NETWORK TRAFFIC ANOMALIES DETECTION USING AN ENSEMBLE OF CLASSIFIERS

Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.

Download Full-text

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Journal of Electrical and Computer Engineering ◽

10.1155/2017/1794849 ◽

2017 ◽

Vol 2017 ◽

pp. 1-6 ◽

Cited By ~ 5

Author(s):

Uma R. Salunkhe ◽

Suresh N. Mali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Detection System ◽

Hybrid Approach ◽

Classifier Ensemble ◽

Intrusion Detection Systems ◽

Detection Rates ◽

Detection Systems

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Download Full-text

DESIGNING RULES TO IMPLEMENT RECONNAISSANCE AND UNAUTHORIZED ACCESS ATTACKS FOR INTRUSION DETECTION SYSTEM

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.2.2.67 ◽

2019 ◽

Vol 2 (2) ◽

pp. 25-43

Author(s):

Subhi A. Mohammed

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Network Attacks ◽

Unauthorized Access ◽

Large Numbers

Abstract- Network attacks are classified according to their objective into three types: Denial of Services (DOS), reconnaissance and unauthorized access. A base signature Intrusion Detection System (IDS) which gives an alarm when the monitor network traffic meets a previously specified set of criteria of attack traffic. This paper will focus on design, compose, and process IDS rules, and then to decide whether that packet is intrusive or not, by examining the signatures of the attacks in both incoming packets headers and payload to networks. Packet sniffer is performs capturing, decoding and reassembling of the network packet traffic, then passes it to the programmed rules. Linux backtrack tools was used to implement an IDS scenario for two types of attacks (Reconnaissance and Unauthorized access). The results show that IDS rules are able to detect large numbers of various attacks.

Download Full-text

IDS-attention: an efficient algorithm for intrusion detection systems using attention mechanism

Journal Of Big Data ◽

10.1186/s40537-021-00544-5 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

FatimaEzzahra Laghrissi ◽

Samira Douzi ◽

Khadija Douzi ◽

Badr Hssina

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Short Term Memory ◽

Detection System ◽

False Negative ◽

False Negative Rate ◽

Attention Mechanism ◽

Intrusion Detection Systems ◽

Network Attacks ◽

Detection Systems

AbstractNetwork attacks are illegal activities on digital resources within an organizational network with the express intention of compromising systems. A cyber attack can be directed by individuals, communities, states or even from an anonymous source. Hackers commonly conduct network attacks to alter, damage, or steal private data. Intrusion detection systems (IDS) are the best and most effective techniques when it comes to tackle these threats. An IDS is a software application or hardware device that monitors traffic to search for malevolent activity or policy breaches. Moreover, IDSs are designed to be deployed in different environments, and they can either be host-based or network-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system is located on the network. IDSs based on deep learning have been used in the past few years and proved their effectiveness. However, these approaches produce a big false negative rate, which impacts the performance and potency of network security. In this paper, a detection model based on long short-term memory (LSTM) and Attention mechanism is proposed. Furthermore, we used four reduction algorithms, namely: Chi-Square, UMAP, Principal Components Analysis (PCA), and Mutual information. In addition, we evaluated the proposed approaches on the NSL-KDD dataset. The experimental results demonstrate that using Attention with all features and using PCA with 03 components had the best performance, reaching an accuracy of 99.09% and 98.49% for binary and multiclass classification, respectively.

Download Full-text

Flow-based anomaly intrusion detection system using two neural network stages

Computer Science and Information Systems ◽

10.2298/csis130415035a ◽

2014 ◽

Vol 11 (2) ◽

pp. 601-622 ◽

Cited By ~ 15

Author(s):

Yousef Abuadlla ◽

Goran Kvascev ◽

Slavko Gajin ◽

Zoran Jovanovic

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

High Speed ◽

Detection System ◽

Intrusion Detection Systems ◽

Computational Time ◽

False Alarms ◽

Detection Systems

Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability of false alarms.

Download Full-text

PAIRWISE CLUSTERS OPTIMIZATION AND CLUSTER MOST SIGNIFICANT FEATURE METHODS FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM (POC2MSF)

MALAYSIAN JOURNAL OF COMPUTING ◽

10.24191/mjoc.v3i2.3598 ◽

2018 ◽

Vol 3 (2) ◽

pp. 93

Author(s):

Gervais Hatungimana

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Significant Feature ◽

Features Selection ◽

Number Of Clusters ◽

Network Intrusion

Anomaly-based Intrusion Detection System (IDS) uses known baseline to detect patterns which have deviated from normal behavior. If the baseline is faulty, the IDS performance degrades. Most of researches in IDS which use k-centroids-based clustering methods like K-means, K-medoids, Fuzzy, Hierarchical and agglomerative algorithms to baseline network traffic suffer from high false positive rate compared to signature-based IDS, simply because the nature of these algorithms risk to force some network traffic into wrong profiles depending on K number of clusters needed. In this paper we propose alternate method which instead of defining K number of clusters, defines t distance threshold. The unrecognizable IDS; IDS which is neither HIDS nor NIDS is the consequence of using statistical methods for features selection. The speed, memory and accuracy of IDS are affected by inappropriate features reduction method or ignorance of irrelevant features. In this paper we use two-step features selection and Quality Threshold with Optimization methods to design anomaly-based HIDS and NIDS separately. The performance of our system is 0% ,99.9974%, 1,1 false positive rates, accuracy , precision and recall respectively for NIDS and 0%,99.61%, 0.991,0.978 false positive rates, accuracy, precision and recall respectively for HIDS.

Download Full-text

Intrusion detection system: Hybrid approach based mobile agent

International Conference on Education and e-Learning Innovations ◽

10.1109/iceeli.2012.6360647 ◽

2012 ◽

Cited By ~ 3

Author(s):

Boukhlouf Djemaa ◽

Kazar Okba

Keyword(s):

Intrusion Detection ◽

Mobile Agent ◽

Intrusion Detection System ◽

Detection System ◽

Hybrid Approach

Download Full-text

An Intrusion Detection System for Smart Grid Neighborhood Area Network

10.32920/ryerson.14656977.v1 ◽

2021 ◽

Author(s):

Nasim Beigi Mohammadi

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Intrusion Detection System ◽

Detection System ◽

Area Network ◽

Wormhole Attack ◽

Detection Systems ◽

Wireless Mesh ◽

First Time ◽

Neighborhood Area Network

Smart grid is expected to improve the efficiency, reliability and economics of current energy systems. Using two-way flow of electricity and information, smart grid builds an automated, highly distributed energy delivery network. In this thesis, we present the requirements for intrusion detection systems in smart grid, neighborhood area network (NAN) in particular. We propose an intrusion detection system (IDS) that considers the constraints and requirements of the NAN. It captures the communication and computation overhead constraints as well as the lack of a central point to install the IDS. The IDS is distributed on some nodes which are powerful in terms of memory, computation and the degree of connectivity. Our IDS uses an analytical approach for detecting Wormhole attack. We simulate wireless mesh NANs in OPNET Modeler and for the first time, we integrate our analytical model in Maple from MapleSoft with our OPNET simulation model.

Download Full-text

Comparison of Intrusion Detection System Hybrid Approach in Computer Networks with Previous Methods

International Journal of Engineering and Technology ◽

10.21817/ijet/2019/v11i3/191103033 ◽

2019 ◽

Vol 11 (3) ◽

pp. 464-475

Author(s):

Mehdi Khodamoradi

Keyword(s):

Intrusion Detection ◽

Computer Networks ◽

Intrusion Detection System ◽

Detection System ◽

Hybrid Approach

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

Intrusion Dataset Over Network Traffic of SDN and TCP/IP Network

International Journal of Advanced Research in Science, Communication and Technology ◽

10.48175/ijarsct-1459 ◽

2021 ◽

pp. 694-701

Author(s):

Karan Shingare ◽

Rohit Nandurkar ◽

Prashant Shrivastav ◽

Shailesh Bendale

Keyword(s):

Intrusion Detection ◽

Network Topology ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Host System ◽

Ip Network ◽

The World

As the world is moving toward newer technologies and to meet the requirements of the same adapting toward different network topology. SDN is such example of a network which solves many issues or limitations of a traditional TCP/IP network. As majority of workspace is moving towards SDN, many new vulnerabilities are also emerging, and to protect the network and systems on these networks, in this paper we discuss and propose a dataset which would be helpful in training an intrusion detection system over SDN which would also include the intrusion dataset for traditional TCP/IP network too. We generate this data over SDN topology by attacking the host system present in the network, then analyse the generated data using CICFlowmeter which would give us the desired dataset for intrusion detection.

Download Full-text