Effect of Mutation and Crossover Probabilities on Genetic  Algorithm and Signature Based Intrusion Detection System

Conventional methods of intrusion prevention like firewalls, cryptography techniques or access management schemes, have not provided complete protection to computer systems and networks from refined malwares and attacks. Intrusion Detection Systems (IDS) are giving the right solution to the current issues and became an important part of any security management system to detect these threats and will not generate widespread harm. The basic goal of IDS is to detect attacks and their nature that may harm the computer system. Several different approaches for intrusion detection have been reported in the literature. The signature based concept using genetic algorithm as features selection and, J48 as classifier to detect attack is proposed in this paper. The system was evaluated on KDD Cup 99, NSL-KDD and Kyoto 2006+ datasets.

Download Full-text

Intrusion Detection System using Genetic Algorithm and Data Mining: An Overview

International Journal of Computer Science and Informatics ◽

10.47893/ijcsi.2012.1076 ◽

2012 ◽

pp. 118-122

Author(s):

V.P. Kshirsagar ◽

Sonali M. Tidke ◽

S.S. Vishnu

Keyword(s):

Data Mining ◽

Genetic Algorithm ◽

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Maintenance Cost ◽

Detection Systems ◽

Detection Technology

Network security is of primary concerned now days for large organizations. Various types of Intrusion Detection Systems (IDS) are available in the market like Host based, Network based or Hybrid depending upon the detection technology used by them. Modern IDS have complex requirements. With data integrity, confidentiality and availability, they must be reliable, easy to manage and with low maintenance cost. Various modifications are being applied to IDS regularly to detect new attacks and handle them. In this paper, we are focusing on genetic algorithm (GA) and data mining based Intrusion Detection System.

Download Full-text

Network intrusion detection system by using genetic algorithm

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v16.i3.pp1593-1599 ◽

2019 ◽

Vol 16 (3) ◽

pp. 1593

Author(s):

Hamizan Suhaimi ◽

Saiful Izwan Suliman ◽

Ismail Musirin ◽

Afdallyna Fathiyah Harun ◽

Roslina Mohamad

Keyword(s):

Genetic Algorithm ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Computer Network ◽

Detection System ◽

Classification Rule ◽

Network Intrusion Detection ◽

Detection Systems ◽

The Past ◽

Network Intrusion

Developing a better intrusion detection systems (IDS) has attracted many researchers in the area of computer network for the past decades. In this paper, Genetic Algorithm (GA) is proposed as a tool that capable to identify harmful type of connections in a computer network. Different features of connection data such as duration and types of connection in network were analyzed to generate a set of classification rule. For this project, standard benchmark dataset known as KDD Cup 99 was investigated and utilized to study the effectiveness of the proposed method on this problem domain. The rules comprise of eight variables that were simulated during the training process to detect any malicious connection that can lead to a network intrusion. With good performance in detecting bad connections, this method can be applied in intrusion detection system to identify attack thus improving the security features of a computer network.

Download Full-text

Intelligent IDS: Venus Fly-trap Optimization with Honeypot Approach for Intrusion Detection and Prevention

10.21203/rs.3.rs-670906/v1 ◽

2021 ◽

Author(s):

Movva Sai Chaithanya ◽

Suresh Nikudiya ◽

Varsha S Basanaik ◽

Damodar Reddy ◽

Hanumanthu Bhukya

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Fitness Function ◽

Original System ◽

Dos Attacks ◽

Intrusion Prevention ◽

Detection Systems ◽

Proposed Model ◽

Probing Attacks

Abstract Intrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder and prevent the intruder to access the original system. It is necessary to build a strong honeypot because if it is compromised, the original system can be easily targeted by the attacker. To overcome such challenges an efficient honeypot is needed that can shut the attacker after extracting his attack technique and tools. In this paper, a Venus fly-trap optimization algorithm has been used for implementing the honeypot system along with Intrusion Detection System. Venus plants are a type of carnivorous plants that catch their prey intelligently. By adopting this feature we make an effective honeypot system that will intelligently interact with the attacker. A new fitness function has been proposed to identify size of the attacker. The effectiveness of the proposed fitness function has been evaluated by comparing it with state of the art. For comparison, remote-to-local attacks, probing attacks and DOS attacks are performed on both proposed and existing models. The proposed model is significant to catch/block all the intruders which were caught by the art and also the proposed model reduces the time of interaction between the attacker and honeypot system thereby giving minimum information to the attacker.

Download Full-text

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

MALAYSIAN JOURNAL OF COMPUTING ◽

10.24191/mjoc.v3i2.3598 ◽

2018 ◽

Vol 3 (2) ◽

pp. 93

Author(s):

Gervais Hatungimana

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Significant Feature ◽

Features Selection ◽

Number Of Clusters ◽

Network Intrusion

Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and 0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

Download Full-text

An Intrusion Detection System for Smart Grid Neighborhood Area Network

10.32920/ryerson.14656977.v1 ◽

2021 ◽

Author(s):

Nasim Beigi Mohammadi

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Intrusion Detection System ◽

Detection System ◽

Area Network ◽

Wormhole Attack ◽

Detection Systems ◽

Wireless Mesh ◽

First Time ◽

Neighborhood Area Network

Smart grid is expected to improve the efficiency, reliability and economics of current energy systems. Using two-way flow of electricity and information, smart grid builds an automated, highly distributed energy delivery network. In this thesis, we present the requirements for intrusion detection systems in smart grid, neighborhood area network (NAN) in particular. We propose an intrusion detection system (IDS) that considers the constraints and requirements of the NAN. It captures the communication and computation overhead constraints as well as the lack of a central point to install the IDS. The IDS is distributed on some nodes which are powerful in terms of memory, computation and the degree of connectivity. Our IDS uses an analytical approach for detecting Wormhole attack. We simulate wireless mesh NANs in OPNET Modeler and for the first time, we integrate our analytical model in Maple from MapleSoft with our OPNET simulation model.

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

A Feature Selection Model for Network Intrusion Detection System Based on PSO, GWO, FFA and GA Algorithms

Symmetry ◽

10.3390/sym12061046 ◽

2020 ◽

Vol 12 (6) ◽

pp. 1046 ◽

Cited By ~ 3

Author(s):

Omar Almomani

Keyword(s):

Genetic Algorithm ◽

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Selection Model ◽

Network Intrusion Detection ◽

Network Intrusion ◽

Proposed Model ◽

Positive Rate

The network intrusion detection system (NIDS) aims to identify virulent action in a network. It aims to do that through investigating the traffic network behavior. The approaches of data mining and machine learning (ML) are extensively used in the NIDS to discover anomalies. Regarding feature selection, it plays a significant role in improving the performance of NIDSs. That is because anomaly detection employs a great number of features that require much time. Therefore, the feature selection approach affects the time needed to investigate the traffic behavior and improve the accuracy level. The researcher of the present study aimed to propose a feature selection model for NIDSs. This model is based on the particle swarm optimization (PSO), grey wolf optimizer (GWO), firefly optimization (FFA) and genetic algorithm (GA). The proposed model aims at improving the performance of NIDSs. The proposed model deploys wrapper-based methods with the GA, PSO, GWO and FFA algorithms for selecting features using Anaconda Python Open Source, and deploys filtering-based methods for the mutual information (MI) of the GA, PSO, GWO and FFA algorithms that produced 13 sets of rules. The features derived from the proposed model are evaluated based on the support vector machine (SVM) and J48 ML classifiers and the UNSW-NB15 dataset. Based on the experiment, Rule 13 (R13) reduces the features into 30 features. Rule 12 (R12) reduces the features into 13 features. Rule 13 and Rule 12 offer the best results in terms of F-measure, accuracy and sensitivity. The genetic algorithm (GA) shows good results in terms of True Positive Rate (TPR) and False Negative Rate (FNR). As for Rules 11, 9 and 8, they show good results in terms of False Positive Rate (FPR), while PSO shows good results in terms of precision and True Negative Rate (TNR). It was found that the intrusion detection system with fewer features will increase accuracy. The proposed feature selection model for NIDS is rule-based pattern recognition to discover computer network attack which is in the scope of Symmetry journal.

Download Full-text