A Deep Transfer Learning Approach for Flow-Based Intrusion Detection in SDN-Enabled Network

2021 ◽  
Author(s):  
Phan The Duy ◽  
Nghi Hoang Khoa ◽  
Hoang Hiep ◽  
Nguyen Ba Tuan ◽  
Hien Do Hoang ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Transfer Learning ◽  
Flow Analysis ◽  
Machine Learning Algorithms ◽  
Fine Tuning ◽  
Management Approach ◽  
Traffic Flows ◽  
Detection Systems ◽  
Network Properties ◽  
Traffic Detection

Revolutionizing operation model of traditional network in programmability, scalability, and orchestration, Software-Defined Networking (SDN) has considered as a novel network management approach for a massive network with heterogeneous devices. However, it is also highly susceptible to security attacks like conventional network. Inspired from the success of different machine learning algorithms in other domains, many intrusion detection systems (IDS) are presented to identify attacks aiming to harm the network. In this paper, leveraging the flow-based nature of SDN, we introduce DeepFlowIDS, a deep learning (DL)-based approach for anomaly detection using the flow analysis method in SDN. Furthermore, instead of using a lot of network properties, we only utilize essential characteristics of traffic flows to analyze with deep neural networks in IDS. This is to reduce the computational and time cost of attack traffic detection. Besides, we also study the practical benefits of applying deep transfer learning from computer vision to intrusion detection. This method can inherit the knowledge of an effective DL model from other contexts to resolve another task in cybersecurity. Our DL-based IDSs are built and trained with the NSL-KDD and CICIDS2018 dataset in both fine-tuning and feature extractor strategy of transfer learning. Then, it is integrated with the SDN controller to analyze traffic flows retrieved from OpenFlow statistics to recognize the anomaly action in the network.

scholarly journals IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses

Sensors ◽  
2021 ◽  
Vol 21 (19) ◽  
pp. 6432
Author(s):  
Khalid Albulayhi ◽  
Abdallah A. Smadi ◽  
Frederick T. Sheldon ◽  
Robert K. Abercrombie
Keyword(s):  
Intrusion Detection ◽  
Performance Metrics ◽  
Hybrid Methods ◽  
Machine Learning Algorithms ◽  
Support Vector ◽  
Reference Architecture ◽  
Detection Rates ◽  
Detection Systems ◽  
Classification Prediction ◽  
Artificial Neural Network Ann

This paper surveys the deep learning (DL) approaches for intrusion-detection systems (IDSs) in Internet of Things (IoT) and the associated datasets toward identifying gaps, weaknesses, and a neutral reference architecture. A comparative study of IDSs is provided, with a review of anomaly-based IDSs on DL approaches, which include supervised, unsupervised, and hybrid methods. All techniques in these three categories have essentially been used in IoT environments. To date, only a few have been used in the anomaly-based IDS for IoT. For each of these anomaly-based IDSs, the implementation of the four categories of feature(s) extraction, classification, prediction, and regression were evaluated. We studied important performance metrics and benchmark detection rates, including the requisite efficiency of the various methods. Four machine learning algorithms were evaluated for classification purposes: Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), and an Artificial Neural Network (ANN). Therefore, we compared each via the Receiver Operating Characteristic (ROC) curve. The study model exhibits promising outcomes for all classes of attacks. The scope of our analysis examines attacks targeting the IoT ecosystem using empirically based, simulation-generated datasets (namely the Bot-IoT and the IoTID20 datasets).

scholarly journals Optimization of Intrusion Detection Systems Determined by Ameliorated HNADAM-SGD Algorithm

2021 ◽  
Author(s):  
Shyla Shyla ◽  
Vishal Bhatnagar ◽  
Vikram Bali ◽  
Shivani Bali
Keyword(s):  
Intrusion Detection ◽  
Gradient Descent ◽  
Optimization Techniques ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Stochastic Gradient Descent ◽  
Data Traffic ◽  
Detection Systems ◽  
Moment Estimation ◽  
Classi Fication

A single Information security is of pivotal concern for consistently streaming information over the widespread internetwork. The bottleneck flow of incoming and outgoing data traffic introduces the issue of malicious activities taken place by intruders, hackers and attackers in the form of authenticity desecration, gridlocking data traffic, vandalizing data and crashing the established network. The issue of emerging suspicious activities is managed by the domain of Intrusion Detection Systems (IDS). The IDS consistently monitors the network for identifica-tion of suspicious activities and generates alarm and indication in presence of malicious threats and worms. The performance of IDS is improved by using different signature based machine learning algorithms. In this paper, the performance of IDS model is determined using hybridization of nestrov-accelerated adaptive moment estimation –stochastic gradient descent (HNADAM-SDG) algorithm. The performance of the algorithm is compared with other classi-fication algorithms as logistic regression, ridge classifier and ensemble algorithm by adapting feature selection and optimization techniques

scholarly journals Ensemble-Based Online Machine Learning Algorithms for Network Intrusion Detection Systems Using Streaming Data

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 315
Author(s):  
Nathan Martindale ◽  
Muhammad Ismail ◽  
Douglas A. Talbert
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Intrusion Detection ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Detection Systems ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

As new cyberattacks are launched against systems and networks on a daily basis, the ability for network intrusion detection systems to operate efficiently in the big data era has become critically important, particularly as more low-power Internet-of-Things (IoT) devices enter the market. This has motivated research in applying machine learning algorithms that can operate on streams of data, trained online or “live” on only a small amount of data kept in memory at a time, as opposed to the more classical approaches that are trained solely offline on all of the data at once. In this context, one important concept from machine learning for improving detection performance is the idea of “ensembles”, where a collection of machine learning algorithms are combined to compensate for their individual limitations and produce an overall superior algorithm. Unfortunately, existing research lacks proper performance comparison between homogeneous and heterogeneous online ensembles. Hence, this paper investigates several homogeneous and heterogeneous ensembles, proposes three novel online heterogeneous ensembles for intrusion detection, and compares their performance accuracy, run-time complexity, and response to concept drifts. Out of the proposed novel online ensembles, the heterogeneous ensemble consisting of an adaptive random forest of Hoeffding Trees combined with a Hoeffding Adaptive Tree performed the best, by dealing with concept drift in the most effective way. While this scheme is less accurate than a larger size adaptive random forest, it offered a marginally better run-time, which is beneficial for online training.

An Approach to Feature Selection in Intrusion Detection Systems Using Machine Learning Algorithms

2020 ◽  
Vol 16 (4) ◽  
pp. 48-58
Author(s):  
Kavitha G. ◽  
Elango N. M.
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Computational Models ◽  
Detection System ◽  
Rapid Development ◽  
Machine Learning Algorithms ◽  
The Novel ◽  
Feature Selection Technique ◽  
Detection Systems ◽  
Combined Feature

The rapid development of various services that are provided by information technology has been widely accepted by the users who are making use of such services in their day-to-day life activities. Securing such a system application from various intrusions still remains to be a one of the major issues in the current era. Detecting such anomalies from the regular events involves various steps such as data pre-processing, feature selection, and classification. Many of the computational models intend to accurately discriminate the samples of each group for better classification by identifying candidate features prior to the learning phase. This research studies the implementation of a combined feature selection technique such as the GRRF-FWSVM method which is applied to the benchmarked anomaly detection dataset KDD CUP 99. The results prove the novel proposed hybrid model is an effective method in identifying anomalies and it increases the detection rate of about 98.55% of the intrusion detection system with the two most common benchmark models.

RELIABLE PROBABILISTIC CLASSIFICATION OF INTERNET TRAFFIC

2009 ◽  
Vol 06 (02) ◽  
pp. 133-146 ◽  
Author(s):  
MIKHAIL DASHEVSKIY ◽  
ZHIYUAN LUO
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Internet Traffic ◽  
Machine Learning Algorithms ◽  
Traffic Flows ◽  
Network Resource ◽  
Probabilistic Classification ◽  
Network Resource Management ◽  
Algorithmic Framework

Classification of Internet traffic is very important to many applications such as network resource management, network security enforcement and intrusion detection. Many machine-learning algorithms have been successfully used to classify network traffic flows with good performance, but without information about the reliability in classifications. In this paper, we present a recently developed algorithmic framework, namely the Venn Probability Machine, for making reliable decisions under uncertainty. Experiments on publicly available real Internet traffic datasets show the algorithmic framework works well. Comparison is also made to the published results.

scholarly journals ANOMALY DETECTION USING MACHINE LEARNING APPROACHES

2020 ◽  
Vol 3 (2) ◽  
pp. 196-206
Author(s):  
Mausumi Das Nath ◽  
◽  
Tapalina Bhattasali
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Vital Role ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Abnormal Behavior ◽  
Support Vector ◽  
Learning Approaches ◽  
Detection Systems ◽  
Internet Users

Due to the enormous usage of the Internet, users share resources and exchange voluminous amounts of data. This increases the high risk of data theft and other types of attacks. Network security plays a vital role in protecting the electronic exchange of data and attempts to avoid disruption concerning finances or disrupted services due to the unknown proliferations in the network. Many Intrusion Detection Systems (IDS) are commonly used to detect such unknown attacks and unauthorized access in a network. Many approaches have been put forward by the researchers which showed satisfactory results in intrusion detection systems significantly which ranged from various traditional approaches to Artificial Intelligence (AI) based approaches.AI based techniques have gained an edge over other statistical techniques in the research community due to its enormous benefits. Procedures can be designed to display behavior learned from previous experiences. Machine learning algorithms are used to analyze the abnormal instances in a particular network. Supervised learning is essential in terms of training and analyzing the abnormal behavior in a network. In this paper, we propose a model of Naïve Bayes and SVM (Support Vector Machine) to detect anomalies and an ensemble approach to solve the weaknesses and to remove the poor detection results

scholarly journals Implementation of Machine Learning Algorithms on CICIDS-2017 Dataset for Intrusion Detection Using WEKA

2019 ◽  
Vol 8 (3) ◽  
pp. 2195-2207 ◽  
Keyword(s):  
Intrusion Detection ◽  
Denial Of Service ◽  
Attack Detection ◽  
Machine Learning Algorithms ◽  
Classification Algorithms ◽  
Brute Force ◽  
Detection Techniques ◽  
Detection Systems ◽  
Brute Force Attack ◽  
Feature Selection Techniques

For protecting and securing the network, with Intrusion Detection Systems through hidden intrusion has become a popular and important issue in the network security domain. Detection of attacks is the first step to secure any system. In this paper, the main focus is on seven different attacks, including Brute Force attack, Heartbleed/Denial-of-service (DoS), Web Attack, Infiltration, Botnet, Port Scan and Distributed Denial of Service (DDoS). We rely on features derived from CICIDS-2017 Dataset for these attacks. By using various subset based feature selection techniques performance of attack has been identified for many features. Using these techniques, it has been determined the appropriate group of attributes for finding every attack with related classification algorithms. Simulations of these techniques present that unwanted feature can be removed from attack detection techniques and find the most valuable set of attributes for a definite classification algorithm with discretization and without discretization, which improve the performance of IDS.

Sign in / Sign up

Export Citation Format

Share Document