Lightweight Denial of Service (DOS) Detection System Algorithm (LIDSA)

Distributed Denial of Service (DDoS) is a predominant threat to the availability of online services due to their size and frequency. However, developing an effective security mechanism to protect a network from this threat is a big challenge because DDoS uses various attack approaches coupled with several possible combinations. Furthermore, most of the existing deep learning- (DL-) based models pose a high processing overhead or may not perform well to detect the recently reported DDoS attacks as these models use outdated datasets for training and evaluation. To address the issues mentioned earlier, we propose CyDDoS, an integrated intrusion detection system (IDS) framework, which combines an ensemble of feature engineering algorithms with the deep neural network. The ensemble feature selection is based on five machine learning classifiers used to identify and extract the most relevant features used by the predictive model. This approach improves the model performance by processing only a subset of relevant features while reducing the computation requirement. We evaluate the model performance based on CICDDoS2019, a modern and realistic dataset consisting of normal and DDoS attack traffic. The evaluation considers different validation metrics such as accuracy, precision, F1-Score, and recall to argue the effectiveness of the proposed framework against state-of-the-art IDSs.

Download Full-text

Intrusion Detection System for AES Encripted Low-Power IoT Networks

10.14210/cotb.v12.p392-399 ◽

2021 ◽

Author(s):

Eduardo De Oliveira Burger Monteiro Luiz ◽

Alessandro Copetti ◽

Luciano Bertini ◽

Juliano Fontoura Kazienko

Keyword(s):

Low Power ◽

Detection System ◽

Denial Of Service ◽

Security Requirements ◽

Power Devices ◽

Dos Attacks ◽

Reflection Attack ◽

Ipv6 Protocol ◽

Iot Devices ◽

High Level

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text

Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

10.21203/rs.3.rs-748765/v1 ◽

2021 ◽

Author(s):

Navroop Kaur ◽

Meenakshi Bansal ◽

Sukhwinder Singh S

Keyword(s):

Feature Selection ◽

Performance Evaluation ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Cyber Attacks ◽

Support Vector ◽

K Nearest Neighbor ◽

Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

Download Full-text

Multi-Aspect DDOS Detection System for Securing Cloud Network

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch096 ◽

2019 ◽

pp. 1952-1983

Author(s):

Pourya Shamsolmoali ◽

Masoumeh Zareapoor ◽

M.Afshar Alam

Keyword(s):

Cloud Computing ◽

Detection System ◽

Denial Of Service ◽

Complex Form ◽

Internet Security ◽

Detection Methods ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Detection ◽

Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

Download Full-text

Visualization Technique for Intrusion Detection

Security and Privacy Management, Techniques, and Protocols - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5583-4.ch011 ◽

2018 ◽

pp. 276-290

Author(s):

Mohamed Cheikh ◽

Salima Hacini ◽

Zizette Boufaida

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Detection System ◽

Denial Of Service ◽

High Rate ◽

False Alarms ◽

Dos Attacks ◽

Network Parameter ◽

A New Technique ◽

Parameter Values

Intrusion detection system (IDS) plays a vital and crucial role in a computer security. However, they suffer from a number of problems such as low detection of DoS (denial-of-service)/DDoS (distributed denial-of-service) attacks with a high rate of false alarms. In this chapter, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets), which are automatically represented by simple geometric graphs in order to highlight relevant elements. Two implementations for this technique are performed. The first is based on the Euclidian distance while the second is based on KNN algorithm. The effectiveness of the proposed technique has been proven through a simulation of network traffic drawn from the 10% KDD and a comparison with other classification techniques for intrusion detection.

Download Full-text

Cloud Security: LKM and Optimal Fuzzy System for Intrusion Detection in Cloud Environment

Journal of Intelligent Systems ◽

10.1515/jisys-2018-0479 ◽

2019 ◽

Vol 29 (1) ◽

pp. 1626-1642 ◽

Cited By ~ 1

Author(s):

S. Immaculate Shyla ◽

S.S. Sujatha

Keyword(s):

Fuzzy Logic ◽

Intrusion Detection ◽

Detection System ◽

Denial Of Service ◽

Cloud Security ◽

Fuzzy Logic System ◽

Suggested Method ◽

Cloud Environment ◽

Financial Loss ◽

Logic System

Abstract In cloud security, intrusion detection system (IDS) is one of the challenging research areas. In a cloud environment, security incidents such as denial of service, scanning, malware code injection, virus, worm, and password cracking are getting usual. These attacks surely affect the company and may develop a financial loss if not distinguished in time. Therefore, securing the cloud from these types of attack is very much needed. To discover the problem, this paper suggests a novel IDS established on a combination of a leader-based k-means clustering (LKM), optimal fuzzy logic system. Here, at first, the input dataset is grouped into clusters with the use of LKM. Then, cluster data are afforded to the fuzzy logic system (FLS). Here, normal and abnormal data are inquired by the FLS, while FLS training is done by the grey wolf optimization algorithm through maximizing the rules. The clouds simulator and NSL-Knowledge Discovery and DataBase (KDD) Cup 99 dataset are applied to inquire about the suggested method. Precision, recall, and F-measure are conceived as evaluation criteria. The obtained results have denoted the superiority of the suggested method in comparison with other methods.

Download Full-text

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Sensors ◽

10.3390/s20185305 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5305

Author(s):

Panagiotis Radoglou Grammatikis ◽

Panagiotis Sarigiannidis ◽

Georgios Efstathopoulos ◽

Emmanouil Panaousis

Keyword(s):

Intrusion Detection ◽

Smart Grid ◽

Intrusion Detection System ◽

Network Flow ◽

Network Flows ◽

Detection System ◽

Random Noise ◽

Denial Of Service ◽

The Third ◽

Operational Data

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Download Full-text

Application of Deep Learning Technique in an Intrusion Detection System

International Journal of Computational Intelligence and Applications ◽

10.1142/s1469026820500169 ◽

2020 ◽

Vol 19 (02) ◽

pp. 2050016

Author(s):

Shideh Saraeian ◽

Mahya Mohammadi Golchi

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Visual Analysis ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Hybrid Network ◽

Machine Learning Techniques ◽

Learning Technique

Comprehensive development of computer networks causes the increment of Distributed Denial of Service (DDoS) attacks. These types of attacks can easily restrict communication and computing. Among all the previous researches, the accuracy of the attack detection has not been properly addressed. In this study, deep learning technique is used in a hybrid network-based Intrusion Detection System (IDS) to detect intrusion on network. The performance of the proposed technique is evaluated on the NSL-KDD and ISCXIDS 2012 datasets. We performed traffic visual analysis using Wireshark tool and did some experimentations to prove the superiority of the proposed method. The results have shown that our proposed method achieved higher accuracy in comparison with other useful machine learning techniques.

Download Full-text

The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽

10.3390/s20092559 ◽

2020 ◽

Vol 20 (9) ◽

pp. 2559 ◽

Cited By ~ 9

Author(s):

Celestine Iwendi ◽

Suleman Khan ◽

Joseph Henry Anajemba ◽

Mohit Mittal ◽

Mamdouh Alenezi ◽

...

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Detection Rate ◽

Detection System ◽

Denial Of Service ◽

Intrusion Detection Systems ◽

Ensemble Models ◽

Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

Download Full-text