scholarly journals LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection

Electronics ◽  
2020 ◽  
Vol 9 (5) ◽  
pp. 800 ◽  
Author(s):  
Robertas Damasevicius ◽  
Algimantas Venckauskas ◽  
Sarunas Grigaliunas ◽  
Jevgenijus Toldinas ◽  
Nerijus Morkevicius ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Real World ◽  
Network Traffic ◽  
Network Flow ◽  
Detection Methods ◽  
Network Intrusion Detection ◽  
Clustering Methods ◽  
Modern Computer ◽  
Network Intrusion ◽  
Flow Features

Network intrusion detection is one of the main problems in ensuring the security of modern computer networks, Wireless Sensor Networks (WSN), and the Internet-of-Things (IoT). In order to develop efficient network-intrusion-detection methods, realistic and up-to-date network flow datasets are required. Despite several recent efforts, there is still a lack of real-world network-based datasets which can capture modern network traffic cases and provide examples of many different types of network attacks and intrusions. To alleviate this need, we present LITNET-2020, a new annotated network benchmark dataset obtained from the real-world academic network. The dataset presents real-world examples of normal and under-attack network traffic. We describe and analyze 85 network flow features of the dataset and 12 attack types. We present the analysis of the dataset features by using statistical analysis and clustering methods. Our results show that the proposed feature set can be effectively used to identify different attack classes in the dataset. The presented network dataset is made freely available for research purposes.

scholarly journals Network Intrusion Detection with Threat Agent Profiling

2018 ◽  
Vol 2018 ◽  
pp. 1-17 ◽  
Author(s):  
Tomáš Bajtoš ◽  
Andrej Gajdoš ◽  
Lenka Kleinová ◽  
Katarína Lučivjanská ◽  
Pavol Sokol
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Clustering Algorithms ◽  
Computer Systems ◽  
Network Intrusion Detection ◽  
Clustering Methods ◽  
Security Incident ◽  
Network Intrusion ◽  
Fine Classification

With the increase in usage of computer systems and computer networks, the problem of intrusion detection in network security has become an important issue. In this paper, we discuss approaches that simplify network administrator’s work. We applied clustering methods for security incident profiling. We considerK-means, PAM, and CLARA clustering algorithms. For this purpose, we used data collected in Warden system from various security tools. We do not aim to differentiate between normal and abnormal network traffic, but we focus on grouping similar threat agents based on attributes of security events. We suggest a case of a fine classification and a case of a coarse classification and discuss advantages of both cases.

A Survey on Data-driven Network Intrusion Detection

2022 ◽  
Vol 54 (9) ◽  
pp. 1-36
Author(s):  
Dylan Chou ◽  
Meng Jiang
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Real World ◽  
Data Driven ◽  
Network Intrusion Detection ◽  
Large Network ◽  
Learning Models ◽  
Simulated Environments ◽  
Network Intrusion ◽  
Machine Learning Models

Data-driven network intrusion detection (NID) has a tendency towards minority attack classes compared to normal traffic. Many datasets are collected in simulated environments rather than real-world networks. These challenges undermine the performance of intrusion detection machine learning models by fitting machine learning models to unrepresentative “sandbox” datasets. This survey presents a taxonomy with eight main challenges and explores common datasets from 1999 to 2020. Trends are analyzed on the challenges in the past decade and future directions are proposed on expanding NID into cloud-based environments, devising scalable models for large network data, and creating labeled datasets collected in real-world networks.

scholarly journals Anomaly-based Network Intrusion Detection Methods

2013 ◽  
Vol 11 (6) ◽  
Author(s):  
Pavel Nevlud ◽  
Miroslav Bures ◽  
Lukas Kapicak ◽  
Jaroslav Zdralek
Keyword(s):  
Intrusion Detection ◽  
Detection Methods ◽  
Network Intrusion Detection ◽  
Network Intrusion

CLUSTERING-BASED NETWORK INTRUSION DETECTION

2007 ◽  
Vol 14 (02) ◽  
pp. 169-187 ◽  
Author(s):  
SHI ZHONG ◽  
TAGHI M. KHOSHGOFTAAR ◽  
NAEEM SELIYA
Keyword(s):  
Data Mining ◽  
Network Security ◽  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Network Traffic ◽  
Clustering Algorithms ◽  
Network Intrusion Detection ◽  
Learning Methods ◽  
High Detection Rate ◽  
Network Intrusion

Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.

scholarly journals MFVT:An Anomaly Traffic Detection Method Merging Feature Fusion Network and Vision Transformer Architecture

2021 ◽  
Author(s):  
Ming Li ◽  
Dezhi Han ◽  
Dun Li ◽  
Han Liu ◽  
Chin- Chen Chang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Feature Fusion ◽  
Imbalanced Data ◽  
Network Intrusion Detection ◽  
Detection Accuracy ◽  
Data Sets ◽  
Imbalanced Data Sets ◽  
Network Intrusion

Abstract Network intrusion detection, which takes the extraction and analysis of network traffic features as the main method, plays a vital role in network security protection. The current network traffic feature extraction and analysis for network intrusion detection mostly uses deep learning algorithms. Currently, deep learning requires a lot of training resources, and have weak processing capabilities for imbalanced data sets. In this paper, a deep learning model (MFVT) based on feature fusion network and Vision Transformer architecture is proposed, to which improves the processing ability of imbalanced data sets and reduces the sample data resources needed for training. Besides, to improve the traditional raw traffic features extraction methods, a new raw traffic features extraction method (CRP) is proposed, the CPR uses PCA algorithm to reduce all the processed digital traffic features to the specified dimension. On the IDS 2017 dataset and the IDS 2012 dataset, the ablation experiments show that the performance of the proposed MFVT model is significantly better than other network intrusion detection models, and the detection accuracy can reach the state-of-the-art level. And, When MFVT model is combined with CRP algorithm, the detection accuracy is further improved to 99.99%.

scholarly journals Development of software application for network traffic analysis and intrusion detection

2021 ◽  
pp. 57-64
Author(s):  
Alexander Ivanov ◽  
◽  
Alexander Kutischev ◽  
Elena Nikitina ◽  
◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Network Intrusion Detection ◽  
Network Attacks ◽  
Software Application ◽  
Detection Systems ◽  
Network Traffic Analysis ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

This paper demonstrated the use of neural networks in the development of network intrusion detection systems, described the structure of the developed software application for network traffic analysis and network attacks detection, and presented the software application results.

scholarly journals Design of Optimal Acceptance Sampling Plan for Network Intrusion Detection

2019 ◽  
Vol 9 (1) ◽  
pp. 4379-4383
Keyword(s):  
Intrusion Detection ◽  
Network Flow ◽  
Network Flows ◽  
Monitoring Network ◽  
Computational Effort ◽  
Network Intrusion Detection ◽  
Acceptance Sampling ◽  
Network Intrusion ◽  
Acceptance Sampling Plan ◽  
The Cost

Network Intrusion Detection Systems (NIDS) protects networks connected to the internet from malicious attacks by monitoring network flows predominantly at fragment level in network layer. Inspecting every fragment of a network flow is computationally prohibitive. The Acceptance Sampling for Network Intrusion Detection (ASNID) method avoids hundred percent inspections of fragments to detect anomalous flows. This study proposes a model to determine optimal acceptance sample size. Further, this study also proposes a model for estimating the cost of computational effort.

scholarly journals Network Intrusion Detection Based on an Efficient Neural Architecture Search

Symmetry ◽  
2021 ◽  
Vol 13 (8) ◽  
pp. 1453
Author(s):  
Renjian Lyu ◽  
Mingshu He ◽  
Yu Zhang ◽  
Lei Jin ◽  
Xinlei Wang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Monitoring ◽  
Classification Model ◽  
Network Intrusion Detection ◽  
Traffic Classification ◽  
Neural Architecture ◽  
Network Intrusion ◽  
Network Traffic Classification

Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.

scholarly journals The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

Sensors ◽  
2021 ◽  
Vol 21 (13) ◽  
pp. 4319
Author(s):  
Maria-Elena Mihailescu ◽  
Darius Mihai ◽  
Mihai Carabas ◽  
Mikołaj Komisarek ◽  
Marek Pawlicki ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Cross Validation ◽  
Real Life ◽  
Arms Race ◽  
Detection Methods ◽  
Network Intrusion Detection ◽  
Network Intrusion ◽  
Academic Network ◽  
The Stability

Cybersecurity is an arms race, with both the security and the adversaries attempting to outsmart one another, coming up with new attacks, new ways to defend against those attacks, and again with new ways to circumvent those defences. This situation creates a constant need for novel, realistic cybersecurity datasets. This paper introduces the effects of using machine-learning-based intrusion detection methods in network traffic coming from a real-life architecture. The main contribution of this work is a dataset coming from a real-world, academic network. Real-life traffic was collected and, after performing a series of attacks, a dataset was assembled. The dataset contains 44 network features and an unbalanced distribution of classes. In this work, the capability of the dataset for formulating machine-learning-based models was experimentally evaluated. To investigate the stability of the obtained models, cross-validation was performed, and an array of detection metrics were reported. The gathered dataset is part of an effort to bring security against novel cyberthreats and was completed in the SIMARGL project.

Sign in / Sign up

Export Citation Format

Share Document