scholarly journals A Decision Tree-Aware Genetic Algorithm for Botnet Detection

2021 ◽  
pp. 2454-2462
Author(s):  
Thurayaa B. Alhijaj ◽  
Sarab M. Hameed ◽  
Bara'a A. Attea
Keyword(s):  
Genetic Algorithm ◽  
Decision Tree ◽  
Intrusion Detection System ◽  
Detection Rate ◽  
Detection System ◽  
Search Space ◽  
Detection Problem ◽  
Feature Selection Problem ◽  
Botnet Detection ◽  
Canadian Institute

     In this paper, the botnet detection problem is defined as a feature selection problem and the genetic algorithm (GA) is used to search for the best significant combination of features from the entire search space of set of features. Furthermore, the Decision Tree (DT) classifier is used as an objective function to direct the ability of the proposed GA to locate the combination of features that can correctly classify the activities into normal traffics and botnet attacks. Two datasets  namely the UNSW-NB15 and the Canadian Institute for Cybersecurity Intrusion Detection System 2017 (CICIDS2017), are used as evaluation datasets. The results reveal that the proposed DT-aware GA can effectively find the relevant features from the whole features set. Thus, it obtains efficient botnet detection results in terms of F-score, precision, detection rate, and  number of relevant features, when compared with DT alone.

scholarly journals RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks

2020 ◽  
Vol 12 (3) ◽  
pp. 44 ◽  
Author(s):  
Mohamed Amine Ferrag ◽  
Leandros Maglaras ◽  
Ahmed Ahmim ◽  
Makhlouf Derdour ◽  
Helge Janicke
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Decision Tree ◽  
Intrusion Detection System ◽  
Detection Rate ◽  
State Of The Art ◽  
Detection System ◽  
Data Set ◽  
The Third ◽  
Time Overhead

This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest their superiority in terms of accuracy, detection rate, false alarm rate and time overhead as compared to state of the art existing schemes.

scholarly journals A Hybrid Genetic-Neuro Algorithm for Cloud Intrusion Detection System

2020 ◽  
Vol 1 (2) ◽  
pp. 15-25
Author(s):  
Suresh Adithya Nallamuthu ◽  
Keyword(s):  
Machine Learning ◽  
Genetic Algorithm ◽  
Performance Analysis ◽  
Intrusion Detection ◽  
Cyber Security ◽  
Intrusion Detection System ◽  
Detection Rate ◽  
Detection System ◽  
Attack Detection ◽  
Network Systems

The security for cloud network systems is essential and significant to secure the data source from intruders and attacks. Implementing an intrusion detection system (IDS) for securing from those intruders and attacks is the best option. Many IDS models are presently based on different techniques and algorithms like machine learning and deep learning. In this research, IDS for the cloud computing environment is proposed. Here in this model, the genetic algorithm (GA) and back propagation neural network (BPNN) is used for attack detection and classification. The Canadian Institute for Cyber-security CIC-IDS 2017 dataset is used for the evaluation of performance analysis. Initially, from the dataset, the data are preprocessed, and by using the genetic algorithm, the attack was detected. The detected attacks are classified using the BPNN classifier for identifying the types of attacks. The performance analysis was executed, and the results are obtained and compared with the existing machine learning-based classifiers like FC-ANN, NB-RF, KDBN, and FCM-SVM techniques. The proposed GA-BPNN model outperforms all these classifying techniques in every performance metric, like accuracy, precision, recall, and detection rate. Overall, from the performance analysis, the best classification accuracy is achieved for Web attack detection with 97.90%, and the best detection rate is achieved for Brute force attack detection with 97.89%.

scholarly journals A feature selection algorithm combining information gain and multi-objective genetic search for intrusion detection system

2021 ◽  
Vol 336 ◽  
pp. 08008
Author(s):  
Tao Xie
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection Rate ◽  
Information Gain ◽  
Detection System ◽  
Selection Algorithm ◽  
Feature Selection Algorithm ◽  
Genetic Search ◽  
Multi Objective

In order to improve the detection rate and speed of intrusion detection system, this paper proposes a feature selection algorithm. The algorithm uses information gain to rank the features in descending order, and then uses a multi-objective genetic algorithm to gradually search the ranking features to find the optimal feature combination. We classified the Kddcup98 dataset into five classes, DOS, PROBE, R2L, and U2R, and conducted numerous experiments on each class. Experimental results show that for each class of attack, the proposed algorithm can not only speed up the feature selection, but also significantly improve the detection rate of the algorithm.

scholarly journals Intrusion Detection Method Based on Adaptive Clonal Genetic Algorithm and Backpropagation Neural Network

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Yi Lu ◽  
Menghan Liu ◽  
Jie Zhou ◽  
Zhigang Li
Keyword(s):  
Neural Network ◽  
Genetic Algorithm ◽  
Intrusion Detection ◽  
Detection Rate ◽  
Detection System ◽  
Poor Performance ◽  
Data Sets ◽  
Backpropagation Neural Network ◽  
External Threats ◽  
Kdd Cup 99

Intrusion Detection System (IDS) is an important part of ensuring network security. When the system faces network attacks, it can identify the source of threats in a timely and accurate manner and adjust strategies to prevent hackers from intruding. Efficient IDS can identify external threats well, but traditional IDS has poor performance and low recognition accuracy. To improve the detection rate and accuracy of IDS, this paper proposes a novel ACGA-BPNN method based on adaptive clonal genetic algorithm (ACGA) and backpropagation neural network (BPNN). ACGA-BPNN is simulated on the KDD-CUP’99 and UNSW-NB15 data sets. The simulation results indicate that, in contrast to the methods based on simulated annealing (SA) and genetic algorithm (GA), the detection rate and accuracy of ACGA-BPNN are much higher than of GA-BPNN and SA-BPNN. In the classification results of KDD-CUP’99, the classification accuracy of ACGA-BPNN is 11% higher than GA-BPNN and 24.2% higher than SA-BPNN, and F-score reaches 99.0%. In addition, ACGA-BPNN has good global searchability and its convergence speed is higher than that of GA-BPNN and SA-BPNN. Furthermore, ACGA-BPNN significantly improves the overall detection performance of IDS.

Data Mining: A Bagged Decision Tree Classifier Algorithm For Ids Intrusion Detection System Based Attacks Classification

2021 ◽  
pp. 1826-1839
Author(s):  
Sandeep Adhikari, Dr. Sunita Chaudhary
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Decision Tree ◽  
Intrusion Detection System ◽  
Detection System ◽  
Large Data ◽  
Large Data Sets ◽  
Data Sets ◽  
Decision Tree Classifier ◽  
Tree Classifier

The exponential growth in the use of computers over networks, as well as the proliferation of applications that operate on different platforms, has drawn attention to network security. This paradigm takes advantage of security flaws in all operating systems that are both technically difficult and costly to fix. As a result, intrusion is used as a key to worldwide a computer resource's credibility, availability, and confidentiality. The Intrusion Detection System (IDS) is critical in detecting network anomalies and attacks. In this paper, the data mining principle is combined with IDS to efficiently and quickly identify important, secret data of interest to the user. The proposed algorithm addresses four issues: data classification, high levels of human interaction, lack of labeled data, and the effectiveness of distributed denial of service attacks. We're also working on a decision tree classifier that has a variety of parameters. The previous algorithm classified IDS up to 90% of the time and was not appropriate for large data sets. Our proposed algorithm was designed to accurately classify large data sets. Aside from that, we quantify a few more decision tree classifier parameters.

scholarly journals A Feature Selection Model for Network Intrusion Detection System Based on PSO, GWO, FFA and GA Algorithms

Symmetry ◽  
2020 ◽  
Vol 12 (6) ◽  
pp. 1046 ◽  
Author(s):  
Omar Almomani
Keyword(s):  
Genetic Algorithm ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Selection Model ◽  
Network Intrusion Detection ◽  
Network Intrusion ◽  
Proposed Model ◽  
Positive Rate

The network intrusion detection system (NIDS) aims to identify virulent action in a network. It aims to do that through investigating the traffic network behavior. The approaches of data mining and machine learning (ML) are extensively used in the NIDS to discover anomalies. Regarding feature selection, it plays a significant role in improving the performance of NIDSs. That is because anomaly detection employs a great number of features that require much time. Therefore, the feature selection approach affects the time needed to investigate the traffic behavior and improve the accuracy level. The researcher of the present study aimed to propose a feature selection model for NIDSs. This model is based on the particle swarm optimization (PSO), grey wolf optimizer (GWO), firefly optimization (FFA) and genetic algorithm (GA). The proposed model aims at improving the performance of NIDSs. The proposed model deploys wrapper-based methods with the GA, PSO, GWO and FFA algorithms for selecting features using Anaconda Python Open Source, and deploys filtering-based methods for the mutual information (MI) of the GA, PSO, GWO and FFA algorithms that produced 13 sets of rules. The features derived from the proposed model are evaluated based on the support vector machine (SVM) and J48 ML classifiers and the UNSW-NB15 dataset. Based on the experiment, Rule 13 (R13) reduces the features into 30 features. Rule 12 (R12) reduces the features into 13 features. Rule 13 and Rule 12 offer the best results in terms of F-measure, accuracy and sensitivity. The genetic algorithm (GA) shows good results in terms of True Positive Rate (TPR) and False Negative Rate (FNR). As for Rules 11, 9 and 8, they show good results in terms of False Positive Rate (FPR), while PSO shows good results in terms of precision and True Negative Rate (TNR). It was found that the intrusion detection system with fewer features will increase accuracy. The proposed feature selection model for NIDS is rule-based pattern recognition to discover computer network attack which is in the scope of Symmetry journal.

Sign in / Sign up

Export Citation Format

Share Document