Intrusion Detection Systems: A Review

Intrusion Detection System is competent to detect the intrusions and alerting the administrator of system about the signs of possible intrusions. This paper presents a detailed review of the intrusion detection techniques used in WSNs. More specifically, the existing methods for blackhole and sinkhole attacks detection are reviewed. However, it is noted that most intrusion detection schemes proposed in the literature are either inefficient or have low detection rates/high false positive rates. This survey also highlights the research gap in this domain and provides better scope for the advanced work.

Download Full-text

Intrusion Detection Systems: A Review

Restaurant Business ◽

10.26643/rb.v118i6.7239 ◽

2019 ◽

Vol 118 (6) ◽

pp. 60-79

Author(s):

Ashwini V. Jatti ◽

V. J. K. Kishor Sonti

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Detection Rates ◽

Detailed Review ◽

Detection Techniques ◽

Detection Systems ◽

Research Gap ◽

Detection Schemes

Intrusion Detection System is competent to detect the intrusions and alerting the administrator of system about the signs of possible intrusions. This paper presents a detailed review of the intrusion detection techniques used in WSNs. More specifically, the existing methods for blackhole and sinkhole attacks detection are reviewed. However, it is noted that most intrusion detection schemes proposed in the literature are either inefficient or have low detection rates/high false positive rates. This survey also highlights the research gap in this domain and provides better scope for the advanced work.

Download Full-text

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Journal of Electrical and Computer Engineering ◽

10.1155/2017/1794849 ◽

2017 ◽

Vol 2017 ◽

pp. 1-6 ◽

Cited By ~ 5

Author(s):

Uma R. Salunkhe ◽

Suresh N. Mali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Detection System ◽

Hybrid Approach ◽

Classifier Ensemble ◽

Intrusion Detection Systems ◽

Detection Rates ◽

Detection Systems

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Download Full-text

A Review on Intrusion Detection Systems and Techniques

International Journal of Uncertainty Fuzziness and Knowledge-Based Systems ◽

10.1142/s0218488520400140 ◽

2020 ◽

Vol 28 (Supp02) ◽

pp. 65-91

Author(s):

Nitesh Singh Bhati ◽

Manju Khari ◽

Vicente García-Díaz ◽

Elena Verdú

Keyword(s):

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Security System ◽

Intrusion Detection Systems ◽

The Internet ◽

Detection Techniques ◽

Detection Systems ◽

Network Security System

An Intrusion Detection System (IDS) is a network security system that detects, identifies, and tracks an intruder or an invader in a network. As the usage of the internet is growing every day in our society, the IDS is becoming an essential part of the network security system. Therefore, the proper research and implementation of IDSs are required. Today, with the help of improved technologies at our disposal, many solutions have been found to create many intrusion detection systems. However, it is difficult to identify the perfect solution from the vast options we have available. Hence, motivated by the need of a better security system, this paper presents a survey of different published solutions that have been developed and/or researched on the topic of intrusion detection techniques during the period from 2000 to 2019, including the accuracy of the output. With the help of this survey, an all-inclusive view of the different papers would be at one’s disposal.

Download Full-text

Diverse Methods for Signature based Intrusion Detection Schemes Adopted

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a2791.079220 ◽

2020 ◽

Vol 9 (2) ◽

pp. 44-49

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Normal Activity ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Detection Methods ◽

Detection Systems ◽

Input Event ◽

Detection Schemes

Intrusion Detection Systems (IDS) is used as a tool to detect intrusions on IT networks, providing support in network monitoring to identify and avoid possible attacks. Most such approaches adopt Signature-based methods for detecting attacks which include matching the input event to predefined database signatures. Signature based intrusion detection acts as an adaptable device security safeguard technology. This paper discusses various Signature-based Intrusion Detection Systems and their advantages; given a set of signatures and basic patterns that estimate the relative importance of each intrusion detection system feature, system administrators may help identify cyber-attacks and threats to the network and Computer system. Eighty percent of incidents can be easily and promptly detected using signature-based detection methods if used as a precautionary phase for vulnerability detection and twenty percent rest by anomaly-based intrusion detection system that involves comparing definitions of normal activity or event behavior with observed events in identifying the significant deviations and deciding the traffic to flag.

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

A Review of Intrusion Detection Systems in Cloud Computing

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch003 ◽

2019 ◽

pp. 54-83

Author(s):

Chiba Zouhair ◽

Noreddine Abghour ◽

Khalid Moussaid ◽

Amina El Omri ◽

Mohamed Rida

Keyword(s):

Cloud Computing ◽

Intrusion Detection ◽

Detection System ◽

Security Requirements ◽

Intrusion Detection Systems ◽

Cloud Environment ◽

Detection Techniques ◽

Detection Systems ◽

Cloud Architecture ◽

Data Source

Security is a major challenge faced by cloud computing (CC) due to its open and distributed architecture. Hence, it is vulnerable and prone to intrusions that affect confidentiality, availability, and integrity of cloud resources and offered services. Intrusion detection system (IDS) has become the most commonly used component of computer system security and compliance practices that defends cloud environment from various kinds of threats and attacks. This chapter presents the cloud architecture, an overview of different intrusions in the cloud, the challenges and essential characteristics of cloud-based IDS (CIDS), and detection techniques used by CIDS and their types. Then, the authors analyze 24 pertinent CIDS with respect to their various types, positioning, detection time, and data source. The analysis also gives the strength of each system and limitations in order to evaluate whether they carry out the security requirements of CC environment or not.

Download Full-text

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

Download Full-text

DNA Encoding for Misuse Intrusion Detection System based on UNSW-NB15 Data Set

Iraqi Journal of Science ◽

10.24996/ijs.2020.61.12.29 ◽

2020 ◽

pp. 3408-3416

Author(s):

Omar Fitian Rashid

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Attack Detection ◽

High Rate ◽

Dna Encoding ◽

Data Set ◽

Detection Rates ◽

Detection Systems ◽

Threat Environment

Recent researches showed that DNA encoding and pattern matching can be used for the intrusion-detection system (IDS), with results of high rate of attack detection. The evaluation of these intrusion detection systems is based on datasets that are generated decades ago. However, numerous studies outlined that these datasets neither inclusively reflect the network traffic, nor the modern low footprint attacks, and do not cover the current network threat environment. In this paper, a new DNA encoding for misuse IDS based on UNSW-NB15 dataset is proposed. The proposed system is performed by building a DNA encoding for all values of 49 attributes. Then attack keys (based on attack signatures) are extracted and, finally, Raita algorithm is applied to classify records, either attacks or normal, based on the extracted keys. The results of the current experiment showed that the proposed system achieved good detection rates for all of attacks, which included the Analysis, Backdoor, DoS, Exploits, Fuzzers, Generic, Reconnaissance, Shellcode, and Worms, with values of 82.56%, 92.68%, 75.59%, 75.42%, 67%, 99.28%, 81.02%, 73.6%, 85%, and 90.91%, respectively. The values of false alarm rate and accuracy were equal to 24% and 89.05%, respectively. Also, the execution time for the proposed system was found to be short, where the values of the encoding time and matching time for one record were 0.45 and 0.002 second, respectively.

Download Full-text

IDS-attention: an efficient algorithm for intrusion detection systems using attention mechanism

Journal Of Big Data ◽

10.1186/s40537-021-00544-5 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

FatimaEzzahra Laghrissi ◽

Samira Douzi ◽

Khadija Douzi ◽

Badr Hssina

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Short Term Memory ◽

Detection System ◽

False Negative ◽

False Negative Rate ◽

Attention Mechanism ◽

Intrusion Detection Systems ◽

Network Attacks ◽

Detection Systems

AbstractNetwork attacks are illegal activities on digital resources within an organizational network with the express intention of compromising systems. A cyber attack can be directed by individuals, communities, states or even from an anonymous source. Hackers commonly conduct network attacks to alter, damage, or steal private data. Intrusion detection systems (IDS) are the best and most effective techniques when it comes to tackle these threats. An IDS is a software application or hardware device that monitors traffic to search for malevolent activity or policy breaches. Moreover, IDSs are designed to be deployed in different environments, and they can either be host-based or network-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system is located on the network. IDSs based on deep learning have been used in the past few years and proved their effectiveness. However, these approaches produce a big false negative rate, which impacts the performance and potency of network security. In this paper, a detection model based on long short-term memory (LSTM) and Attention mechanism is proposed. Furthermore, we used four reduction algorithms, namely: Chi-Square, UMAP, Principal Components Analysis (PCA), and Mutual information. In addition, we evaluated the proposed approaches on the NSL-KDD dataset. The experimental results demonstrate that using Attention with all features and using PCA with 03 components had the best performance, reaching an accuracy of 99.09% and 98.49% for binary and multiclass classification, respectively.

Download Full-text