scholarly journals IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses

Sensors ◽  
2021 ◽  
Vol 21 (19) ◽  
pp. 6432
Author(s):  
Khalid Albulayhi ◽  
Abdallah A. Smadi ◽  
Frederick T. Sheldon ◽  
Robert K. Abercrombie
Keyword(s):  
Intrusion Detection ◽  
Performance Metrics ◽  
Hybrid Methods ◽  
Machine Learning Algorithms ◽  
Support Vector ◽  
Reference Architecture ◽  
Detection Rates ◽  
Detection Systems ◽  
Classification Prediction ◽  
Artificial Neural Network Ann

This paper surveys the deep learning (DL) approaches for intrusion-detection systems (IDSs) in Internet of Things (IoT) and the associated datasets toward identifying gaps, weaknesses, and a neutral reference architecture. A comparative study of IDSs is provided, with a review of anomaly-based IDSs on DL approaches, which include supervised, unsupervised, and hybrid methods. All techniques in these three categories have essentially been used in IoT environments. To date, only a few have been used in the anomaly-based IDS for IoT. For each of these anomaly-based IDSs, the implementation of the four categories of feature(s) extraction, classification, prediction, and regression were evaluated. We studied important performance metrics and benchmark detection rates, including the requisite efficiency of the various methods. Four machine learning algorithms were evaluated for classification purposes: Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), and an Artificial Neural Network (ANN). Therefore, we compared each via the Receiver Operating Characteristic (ROC) curve. The study model exhibits promising outcomes for all classes of attacks. The scope of our analysis examines attacks targeting the IoT ecosystem using empirically based, simulation-generated datasets (namely the Bot-IoT and the IoTID20 datasets).

scholarly journals ANOMALY DETECTION USING MACHINE LEARNING APPROACHES

2020 ◽  
Vol 3 (2) ◽  
pp. 196-206
Author(s):  
Mausumi Das Nath ◽  
◽  
Tapalina Bhattasali
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Vital Role ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Abnormal Behavior ◽  
Support Vector ◽  
Learning Approaches ◽  
Detection Systems ◽  
Internet Users

Due to the enormous usage of the Internet, users share resources and exchange voluminous amounts of data. This increases the high risk of data theft and other types of attacks. Network security plays a vital role in protecting the electronic exchange of data and attempts to avoid disruption concerning finances or disrupted services due to the unknown proliferations in the network. Many Intrusion Detection Systems (IDS) are commonly used to detect such unknown attacks and unauthorized access in a network. Many approaches have been put forward by the researchers which showed satisfactory results in intrusion detection systems significantly which ranged from various traditional approaches to Artificial Intelligence (AI) based approaches.AI based techniques have gained an edge over other statistical techniques in the research community due to its enormous benefits. Procedures can be designed to display behavior learned from previous experiences. Machine learning algorithms are used to analyze the abnormal instances in a particular network. Supervised learning is essential in terms of training and analyzing the abnormal behavior in a network. In this paper, we propose a model of Naïve Bayes and SVM (Support Vector Machine) to detect anomalies and an ensemble approach to solve the weaknesses and to remove the poor detection results

scholarly journals Empirical Evaluation of Noise Influence on Supervised Machine Learning Algorithms Using Intrusion Detection Datasets

2021 ◽  
Vol 2021 ◽  
pp. 1-28
Author(s):  
Khalid M. Al-Gethami ◽  
Mousa T. Al-Akhras ◽  
Mohammed Alawairdhi
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Extreme Values ◽  
Empirical Evaluation ◽  
Machine Learning Algorithms ◽  
Supervised Machine Learning ◽  
Intrusion Detection Systems ◽  
Support Vector ◽  
Detection Systems ◽  
Ensembles Of Classifiers

Optimizing the detection of intrusions is becoming more crucial due to the continuously rising rates and ferocity of cyber threats and attacks. One of the popular methods to optimize the accuracy of intrusion detection systems (IDSs) is by employing machine learning (ML) techniques. However, there are many factors that affect the accuracy of the ML-based IDSs. One of these factors is noise, which can be in the form of mislabelled instances, outliers, or extreme values. Determining the extent effect of noise helps to design and build more robust ML-based IDSs. This paper empirically examines the extent effect of noise on the accuracy of the ML-based IDSs by conducting a wide set of different experiments. The used ML algorithms are decision tree (DT), random forest (RF), support vector machine (SVM), artificial neural networks (ANNs), and Naïve Bayes (NB). In addition, the experiments are conducted on two widely used intrusion datasets, which are NSL-KDD and UNSW-NB15. Moreover, the paper also investigates the use of these ML algorithms as base classifiers with two ensembles of classifiers learning methods, which are bagging and boosting. The detailed results and findings are illustrated and discussed in this paper.

scholarly journals Classification model for accuracy and intrusion detection using machine learning approach

2021 ◽  
Vol 7 ◽  
pp. e437
Author(s):  
Arushi Agarwal ◽  
Purushottam Sharma ◽  
Mohammed Alshehri ◽  
Ahmed A. Mohamed ◽  
Osama Alfarraj
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Nearest Neighbor ◽  
Performance Metrics ◽  
Detection System ◽  
Confusion Matrix ◽  
Machine Learning Algorithms ◽  
Classification Model ◽  
Support Vector ◽  
K Nearest Neighbor

In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

scholarly journals Improving Intrusion Detection Model Prediction by Threshold Adaptation

Information ◽  
2019 ◽  
Vol 10 (5) ◽  
pp. 159 ◽  
Author(s):  
Al Tobi ◽  
Duncan
Keyword(s):  
Random Forest ◽  
Intrusion Detection ◽  
Machine Learning Algorithms ◽  
Support Vector ◽  
Detection Rates ◽  
Detection Model ◽  
Network Intrusion ◽  
Prospective Sampling ◽  
Improving Accuracy ◽  
High Level

Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates.

A new ensemble based approach for intrusion detection system using voting

2021 ◽  
pp. 1-11
Author(s):  
Nitesh Singh Bhati ◽  
Manju Khari
Keyword(s):  
Support Vector Machine ◽  
Intrusion Detection ◽  
Detection System ◽  
Severe Form ◽  
Machine Learning Algorithms ◽  
Support Vector ◽  
Detection Systems ◽  
Confidential Data ◽  
Effective System ◽  
Better Than

With the increase in the amount of data available today, the responsibility of keeping that data safe has also taken a more severe form. To prevent confidential data from getting in the hands of an attacker, some measures need to be taken. Here comes the need for an effective system, which can classify the traffic as an attack or normal. Intrusion Detection Systems can do this work with perfection. Many machine learning algorithms are used to develop efficient IDS. These IDS provide remarkable results. However, ensemble-based IDS using voting have been seen to outperform individual approaches (Support Vector Machine and ExtraTree). Since the Voting methodology is able to work around both, theoretically similar and different classifiers and produce a single classifier based on the majority characteristics, it proved to be better than the other ensemble based techniques. In this paper, an ensemble IDS implementation is presented based on the voting ensemble method, using the two algorithms, Support Vector Machine (SVC) and ExtraTree. The experiment is performed on the KDDCup99 Dataset. The evaluation of the performance of the proposed method is based on the comparison with an unoptimized implementation of the same. The results based on performing the experiment in Python fetched an accuracy of 99.90%.

scholarly journals Polymorphic Adversarial Cyberattacks Using WGAN

2021 ◽  
Vol 1 (4) ◽  
pp. 767-792
Author(s):  
Ravi Chauhan ◽  
Ulya Sabeel ◽  
Alireza Izaddoost ◽  
Shahram Shah Heydari
Keyword(s):  
Intrusion Detection ◽  
High Volume ◽  
Machine Learning Algorithms ◽  
Training Data ◽  
Generative Adversarial Network ◽  
Detection Rates ◽  
Detection Systems ◽  
Adversarial Network ◽  
Essential Components ◽  
Attack Data

Intrusion Detection Systems (IDS) are essential components in preventing malicious traffic from penetrating networks and systems. Recently, these systems have been enhancing their detection ability using machine learning algorithms. This development also forces attackers to look for new methods for evading these advanced Intrusion Detection Systemss. Polymorphic attacks are among potential candidates that can bypass the pattern matching detection systems. To alleviate the danger of polymorphic attacks, the IDS must be trained with datasets that include these attacks. Generative Adversarial Network (GAN) is a method proven in generating adversarial data in the domain of multimedia processing, text, and voice, and can produce a high volume of test data that is indistinguishable from the original training data. In this paper, we propose a model to generate adversarial attacks using Wasserstein GAN (WGAN). The attack data synthesized using the proposed model can be used to train an IDS. To evaluate the trained IDS, we study several techniques for updating the attack feature profile for the generation of polymorphic data. Our results show that by continuously changing the attack profiles, defensive systems that use incremental learning will still be vulnerable to new attacks; meanwhile, their detection rates improve incrementally until the polymorphic attack exhausts its profile variables.

scholarly journals A Machine Learning Approach for Improving the Performance of Network Intrusion Detection Systems

2021 ◽  
Vol 5 (5) ◽  
pp. 201-208
Author(s):  
Adnan Helmi Azizan ◽  
Salama A. Mostafa ◽  
Aida Mustapha ◽  
Cik Feresa Mohd Foozy ◽  
Mohd Helmy Abd Wahab ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Knowledge Discovery In Databases ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
Average Precision ◽  
Detection Systems ◽  
Network Intrusion

Intrusion detection systems (IDS) are used in analyzing huge data and diagnose anomaly traffic such as DDoS attack; thus, an efficient traffic classification method is necessary for the IDS. The IDS models attempt to decrease false alarm and increase true alarm rates in order to improve the performance accuracy of the system. To resolve this concern, three machine learning algorithms have been tested and evaluated in this research which are decision jungle (DJ), random forest (RF) and support vector machine (SVM). The main objective is to propose a ML-based network intrusion detection system (ML-based NIDS) model that compares the performance of the three algorithms based on their accuracy and precision of anomaly traffics. The knowledge discovery in databases (KDD) methodology and intrusion detection evaluation dataset (CIC-IDS2017) are used in the testing which both are considered as a benchmark in the evaluation of IDS. The average accuracy results of the SVM is 98.18%, RF is 96.76% and DJ is 96.50% in which the highest accuracy is achieved by the SVM. The average precision results of the SVM is 98.74, RF is 97.96 and DJ is 97.82 in which the SVM got a higher average precision compared with the other two algorithms. The average recall results of the SVM is 95.63, RF is 97.62 and DJ is 95.77 in which the RF achieves the highest average of recall than SVM and DJ. In overall, the SVM algorithm is found to be the best algorithm that can be used to detect an intrusion in the system.

scholarly journals Prediction of Healing Performance of Autogenous Healing Concrete Using Machine Learning

Materials ◽  
2021 ◽  
Vol 14 (15) ◽  
pp. 4068
Author(s):  
Xu Huang ◽  
Mirna Wasouf ◽  
Jessada Sresakoolchai ◽  
Sakdirat Kaewunruen
Keyword(s):  
Machine Learning ◽  
Search Algorithm ◽  
Weather Conditions ◽  
Prediction Performance ◽  
Machine Learning Algorithms ◽  
Coefficient Of Determination ◽  
Gradient Boosting ◽  
Support Vector ◽  
Self Healing ◽  
Artificial Neural Network Ann

Cracks typically develop in concrete due to shrinkage, loading actions, and weather conditions; and may occur anytime in its life span. Autogenous healing concrete is a type of self-healing concrete that can automatically heal cracks based on physical or chemical reactions in concrete matrix. It is imperative to investigate the healing performance that autogenous healing concrete possesses, to assess the extent of the cracking and to predict the extent of healing. In the research of self-healing concrete, testing the healing performance of concrete in a laboratory is costly, and a mass of instances may be needed to explore reliable concrete design. This study is thus the world’s first to establish six types of machine learning algorithms, which are capable of predicting the healing performance (HP) of self-healing concrete. These algorithms involve an artificial neural network (ANN), a k-nearest neighbours (kNN), a gradient boosting regression (GBR), a decision tree regression (DTR), a support vector regression (SVR) and a random forest (RF). Parameters of these algorithms are tuned utilising grid search algorithm (GSA) and genetic algorithm (GA). The prediction performance indicated by coefficient of determination (R2) and root mean square error (RMSE) measures of these algorithms are evaluated on the basis of 1417 data sets from the open literature. The results show that GSA-GBR performs higher prediction performance (R2GSA-GBR = 0.958) and stronger robustness (RMSEGSA-GBR = 0.202) than the other five types of algorithms employed to predict the healing performance of autogenous healing concrete. Therefore, reliable prediction accuracy of the healing performance and efficient assistance on the design of autogenous healing concrete can be achieved.

scholarly journals Optimization of Intrusion Detection Systems Determined by Ameliorated HNADAM-SGD Algorithm

2021 ◽  
Author(s):  
Shyla Shyla ◽  
Vishal Bhatnagar ◽  
Vikram Bali ◽  
Shivani Bali
Keyword(s):  
Intrusion Detection ◽  
Gradient Descent ◽  
Optimization Techniques ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Stochastic Gradient Descent ◽  
Data Traffic ◽  
Detection Systems ◽  
Moment Estimation ◽  
Classi Fication

A single Information security is of pivotal concern for consistently streaming information over the widespread internetwork. The bottleneck flow of incoming and outgoing data traffic introduces the issue of malicious activities taken place by intruders, hackers and attackers in the form of authenticity desecration, gridlocking data traffic, vandalizing data and crashing the established network. The issue of emerging suspicious activities is managed by the domain of Intrusion Detection Systems (IDS). The IDS consistently monitors the network for identifica-tion of suspicious activities and generates alarm and indication in presence of malicious threats and worms. The performance of IDS is improved by using different signature based machine learning algorithms. In this paper, the performance of IDS model is determined using hybridization of nestrov-accelerated adaptive moment estimation –stochastic gradient descent (HNADAM-SDG) algorithm. The performance of the algorithm is compared with other classi-fication algorithms as logistic regression, ridge classifier and ensemble algorithm by adapting feature selection and optimization techniques

Sign in / Sign up

Export Citation Format

Share Document