Flow-based anomaly intrusion detection system using two neural network stages

Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability of false alarms.

Download Full-text

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

Download Full-text

Approaches for improving the performance of snort Intrusion Detection Systems

International Journal of Computer Science and Informatics ◽

10.47893/ijcsi.2012.1073 ◽

2012 ◽

pp. 102-105

Author(s):

V.P. Kshirsagar ◽

S.S. Vishnu ◽

S.M. Tidke

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

High Speed ◽

Detection System ◽

Intrusion Detection Systems ◽

Dynamic Adjustment ◽

Rule Based ◽

Matching Algorithm ◽

Detection Systems ◽

Rule Based System

The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as intrusion detection systems (IDS).In this paper the architecture of the snort which is an open source Intrusion detection system is explained. It is a rule based system hence the structure of the rule is also explained. But to match with the high speed of network traffic the performance of the SNORT need to be improved hence the various methods has been developed three of them are reviewed here which are Rules Matching Algorithm Based on Dynamic Adjustment, NAPI and LASSP.

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

NETWORK TRAFFIC ANOMALIES DETECTION USING AN ENSEMBLE OF CLASSIFIERS

Vestnik komp iuternykh i informatsionnykh tekhnologii ◽

10.14489/vkit.2020.10.pp.038-046 ◽

2020 ◽

pp. 38-46

Author(s):

S. A. Sakulin ◽

A. N. Alfimtsev ◽

K. N. Kvitchenko ◽

L. Ya. Dobkach ◽

Yu. A. Kalgin

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Hybrid Approach ◽

Stochastic Gradient Descent ◽

Type I ◽

Network Attacks ◽

Detection Systems ◽

Accuracy Increase

Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.

Download Full-text

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Journal of Electrical and Computer Engineering ◽

10.1155/2017/1794849 ◽

2017 ◽

Vol 2017 ◽

pp. 1-6 ◽

Cited By ~ 5

Author(s):

Uma R. Salunkhe ◽

Suresh N. Mali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Detection System ◽

Hybrid Approach ◽

Classifier Ensemble ◽

Intrusion Detection Systems ◽

Detection Rates ◽

Detection Systems

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Download Full-text

IDS-attention: an efficient algorithm for intrusion detection systems using attention mechanism

Journal Of Big Data ◽

10.1186/s40537-021-00544-5 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

FatimaEzzahra Laghrissi ◽

Samira Douzi ◽

Khadija Douzi ◽

Badr Hssina

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Short Term Memory ◽

Detection System ◽

False Negative ◽

False Negative Rate ◽

Attention Mechanism ◽

Intrusion Detection Systems ◽

Network Attacks ◽

Detection Systems

AbstractNetwork attacks are illegal activities on digital resources within an organizational network with the express intention of compromising systems. A cyber attack can be directed by individuals, communities, states or even from an anonymous source. Hackers commonly conduct network attacks to alter, damage, or steal private data. Intrusion detection systems (IDS) are the best and most effective techniques when it comes to tackle these threats. An IDS is a software application or hardware device that monitors traffic to search for malevolent activity or policy breaches. Moreover, IDSs are designed to be deployed in different environments, and they can either be host-based or network-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system is located on the network. IDSs based on deep learning have been used in the past few years and proved their effectiveness. However, these approaches produce a big false negative rate, which impacts the performance and potency of network security. In this paper, a detection model based on long short-term memory (LSTM) and Attention mechanism is proposed. Furthermore, we used four reduction algorithms, namely: Chi-Square, UMAP, Principal Components Analysis (PCA), and Mutual information. In addition, we evaluated the proposed approaches on the NSL-KDD dataset. The experimental results demonstrate that using Attention with all features and using PCA with 03 components had the best performance, reaching an accuracy of 99.09% and 98.49% for binary and multiclass classification, respectively.

Download Full-text

Intrusion Detection Systems Alerts Reduction

Security and Privacy Management, Techniques, and Protocols - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5583-4.ch010 ◽

2018 ◽

pp. 255-275 ◽

Cited By ~ 1

Author(s):

Aymen Akremi ◽

Hassen Sallay ◽

Mohsen Rouached

Keyword(s):

Intrusion Detection ◽

High Speed ◽

Detection System ◽

Search Space ◽

Relevant Information ◽

Intrusion Detection Systems ◽

Detection Accuracy ◽

Detection Systems ◽

Rules Set ◽

Intrusion Alerts

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Download Full-text

A Hybrid Classification Technique for Enhancing the Effectiveness of Intrusion Detection Systems Using Machine Learning

International Journal of Organizational and Collective Intelligence ◽

10.4018/ijoci.2022010102 ◽

2022 ◽

Vol 12 (1) ◽

pp. 1-18

Author(s):

Kapil Kumar ◽

Arvind Kumar ◽

Vimal Kumar ◽

Sunil Kumar

Keyword(s):

Intrusion Detection ◽

Autocorrelation Function ◽

Intrusion Detection System ◽

Detection System ◽

Optimal Number ◽

Intrusion Detection Systems ◽

Series Data ◽

Detection Systems ◽

Hybrid Classification ◽

Clustering Approach

The objective of this paper is to propose and develop a hybrid intrusion detection system to handle series and non-series data by applying the two different concepts that are named clustering and autocorrelation function in a single architecture. There is a need to propose and build a system that can handle both types of data whether it is series or non-series. Therefore, the authors used two concepts to generate a robust approach to craft a hybrid intrusion detection system. The authors utilize an unsupervised clustering approach that is used to categorize the data based on domain similarity to handle non-series data and another approach is based on autocorrelation function to handle series data. The approach is consumed in single architecture where it carries data as input from both host-based intrusion detection systems and network-based intrusion detection systems. The result shows that the hybrid intrusion detection system is categorizing data based on the optimal number of clusters obtained through the elbow method in clustering.

Download Full-text

Applications and Installation Skills of Current Intrusion Detection Systems

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.482-484.741 ◽

2012 ◽

Vol 482-484 ◽

pp. 741-744 ◽

Cited By ~ 2

Author(s):

Ju Qing Yang ◽

Jiao Yue Liu

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Infrared Sensors ◽

Ultrasonic Sensors ◽

Detection Systems ◽

Microwave Sensors

The compositions, principles and features of infrared sensors, ultrasonic sensors, microwave sensors and combined sensors in intrusion detection system are discussed in this paper, then the applications and installation skills of several common intrusion detection system are introduced.

Download Full-text

Analysis of Intrusion Detection System

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.460-461.451 ◽

2011 ◽

Vol 460-461 ◽

pp. 451-454

Author(s):

Yue Sheng Gu ◽

Hong Yu Feng ◽

Jian Ping Wang

Keyword(s):

Information Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Future Research ◽

Detection Model ◽

Detection Systems ◽

Detection Technology ◽

Technology Concepts

Intrusion detection system is an important device of information security. This article describes intrusion detection technology concepts, classifications and universal intrusion detection model, and analysis of the intrusion detection systems weaknesses and limitations. Finally, some directions for future research are addressed.

Download Full-text