate ◽  
Detection System ◽  
Data Set ◽  
Content Type ◽  
Network Connections ◽  
Different Types

Purpose – The purpose of this paper is to build a new hierarchical intrusion detection system (IDS) based on a binary tree of different types of classifiers. The proposed IDS model must possess the following characteristics: combine a high detection rate and a low false alarm rate, and classify any connection in a specific category of network connection. Design/methodology/approach – To build the binary tree, the authors cluster the different categories of network connections hierarchically based on the proportion of false-positives and false-negatives generated between each of the two categories. The built model is a binary tree with multi-levels. At first, the authors use the best classifier in the classification of the network connections in category A and category G2 that clusters the rest of the categories. Then, in the second level, they use the best classifier in the classification of G2 network connections in category B and category G3 that represents the different categories clustered in G2 without category B. This process is repeated until the last two categories of network connections. Note that one of these categories represents the normal connection, and the rest represent the different types of abnormal connections. Findings – The experimentation on the labeled data set for flow-based intrusion detection, NSL-KDD and KDD’99 shows the high performance of the authors' model compared to the results obtained by some well-known classifiers and recent IDS models. The experiments’ results show that the authors' model gives a low false alarm rate and the highest detection rate. Moreover, the model is more accurate than some well-known classifiers like SVM, C4.5 decision tree, MLP neural network and naïve Bayes with accuracy equal to 83.26 per cent on NSL-KDD and equal to 99.92 per cent on the labeled data set for flow-based intrusion detection. As well, it is more accurate than the best of related works and recent IDS models with accuracy equal to 95.72 per cent on KDD’99. Originality/value – This paper proposes a novel hierarchical IDS based on a binary tree of classifiers, where different types of classifiers are used to create a high-performance model. Therefore, it confirms the capacity of the hierarchical model to combine a high detection rate and a low false alarm rate.

Proposed Hybrid Classifier to Improve Network Intrusion Detection System using Data Mining Techniques

2020 ◽  
Vol 38 (1B) ◽  
pp. 6-14
Author(s):  
ٍٍSarah M. Shareef ◽  
Soukaena H. Hashim
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
Intrusion Detection System ◽  
Detection System ◽  
Multinomial Logistic Regression ◽  
Network Intrusion Detection ◽  
Limiting Factor ◽  
Network Intrusion ◽  
Network Intrusion Detection System ◽  
Normal Behavior

Network intrusion detection system (NIDS) is a software system which plays an important role to protect network system and can be used to monitor network activities to detect different kinds of attacks from normal behavior in network traffics. A false alarm is one of the most identified problems in relation to the intrusion detection system which can be a limiting factor for the performance and accuracy of the intrusion detection system. The proposed system involves mining techniques at two sequential levels, which are: at the first level Naïve Bayes algorithm is used to detect abnormal activity from normal behavior. The second level is the multinomial logistic regression algorithm of which is used to classify abnormal activity into main four attack types in addition to a normal class. To evaluate the proposed system, the KDDCUP99 dataset of the intrusion detection system was used and K-fold cross-validation was performed. The experimental results show that the performance of the proposed system is improved with less false alarm rate.

Sign in / Sign up

Export Citation Format

Share Document