scholarly journals Ensemble Learning for Threat Classification in Network Intrusion Detection on a Security Monitoring System for Renewable Energy

2021 ◽  
Vol 11 (23) ◽  
pp. 11283
Author(s):  
Hsiao-Chung Lin ◽  
Ping Wang ◽  
Kuo-Ming Chao ◽  
Wen-Hui Lin ◽  
Zong-Yu Yang
Keyword(s):  
Experimental Data ◽  
Renewable Energy ◽  
Intrusion Detection ◽  
Monitoring System ◽  
Network Intrusion Detection ◽  
Data Sets ◽  
Data Set ◽  
Security Monitoring ◽  
Network Intrusion ◽  
Security Monitoring System

Most approaches for detecting network attacks involve threat analyses to match the attack to potential malicious profiles using behavioral analysis techniques in conjunction with packet collection, filtering, and feature comparison. Experts in information security are often required to study these threats, and judging new types of threats accurately in real time is often impossible. Detecting legitimate or malicious connections using protocol analysis is difficult; therefore, machine learning-based function modules can be added to intrusion detection systems to assist experts in accurately judging threat categories by analyzing the threat and learning its characteristics. In this paper, an ensemble learning scheme based on a revised random forest algorithm is proposed for a security monitoring system in the domain of renewable energy to categorize network threats in a network intrusion detection system. To reduce classification error for minority classes of experimental data in model training, the synthetic minority oversampling technique scheme (SMOTE) was formulated to re-balance the original data sets by altering the number of data points for minority class to imbue the experimental data set. The classification performance of the proposed classifier in threat classification when the data set is unbalanced was experimentally verified in terms of accuracy, precision, recall, and F1-score on the UNSW-NB15 and CSE-CIC-IDS 2018 data sets. A cross-validation scheme featuring support vector machines was used to compare classification accuracies.

Enhance Network Intrusion Detection System by Exploiting BR Algorithm as an Optimal Feature Selection

2015 ◽  
pp. 17-32 ◽  
Author(s):  
Soukaena Hassan Hashem
Keyword(s):  
Intrusion Detection ◽  
Wireless Network ◽  
Intrusion Detection System ◽  
Missing Values ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Wireless Data ◽  
Data Set ◽  
Network Intrusion ◽  
Network Intrusion Detection System

This chapter aims to build a proposed Wire/Wireless Network Intrusion Detection System (WWNIDS) to detect intrusions and consider many of modern attacks which are not taken in account previously. The proposal WWNIDS treat intrusion detection with just intrinsic features but not all of them. The dataset of WWNIDS will consist of two parts; first part will be wire network dataset which has been constructed from KDD'99 that has 41 features with some modifications to produce the proposed dataset that called modern KDD and to be reliable in detecting intrusion by suggesting three additional features. The second part will be building wireless network dataset by collecting thousands of sessions (normal and intrusion); this proposed dataset is called Constructed Wireless Data Set (CWDS). The preprocessing process will be done on the two datasets (KDD & CWDS) to eliminate some problems that affect the detection of intrusion such as noise, missing values and duplication.

scholarly journals MFVT:An Anomaly Traffic Detection Method Merging Feature Fusion Network and Vision Transformer Architecture

2021 ◽  
Author(s):  
Ming Li ◽  
Dezhi Han ◽  
Dun Li ◽  
Han Liu ◽  
Chin- Chen Chang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Feature Fusion ◽  
Imbalanced Data ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Data Sets ◽  
Imbalanced Data Sets ◽  
Network Intrusion

Abstract Network intrusion detection, which takes the extraction and analysis of network traffic features as the main method, plays a vital role in network security protection. The current network traffic feature extraction and analysis for network intrusion detection mostly uses deep learning algorithms. Currently, deep learning requires a lot of training resources, and have weak processing capabilities for imbalanced data sets. In this paper, a deep learning model (MFVT) based on feature fusion network and Vision Transformer architecture is proposed, to which improves the processing ability of imbalanced data sets and reduces the sample data resources needed for training. Besides, to improve the traditional raw traffic features extraction methods, a new raw traffic features extraction method (CRP) is proposed, the CPR uses PCA algorithm to reduce all the processed digital traffic features to the specified dimension. On the IDS 2017 dataset and the IDS 2012 dataset, the ablation experiments show that the performance of the proposed MFVT model is significantly better than other network intrusion detection models, and the detection accuracy can reach the state-of-the-art level. And, When MFVT model is combined with CRP algorithm, the detection accuracy is further improved to 99.99%.

scholarly journals Deep Stacking Network for Intrusion Detection

Sensors ◽  
2021 ◽  
Vol 22 (1) ◽  
pp. 25
Author(s):  
Yifan Tang ◽  
Lize Gu ◽  
Leiting Wang
Keyword(s):  
Intrusion Detection ◽  
Decision Tree ◽  
Classification Accuracy ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Performance ◽  
Network Intrusion Detection ◽  
Fusion Model ◽  
Data Set ◽  
Network Intrusion

Preventing network intrusion is the essential requirement of network security. In recent years, people have conducted a lot of research on network intrusion detection systems. However, with the increasing number of advanced threat attacks, traditional intrusion detection mechanisms have defects and it is still indispensable to design a powerful intrusion detection system. This paper researches the NSL-KDD data set and analyzes the latest developments and existing problems in the field of intrusion detection technology. For unbalanced distribution and feature redundancy of the data set used for training, some training samples are under-sampling and feature selection processing. To improve the detection effect, a Deep Stacking Network model is proposed, which combines the classification results of multiple basic classifiers to improve the classification accuracy. In the experiment, we screened and compared the performance of various mainstream classifiers and found that the four models of the decision tree, k-nearest neighbors, deep neural network and random forests have outstanding detection performance and meet the needs of different classification effects. Among them, the classification accuracy of the decision tree reaches 86.1%. The classification effect of the Deeping Stacking Network, a fusion model composed of four classifiers, has been further improved and the accuracy reaches 86.8%. Compared with the intrusion detection system of other research papers, the proposed model effectively improves the detection performance and has made significant improvements in network intrusion detection.

scholarly journals A Residual Learning-Based Network Intrusion Detection System

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Jiarui Man ◽  
Guozi Sun
Keyword(s):  
Neural Networks ◽  
Intrusion Detection ◽  
Detection System ◽  
Attack Detection ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Class Imbalance Problem ◽  
Data Set ◽  
Residual Learning ◽  
Network Intrusion

Neural networks have been proved to perform well in network intrusion detection. In order to acquire better features of network traffic, more learning layers are necessarily required. However, according to the results of the previous research, adding layers to the neural networks might fail to improve the classification results. In fact, after the number of layers has reached a certain threshold, performance of the model tends to degrade. In this paper, we propose a network intrusion detection model based on residual learning. After transforming the UNSW-NB15 data set into images, deeper convolutional neural networks with residual blocks are built to learn more critical features. Instead of the cross-entropy loss function, the modified focal loss is calculated to address the class imbalance problem in the training set and identify minor attacks in the testing set. Batch normalization and global average pooling are used to avoid overfitting and enhance the model. Experimental results show that the proposed model can improve attack detection accuracy compared with existing models.

scholarly journals ASSOCIATION RULE MINING FOR KDD INTRUSION DETECTION DATA SET

2013 ◽  
pp. 138-142
Author(s):  
ASIM DAS ◽  
S. SIVA SATHYA
Keyword(s):  
Intrusion Detection ◽  
Association Rule ◽  
Association Rule Mining ◽  
Binary Data ◽  
Network Intrusion Detection ◽  
Rule Mining ◽  
Association Patterns ◽  
Data Set ◽  
Network Intrusion ◽  
Audit Data

Network intrusion detection includes a set of malicious actions that compromise the integrity, confidentiality and availability of information resources. Several techniques for mining rules from KDD intrusion detection dataset [10] enables to identify attacks in the network. But little research has been done to determine the association patterns that exist between the attributes in the dataset. This paper focuses on the association rule mining in KDD intrusion dataset. Since the dataset constitutes different kinds of data like binary, discrete & continuous data, same technique cannot be applied to determine the association patterns. Hence, this paper uses varying techniques for each type of data. The proposed method is used to generate attack rules that will detect the attacks in network audit data using anomaly detection. Rules are formed depending upon various attack types. For binary data, Apriori approach is used to eliminate the non-frequent item set from the rules and for discrete and continuous value the proposed techniques are used. The paper concludes with experimental results.

scholarly journals A Machine Learning Evaluation of an Artificial Immune System

2005 ◽  
Vol 13 (2) ◽  
pp. 179-212 ◽  
Author(s):  
Matthew Glickman ◽  
Justin Balthrop ◽  
Stephanie Forrest
Keyword(s):  
Machine Learning ◽  
Immune System ◽  
Intrusion Detection ◽  
Artificial Immune System ◽  
Concept Drift ◽  
Network Intrusion Detection ◽  
Artificial Immune ◽  
Data Set ◽  
Network Intrusion ◽  
Adaptive Mechanisms

ARTIS is an artificial immune system framework which contains several adaptive mechanisms. LISYS is a version of ARTIS specialized for the problem of network intrusion detection. The adaptive mechanisms of LISYS are characterized in terms of their machine-learning counterparts, and a series of experiments is described, each of which isolates a different mechanism of LISYS and studies its contribution to the system's overall performance. The experiments were conducted on a new data set, which is more recent and realistic than earlier data sets. The network intrusion detection problem is challenging because it requires one-class learning in an on-line setting with concept drift. The experiments confirm earlier experimental results with LISYS, and they study in detail how LISYS achieves success on the new data set.

Sign in / Sign up

Export Citation Format

Share Document