scholarly journals Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Entropy ◽  
2021 ◽  
Vol 23 (6) ◽  
pp. 776
Author(s):  
Marcin Niemiec ◽  
Rafał Kościej ◽  
Bartłomiej Gdowski
Keyword(s):  
Intrusion Detection ◽  
Heuristic Algorithm ◽  
Detection Algorithm ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Thresholds ◽  
Detection Systems ◽  
Different Types ◽  
Ongoing Development ◽  
Network Environments

The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm.

scholarly journals An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

2021 ◽  
Vol 13 (18) ◽  
pp. 10057
Author(s):  
Imran ◽  
Faisal Jamil ◽  
Dohyeun Kim
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Accuracy ◽  
Learning Mechanism ◽  
Detection Systems ◽  
Network Applications ◽  
Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

scholarly journals Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

2017 ◽  
Vol 2017 ◽  
pp. 1-9 ◽  
Author(s):  
Ru Zhang ◽  
Yanyu Huo ◽  
Jianyi Liu ◽  
Fangyu Weng
Keyword(s):  
Intrusion Detection ◽  
Transfer Matrix ◽  
Fuzzy Clustering ◽  
Attack Detection ◽  
New Method ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Actual Situation ◽  
Detection Systems ◽  
Attack Models

The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

scholarly journals Intrusion Detection into Cloud-Fog-Based IoT Networks Using Game Theory

2020 ◽  
Vol 2020 ◽  
pp. 1-9
Author(s):  
Poria Pirozmand ◽  
Mohsen Angoraj Ghafary ◽  
Safieh Siadat ◽  
Jiankang Ren
Keyword(s):  
Game Theory ◽  
Nash Equilibrium ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Detection System ◽  
Human Life ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Systems ◽  
The Internet Of Things

The Internet of Things is an emerging technology that integrates the Internet and physical smart objects. This technology currently is used in many areas of human life, including education, agriculture, medicine, military and industrial processes, and trade. Integrating real-world objects with the Internet can pose security threats to many of our day-to-day activities. Intrusion detection systems (IDS) can be used in this technology as one of the security methods. In intrusion detection systems, early and correct detection (with high accuracy) of intrusions is considered very important. In this research, game theory is used to develop the performance of intrusion detection systems. In the proposed method, the attacker infiltration mode and the behavior of the intrusion detection system as a two-player and nonparticipatory dynamic game are completely analyzed and Nash equilibrium solution is used to create specific subgames. During the simulation performed using MATLAB software, various parameters were examined using the definitions of game theory and Nash equilibrium to extract the parameters that had the most accurate detection results. The results obtained from the simulation of the proposed method showed that the use of intrusion detection systems in the Internet of Things based on cloud-fog can be very effective in identifying attacks with the least amount of errors in this network.

A Review on Intrusion Detection Systems and Techniques

2020 ◽  
Vol 28 (Supp02) ◽  
pp. 65-91
Author(s):  
Nitesh Singh Bhati ◽  
Manju Khari ◽  
Vicente García-Díaz ◽  
Elena Verdú
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Security System ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Techniques ◽  
Detection Systems ◽  
Network Security System

An Intrusion Detection System (IDS) is a network security system that detects, identifies, and tracks an intruder or an invader in a network. As the usage of the internet is growing every day in our society, the IDS is becoming an essential part of the network security system. Therefore, the proper research and implementation of IDSs are required. Today, with the help of improved technologies at our disposal, many solutions have been found to create many intrusion detection systems. However, it is difficult to identify the perfect solution from the vast options we have available. Hence, motivated by the need of a better security system, this paper presents a survey of different published solutions that have been developed and/or researched on the topic of intrusion detection techniques during the period from 2000 to 2019, including the accuracy of the output. With the help of this survey, an all-inclusive view of the different papers would be at one’s disposal.

scholarly journals A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Ansam Khraisat ◽  
Ammar Alazab
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Communication Systems ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Systems ◽  
Advantages And Disadvantages ◽  
Deployment Strategy ◽  
The Internet Of Things ◽  
Validation Strategy

AbstractThe Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack on the end nodes. To this end, Numerous IoT intrusion detection Systems (IDS) have been proposed in the literature to tackle attacks on the IoT ecosystem, which can be broadly classified based on detection technique, validation strategy, and deployment strategy. This survey paper presents a comprehensive review of contemporary IoT IDS and an overview of techniques, deployment Strategy, validation strategy and datasets that are commonly applied for building IDS. We also review how existing IoT IDS detect intrusive attacks and secure communications on the IoT. It also presents the classification of IoT attacks and discusses future research challenges to counter such IoT attacks to make IoT more secure. These purposes help IoT security researchers by uniting, contrasting, and compiling scattered research efforts. Consequently, we provide a unique IoT IDS taxonomy, which sheds light on IoT IDS techniques, their advantages and disadvantages, IoT attacks that exploit IoT communication systems, corresponding advanced IDS and detection capabilities to detect IoT attacks.

scholarly journals A System to automate the development of anomaly-based network intrusion detection model

2021 ◽  
Vol 2089 (1) ◽  
pp. 012006
Author(s):  
B Padmaja ◽  
K Sai Sravan ◽  
E Krishna Rao Patro ◽  
G Chandra Sekhar
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Network Traffic ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
The Internet ◽  
Detection Systems ◽  
Network Intrusion

Abstract Cyber security is the major concern in today’s world. Over the past couple of decades, the internet has grown to such an extent that almost every individual living on this planet has the access to the internet today. This can be viewed as one of the major achievements in the human race, but on the flip side of the coin, this gave rise to a lot of security issues for every individual or the company that is accessing the web through the internet. Hackers have become active and are always monitoring the networks to grab every possible opportunity to attack a system and make the best fortune out of its vulnerabilities. To safeguard people’s and organization’s privacy in this cyberspace, different network intrusion detection systems have been developed to detect the hacker’s presence in the networks. These systems fall under signature based and anomaly based intrusion detection systems. This paper deals with using anomaly based intrusion detection technique to develop an automation system to both train and test supervised machine learning models, which is developed to classify real time network traffic as to whether it is malicious or not. Currently the best models by considering both detection success rate and the false positives rate are Artificial Neural Networks(ANN) followed by Support Vector Machines(SVM). In this paper, it is verified that Artificial Neural Network (ANN) based machine learning with wrapper feature selection outperforms support vector machine (SVM) technique while classifying network traffic as harmful or harmless. Initially to evaluate the performance of the system, NSL-KDD dataset is used to train and test the SVM and ANN models and finally classify real time network traffic using these models. This system can be used to carry out model building automatically on the new datasets and also for classifying the behaviour of the provided dataset without having to code.

Sign in / Sign up

Export Citation Format

Share Document