scholarly journals Reinforced Intrusion Detection Using Pursuit Reinforcement Competitive Learning

2014 ◽  
Vol 2 (1) ◽  
Author(s):  
Indah Yulia Prafitaning Tiyas ◽  
Ali Ridho Barakbah ◽  
Tri Harsono ◽  
Amang Sudarsono
Keyword(s):  
Reinforcement Learning ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
High Speed ◽  
Detection System ◽  
Competitive Learning ◽  
Classification Model ◽  
Experimental Result ◽  
On Line

Today, information technology is growing rapidly,all information can be obtainedmuch easier. It raises some new problems; one of them is unauthorized access to the system. We need a reliable network security system that is resistant to a variety of attacks against the system. Therefore, Intrusion Detection System (IDS) required to overcome the problems of intrusions. Many researches have been done on intrusion detection using classification methods. Classification methodshave high precision, but it takes efforts to determine an appropriate classification model to the classification problem. In this paper, we propose a new reinforced approach to detect intrusion with On-line Clustering using Reinforcement Learning. Reinforcement Learning is a new paradigm in machine learning which involves interaction with the environment.It works with reward and punishment mechanism to achieve solution. We apply the Reinforcement Learning to the intrusion detection problem with considering competitive learning using Pursuit Reinforcement Competitive Learning (PRCL). Based on the experimental result, PRCL can detect intrusions in real time with high accuracy (99.816% for DoS, 95.015% for Probe, 94.731% for R2L and 99.373% for U2R) and high speed (44 ms).The proposed approach can help network administrators to detect intrusion, so the computer network security systembecome reliable.Keywords: Intrusion Detection System, On-Line Clustering, Reinforcement Learning, Unsupervised Learning.

scholarly journals Botnet Detection Using On-line Clustering with Pursuit Reinforcement Competitive Learning (PRCL)

2018 ◽  
Vol 6 (1) ◽  
pp. 1-21
Author(s):  
Yesta Medya Mahardhika ◽  
Amang Sudarsono ◽  
Ali Ridho Barakbah
Keyword(s):  
Reinforcement Learning ◽  
Personal Information ◽  
Competitive Learning ◽  
Classification Model ◽  
Experimental Result ◽  
Classification Methods ◽  
New Paradigm ◽  
Botnet Detection ◽  
Online Clustering ◽  
On Line

Botnet is a malicious software that often occurs at this time, and can perform malicious activities, such as DDoS, spamming, phishing, keylogging, clickfraud, steal personal information and important data. Botnets can replicate themselves without user consent. Several systems of botnet detection has been done by using classification methods. Classification methods have high precision, but it needs more effort to determine appropiate classification model. In this paper, we propose reinforced  approach to detect botnet with On-line Clustering using Reinforcement Learning. Reinforcement Learning involving interaction with the environment and became new paradigm in machine learning. The reinforcement learning will be implemented with some rule detection, because botnet ISCX dataset is categorized as unbalanced dataset which have high range of each number of class. Therefore we implemented Reinforcement Learning to Detect Botnet using Pursuit Reinforcement Competitive Learning (PRCL) with additional rule detection which has reward and punisment rules to achieve the solution. Based on the experimental result, PRCL can detect botnet in real time with high  accuracy (100% for Neris, 99.9% for Rbot, 78% for SMTP_Spam, 80.9% for Nsis, 80.7% for Virut, and 96.0% for Zeus) and fast processing time up to 176 ms. Meanwhile the step of CPU and memory usage which are 78 % and 4.3 GB  for pre-processing, 34% and 3.18 GB for online clustering with PRCL, and  23% and 3.11 GB evaluation. The proposed method is one solution for network administrators to detect botnet which has unpredictable behavior in network traffic.

Study of High-Speed Processing for Network Intrusion Detection System

2010 ◽  
Vol 129-131 ◽  
pp. 1410-1414
Author(s):  
Hui Liu
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
High Speed ◽  
Detection Efficiency ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Rule Base ◽  
Heuristic Function ◽  
Network Intrusion

With the flouring development of network-application, the importance of network security and its information security has become a greater concern for the computer users. This paper focuses on the study of the speed of detection, which is so far the most challenging problems in network intrusion detection. In practice, double-array hashing space method is applied in order to solve the problem of the big hashing space; according to features of data-package and those of attack-string, hashing -function is selected because of its high speed and efficiency; and the speed of detection is improve through the decrdasd of the times of detection to network package by applying various characteristic-string of the sane length with their corresponding pattern. There are many methods to achieve network security, and intrusion detection technology is a very effective mechanism [1]. It is a technology that could detect the current attack or attack happening inside computer system. At present, there are several different pattern match algorithms that are used for the attack detection of effective load for packet. No matter what optimization is made, they all could not get rid of a weakness: must match item by item for each mode that indicates attack characteristics [2-5]. So the packet to be detected shall be scanned for many times, and the scanning time is equal to the quality of mode; meanwhile, detection system also establish and manage heuristic function for each attack mode, and adjust detection order of attack mode, so system has rather big burden, and has difficulty to promote the detection efficiency. This is the fundamental problem causing low detection efficiency of effective load of packet [6]. Is it possible to design a detection algorithm which could build heuristic function from the perspective of whole attack model base and could detect all the attack models at the same time? This article uses hashing-method to discuss this problem, and finds that the attack probably existing could be found by several scanning for packet. In addition, network intrusion detection rule base is network IDS detection engine using model matching detection method, which is the standard for checking the captured packet. Snort is intrusion detection system based on network. This description method is simple, easy to achieve, and could describe most of the intrusion activities. Therefore, this article adopts the intrusion activity description method of Snort intrusion detection system, and introduces the rule base of Snort intrusion detection system as the rule base of this article for the foundation of design and demonstration of hashing detection scheme.

Efficient Intrusion Detection for High-Speed Networks

2012 ◽  
Vol 263-266 ◽  
pp. 2915-2919
Author(s):  
Gao Long Ma ◽  
Wen Tang
Keyword(s):  
Intrusion Detection ◽  
Error Detection ◽  
Intrusion Detection System ◽  
High Speed ◽  
Detection System ◽  
Heavy Traffic ◽  
High Speed Networks ◽  
Network Intrusion ◽  
Traffic Loads ◽  
Rule Sets

With the great increasing of high-speed networks,the traditional network intrusion detection system(NIDS) has a serious problem with handling heavy traffic loads in real-time ,which may result in packets loss and error detection . In this paper we will introduce the efficient load balancing scheme into NIDS and improve rule sets of the detection engine so as to make NIDS more suitable to high-speed networks environment.

scholarly journals Intrusion Detection Based on Big Data Fuzzy Analytics

2021 ◽  
Author(s):  
Farah Jemili ◽  
Hajer Bouras
Keyword(s):  
Big Data ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
High Performance ◽  
Detection System ◽  
Training Dataset ◽  
False Alarms ◽  
Massive Datasets ◽  
Detection Rates

In today’s world, Intrusion Detection System (IDS) is one of the significant tools used to the improvement of network security, by detecting attacks or abnormal data accesses. Most of existing IDS have many disadvantages such as high false alarm rates and low detection rates. For the IDS, dealing with distributed and massive data constitutes a challenge. Besides, dealing with imprecise data is another challenge. This paper proposes an Intrusion Detection System based on big data fuzzy analytics; Fuzzy C-Means (FCM) method is used to cluster and classify the pre-processed training dataset. The CTU-13 and the UNSW-NB15 are used as distributed and massive datasets to prove the feasibility of the method. The proposed system shows high performance in terms of accuracy, precision, detection rates, and false alarms.

Campus Network Security Program Based on Snort Network Security Intrusion Detection System

2012 ◽  
Vol 433-440 ◽  
pp. 3235-3240
Author(s):  
Ling Jia
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Collocation Methods ◽  
Campus Network ◽  
Security Risks ◽  
Network Layer ◽  
Defense Strategies

This paper studies the security problems of campus network and summarizes the current on the current security risks and threats that campus network faces, focusing on analysis of attack-defense strategies on DOS network layer, proposing the security program of campus network which uses firewall as well as network security intrusion detection system snort. This paper analyzes the functional advantages of the program and presents in details the setup deployment and collocation methods of network security intrusion detection system based on snort in the campus network, and its application results are also summarized.

ANALISIS NETWORK SECURITY SNORT METODE INTRUSION DETECTION SYSTEM UNTUK OPTIMASI KEAMANAN JARINGAN KOMPUTER

Jursima ◽  
2018 ◽  
Vol 6 (1) ◽  
pp. 1
Author(s):  
Parningotan Panggabean
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service

<p><em>Perkembangan teknologi informasi, khususnya jaringan komputer memungkinkan terjadinya pertukaran informasi yang mudah, cepat dan semakin kompleks. Keamanan jaringan komputer harus diperhatikan guna menjaga validitas dan integritas data serta informasi yang berada dalam jaringan tersebut. Masalah yang dihadapi adalah adanya Log Bug yang didapatkan pada komputer server Dinas Lingkungan Hidup Kota Batam yang diindikasikan adanya serangan Denial of Service (DoS) pada komputer tersebut. Berdasarkan masalah diatas maka penulis mencoba membuat sebuah penelitian yang berjudul “Analisis Network Security Snort menggunakan metode  Intrusion Detection System (IDS) untuk Optimasi  Keamanan Jaringan Komputer” dan diharapkan dapat mendeteksi serangan Denial of Service (DoS). Intrusion Detection System (IDS)  adalah sebuah tool, metode, sumber daya yang memberikan bantuan untuk melakukan identifikasi, memberikan laporan terhadap aktivitas jaringan komputer. Aplikasi yang digunakan untuk mendeteksi serangan menggunakan Snort. Snort dapat mendeteksi serangan DoS. Serangan DoS dilakukan dengan menggunakan aplikasi Loic.</em></p>

Sign in / Sign up

Export Citation Format

Share Document