scholarly journals Improving Intrusion Detection Model Prediction by Threshold Adaptation

Information ◽  
2019 ◽  
Vol 10 (5) ◽  
pp. 159 ◽  
Author(s):  
Al Tobi ◽  
Duncan
Keyword(s):  
Random Forest ◽  
Intrusion Detection ◽  
Machine Learning Algorithms ◽  
Support Vector ◽  
Detection Rates ◽  
Detection Model ◽  
Network Intrusion ◽  
Prospective Sampling ◽  
Improving Accuracy ◽  
High Level

Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates.

scholarly journals IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses

Sensors ◽  
2021 ◽  
Vol 21 (19) ◽  
pp. 6432
Author(s):  
Khalid Albulayhi ◽  
Abdallah A. Smadi ◽  
Frederick T. Sheldon ◽  
Robert K. Abercrombie
Keyword(s):  
Intrusion Detection ◽  
Performance Metrics ◽  
Hybrid Methods ◽  
Machine Learning Algorithms ◽  
Support Vector ◽  
Reference Architecture ◽  
Detection Rates ◽  
Detection Systems ◽  
Classification Prediction ◽  
Artificial Neural Network Ann

This paper surveys the deep learning (DL) approaches for intrusion-detection systems (IDSs) in Internet of Things (IoT) and the associated datasets toward identifying gaps, weaknesses, and a neutral reference architecture. A comparative study of IDSs is provided, with a review of anomaly-based IDSs on DL approaches, which include supervised, unsupervised, and hybrid methods. All techniques in these three categories have essentially been used in IoT environments. To date, only a few have been used in the anomaly-based IDS for IoT. For each of these anomaly-based IDSs, the implementation of the four categories of feature(s) extraction, classification, prediction, and regression were evaluated. We studied important performance metrics and benchmark detection rates, including the requisite efficiency of the various methods. Four machine learning algorithms were evaluated for classification purposes: Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), and an Artificial Neural Network (ANN). Therefore, we compared each via the Receiver Operating Characteristic (ROC) curve. The study model exhibits promising outcomes for all classes of attacks. The scope of our analysis examines attacks targeting the IoT ecosystem using empirically based, simulation-generated datasets (namely the Bot-IoT and the IoTID20 datasets).

scholarly journals Ensemble-Based Online Machine Learning Algorithms for Network Intrusion Detection Systems Using Streaming Data

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 315
Author(s):  
Nathan Martindale ◽  
Muhammad Ismail ◽  
Douglas A. Talbert
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Intrusion Detection ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Detection Systems ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

As new cyberattacks are launched against systems and networks on a daily basis, the ability for network intrusion detection systems to operate efficiently in the big data era has become critically important, particularly as more low-power Internet-of-Things (IoT) devices enter the market. This has motivated research in applying machine learning algorithms that can operate on streams of data, trained online or “live” on only a small amount of data kept in memory at a time, as opposed to the more classical approaches that are trained solely offline on all of the data at once. In this context, one important concept from machine learning for improving detection performance is the idea of “ensembles”, where a collection of machine learning algorithms are combined to compensate for their individual limitations and produce an overall superior algorithm. Unfortunately, existing research lacks proper performance comparison between homogeneous and heterogeneous online ensembles. Hence, this paper investigates several homogeneous and heterogeneous ensembles, proposes three novel online heterogeneous ensembles for intrusion detection, and compares their performance accuracy, run-time complexity, and response to concept drifts. Out of the proposed novel online ensembles, the heterogeneous ensemble consisting of an adaptive random forest of Hoeffding Trees combined with a Hoeffding Adaptive Tree performed the best, by dealing with concept drift in the most effective way. While this scheme is less accurate than a larger size adaptive random forest, it offered a marginally better run-time, which is beneficial for online training.

scholarly journals Network intrusion detection using oversampling technique and machine learning algorithms

2022 ◽  
Vol 8 ◽  
pp. e820
Author(s):  
Hafiza Anisa Ahmed ◽  
Anum Hameed ◽  
Narmeen Zakaria Bawany
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Network Security ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Network Intrusion Detection ◽  
Classification Models ◽  
Network Intrusion

The expeditious growth of the World Wide Web and the rampant flow of network traffic have resulted in a continuous increase of network security threats. Cyber attackers seek to exploit vulnerabilities in network architecture to steal valuable information or disrupt computer resources. Network Intrusion Detection System (NIDS) is used to effectively detect various attacks, thus providing timely protection to network resources from these attacks. To implement NIDS, a stream of supervised and unsupervised machine learning approaches is applied to detect irregularities in network traffic and to address network security issues. Such NIDSs are trained using various datasets that include attack traces. However, due to the advancement in modern-day attacks, these systems are unable to detect the emerging threats. Therefore, NIDS needs to be trained and developed with a modern comprehensive dataset which contains contemporary common and attack activities. This paper presents a framework in which different machine learning classification schemes are employed to detect various types of network attack categories. Five machine learning algorithms: Random Forest, Decision Tree, Logistic Regression, K-Nearest Neighbors and Artificial Neural Networks, are used for attack detection. This study uses a dataset published by the University of New South Wales (UNSW-NB15), a relatively new dataset that contains a large amount of network traffic data with nine categories of network attacks. The results show that the classification models achieved the highest accuracy of 89.29% by applying the Random Forest algorithm. Further improvement in the accuracy of classification models is observed when Synthetic Minority Oversampling Technique (SMOTE) is applied to address the class imbalance problem. After applying the SMOTE, the Random Forest classifier showed an accuracy of 95.1% with 24 selected features from the Principal Component Analysis method.

scholarly journals Effective Intrusion Detection System to Secure Data in Cloud Using Machine Learning

Symmetry ◽  
2021 ◽  
Vol 13 (12) ◽  
pp. 2306
Author(s):  
Ammar Aldallal ◽  
Faisal Alisa
Keyword(s):  
Machine Learning ◽  
Cloud Computing ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Fitness Function ◽  
Support Vector ◽  
Network Intrusion ◽  
Proposed Model ◽  
High Level

When adopting cloud computing, cybersecurity needs to be applied to detect and protect against malicious intruders to improve the organization’s capability against cyberattacks. Having network intrusion detection with zero false alarm is a challenge. This is due to the asymmetry between informative features and irrelevant and redundant features of the dataset. In this work, a novel machine learning based hybrid intrusion detection system is proposed. It combined support vector machine (SVM) and genetic algorithm (GA) methodologies with an innovative fitness function developed to evaluate system accuracy. This system was examined using the CICIDS2017 dataset, which contains normal and most up-to-date common attacks. Both algorithms, GA and SVM, were executed in parallel to achieve two optimal objectives simultaneously: obtaining the best subset of features with maximum accuracy. In this scenario, an SVM was employed using different values of hyperparameters of the kernel function, gamma, and degree. The results were benchmarked with KDD CUP 99 and NSL-KDD. The results showed that the proposed model remarkably outperformed these benchmarks by up to 5.74%. This system will be effective in cloud computing, as it is expected to provide a high level of symmetry between information security and detection of attacks and malicious intrusion.

An Effective Intrusion Detection Model Based on Random Forest and Neural Networks

2011 ◽  
Vol 267 ◽  
pp. 308-313 ◽  
Author(s):  
Shao Hong Zhong ◽  
Hua Jun Huang ◽  
Ai Bin Chen
Keyword(s):  
Neural Networks ◽  
Random Forest ◽  
Intrusion Detection ◽  
Detection System ◽  
White Paper ◽  
Computationally Efficient ◽  
Detection Model ◽  
Detection Systems ◽  
Network Intrusion ◽  
Feature Selection Approach

This document explains and demonstrates how to prepare your camera-ready manuscript for Trans Tech Publications. The best is to read these instructions and follow the outline of this text. The text area for your manuscript must be 17 cm wide and 25 cm high (6.7 and 9.8 inches, resp.). Do not place any text outside this area. Use good quality, white paper of approximately 21 x 29 cm or 8 x 11 inches (please do not change the document setting from A4 to letter). Your manuscript will be reduced by approximately 20% by the publisher. Please keep this in mind when designing your figures and tables etc.Intrusion detection is a very important research domain in network security. Current intrusion detection systems (IDS) especially NIDS (Network Intrusion Detection System) examine all data features to detect intrusions. Also, many machine learning and data mining methods are utilized to fulfill intrusion detection tasks. This paper proposes an effective intrusion detection model that is computationally efficient and effective based on Random Forest based feature selection approach and Neural Networks (NN) model. We firstly utilize random forest method to select the most important features to eliminate the insignificant and/or useless inputs leads to a simplification of the problem, in order to faster and more accurate detection; Secondly, classic NN model is used to learn and detect intrusions using the selected important features. Experimental results on the well-known KDD 1999 dataset demonstrate the proposed hybrid model is actually effective.

Network Intrusion Detection Model Based on Genetic Algorithm Optimizing Parameters of Support Vector Machine

2014 ◽  
Vol 989-994 ◽  
pp. 2012-2015
Author(s):  
Chun Liu
Keyword(s):  
Genetic Algorithm ◽  
Support Vector Machine ◽  
Intrusion Detection ◽  
Computer Security ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
Detection Model ◽  
Model Based ◽  
Network Intrusion ◽  
Parameters Selection

Intrusion detection is an emerging area of research in the computer security and networks with the growing usage of internet in everyday life. Parameters selection of support vector machine is a important problems in network intrusion detection. In order to improve network intrusion detection precision, this paper proposed a network intrusion detection model based on parameters of support vector machine (SVM) by genetic algorithm. The performance of the model was tested by KDD Cup 99 data. Compared with other network intrusion detection models, the proposed model has significantly improved the detection precision of network intrusion.

scholarly journals Intrusion Detection System Combined Enhanced Random Forest With Smote Algorithm

2021 ◽  
Author(s):  
Wu Tao ◽  
Fan Honghui ◽  
Zhu HongJin ◽  
You CongZhe ◽  
Zhou HongYan ◽  
...  
Keyword(s):  
Random Forest ◽  
Network Security ◽  
Intrusion Detection ◽  
Classification Accuracy ◽  
Clustering Algorithm ◽  
Training Data ◽  
Data Set ◽  
Network Attacks ◽  
Detection Rates ◽  
Network Intrusion

Abstract Network security is subject to malicious attacks from multiple sources, and intrusion detection systems (IDS) play a key role in maintaining network security. During the training of intrusion detection models, the detection results generally have relatively large false detection rates due to the shortage of training data caused by data imbalance. To address the existing sample imbalance problem, this paper proposed a network intrusion detection algorithm based on enhanced random forest and Synthetic Minority Over-Sampling Technique (SMOTE) algorithm. Firstly, the method used a hybrid algorithm combining the K-means clustering algorithm with the SMOTE sampling algorithm to increase the number of minor samples and thus achieved a balanced data set, by which the sample features of minor samples could be learned more effectively. Secondly, preliminary prediction result was obtained by using enhanced random forest, and then the similarity matrix of network attacks was used to correct the prediction results of voting processing by the analysis of the type of network attacks. In this paper, the performance was tested using the NSL-KDD dataset with a classification accuracy of 99.72% on the training set and 78.47% on the test set. Compared with other related papers, our method has some improvement in the classification accuracy of detection.

Sign in / Sign up

Export Citation Format

Share Document