An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

Feature Selection Strategy for Network Intrusion Detection System (NIDS) Using Meerkat Clan Algorithm

International Journal of Interactive Mobile Technologies (iJIM) ◽

10.3991/ijim.v15i16.24173 ◽

2021 ◽

Vol 15 (16) ◽

pp. 158

Author(s):

Atheer R. Muhsen ◽

Ghazwh G. Jumaa ◽

Nadia F. AL Bakri ◽

Ahmed T. Sadiq

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Selection Strategy ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems ◽

Experimental Findings

The task of network security is to keep services available at all times by dealing with hacker attacks. One of the mechanisms obtainable is the Intrusion Detection System (IDS) which is used to sense and classify any abnormal actions. Therefore, the IDS system should always be up-to-date with the latest hacker attack signatures to keep services confidential, safe, and available. IDS speed is a very important issue in addition to learning new attacks. A modified selection strategy based on features was proposed in this paper one of the important swarm intelligent algorithms is the Meerkat Clan Algorithm (MCA). Meerkat Clan Algorithm has good diversity solutions through its neighboring generation conduct and it was used to solve several problems. The proposed strategy benefitted from mutual information to increase the performance and decrease the consumed time. Two datasets (NSL-KDD & UNSW-NB15) for Network Intrusion Detection Systems (NIDS) have been used to verify the performance of the proposed algorithm. The experimental findings indicate that, compared to other approaches, the proposed algorithm produces good results in a minimum of time.

Download Full-text

A Review on Intrusion Detection Systems and Techniques

International Journal of Uncertainty Fuzziness and Knowledge-Based Systems ◽

10.1142/s0218488520400140 ◽

2020 ◽

Vol 28 (Supp02) ◽

pp. 65-91

Author(s):

Nitesh Singh Bhati ◽

Manju Khari ◽

Vicente García-Díaz ◽

Elena Verdú

Keyword(s):

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Security System ◽

Intrusion Detection Systems ◽

The Internet ◽

Detection Techniques ◽

Detection Systems ◽

Network Security System

An Intrusion Detection System (IDS) is a network security system that detects, identifies, and tracks an intruder or an invader in a network. As the usage of the internet is growing every day in our society, the IDS is becoming an essential part of the network security system. Therefore, the proper research and implementation of IDSs are required. Today, with the help of improved technologies at our disposal, many solutions have been found to create many intrusion detection systems. However, it is difficult to identify the perfect solution from the vast options we have available. Hence, motivated by the need of a better security system, this paper presents a survey of different published solutions that have been developed and/or researched on the topic of intrusion detection techniques during the period from 2000 to 2019, including the accuracy of the output. With the help of this survey, an all-inclusive view of the different papers would be at one’s disposal.

Download Full-text

Hybrid ModifiedK-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems

The Scientific World JOURNAL ◽

10.1155/2015/294761 ◽

2015 ◽

Vol 2015 ◽

pp. 1-14 ◽

Cited By ~ 12

Author(s):

Wathiq Laftah Al-Yaseen ◽

Zulaiha Ali Othman ◽

Mohd Zakree Ahmad Nazri

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Processing Time ◽

Detection System ◽

Network Size ◽

Intrusion Detection Systems ◽

Data Networks ◽

Detection Accuracy ◽

Detection Systems ◽

And Performance

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modifiedK-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modifiedK-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

Download Full-text

OPTIMIZATION ALGORITHMS FOR INTRUSION DETECTION SYSTEM: A REVIEW

International Journal of Research -GRANTHAALAYAH ◽

10.29121/granthaalayah.v8.i8.2020.1031 ◽

2020 ◽

Vol 8 (8) ◽

pp. 217-225

Author(s):

Sheren Sadiq ◽

Adel Sabry Eesa

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Optimization Algorithms ◽

Intrusion Detection Systems ◽

The Internet ◽

Good Source ◽

Detection Systems ◽

Bee Colony ◽

System A

With the growth and development of the Internet, the devices and the hosts connected to the Internet have become the target for attackers and intruders. Consequently, the integrity of systems and data has become more sophisticated. Meanwhile, many institutions suffer from money-losing or other losses due to attacks on computer systems. Accordingly, the detection of intrusion and attacks has become a challenge and a vital necessity at the same time. Many different methods were used to build intrusion detection systems (IDSs), and all these methods seek to a plus the efficiency of intrusion detection systems. This paper is a survey which tries to covers some of the optimization algorithms used in the field of intrusion detection in past ten years such as Artificial Bee Colony (ABC), Genetic Algorithm (GA), Cuttlefish Algorithms (CFA), and Particle Swarm Optimization (PSO). It is hoped that this review will provide useful insights about the intrusion detection literature and is a good source for anyone interested in applying one of the used optimization algorithms in the field of intrusion detection.

Download Full-text

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Journal of Electrical and Computer Engineering ◽

10.1155/2017/1794849 ◽

2017 ◽

Vol 2017 ◽

pp. 1-6 ◽

Cited By ~ 5

Author(s):

Uma R. Salunkhe ◽

Suresh N. Mali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Detection System ◽

Hybrid Approach ◽

Classifier Ensemble ◽

Intrusion Detection Systems ◽

Detection Rates ◽

Detection Systems

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Download Full-text

Enhanced Network Intrusion Detection System

Sensors ◽

10.3390/s21237835 ◽

2021 ◽

Vol 21 (23) ◽

pp. 7835

Author(s):

Ketan Kotecha ◽

Raghav Verma ◽

Prahalad V. Rao ◽

Priyanshu Prasad ◽

Vipul Kumar Mishra ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Network Intrusion Detection ◽

High Detection Rate ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection System ◽

Network Intrusion Detection Systems ◽

High Detection

A reasonably good network intrusion detection system generally requires a high detection rate and a low false alarm rate in order to predict anomalies more accurately. Older datasets cannot capture the schema of a set of modern attacks; therefore, modelling based on these datasets lacked sufficient generalizability. This paper operates on the UNSW-NB15 Dataset, which is currently one of the best representatives of modern attacks and suggests various models. We discuss various models and conclude our discussion with the model that performs the best using various kinds of evaluation metrics. Alongside modelling, a comprehensive data analysis on the features of the dataset itself using our understanding of correlation, variance, and similar factors for a wider picture is done for better modelling. Furthermore, hypothetical ponderings are discussed for potential network intrusion detection systems, including suggestions on prospective modelling and dataset generation as well.

Download Full-text

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

Download Full-text

IDS-attention: an efficient algorithm for intrusion detection systems using attention mechanism

Journal Of Big Data ◽

10.1186/s40537-021-00544-5 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

FatimaEzzahra Laghrissi ◽

Samira Douzi ◽

Khadija Douzi ◽

Badr Hssina

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Short Term Memory ◽

Detection System ◽

False Negative ◽

False Negative Rate ◽

Attention Mechanism ◽

Intrusion Detection Systems ◽

Network Attacks ◽

Detection Systems

AbstractNetwork attacks are illegal activities on digital resources within an organizational network with the express intention of compromising systems. A cyber attack can be directed by individuals, communities, states or even from an anonymous source. Hackers commonly conduct network attacks to alter, damage, or steal private data. Intrusion detection systems (IDS) are the best and most effective techniques when it comes to tackle these threats. An IDS is a software application or hardware device that monitors traffic to search for malevolent activity or policy breaches. Moreover, IDSs are designed to be deployed in different environments, and they can either be host-based or network-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system is located on the network. IDSs based on deep learning have been used in the past few years and proved their effectiveness. However, these approaches produce a big false negative rate, which impacts the performance and potency of network security. In this paper, a detection model based on long short-term memory (LSTM) and Attention mechanism is proposed. Furthermore, we used four reduction algorithms, namely: Chi-Square, UMAP, Principal Components Analysis (PCA), and Mutual information. In addition, we evaluated the proposed approaches on the NSL-KDD dataset. The experimental results demonstrate that using Attention with all features and using PCA with 03 components had the best performance, reaching an accuracy of 99.09% and 98.49% for binary and multiclass classification, respectively.

Download Full-text

ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

10.36227/techrxiv.11454321 ◽

2020 ◽

Author(s):

Abhishek Verma ◽

Virender Ranga

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Ensemble Learning ◽

Intrusion Detection System ◽

Detection System ◽

Smart Devices ◽

Network Intrusion Detection ◽

The Internet ◽

Routing Attacks ◽

Network Intrusion

Internet of Things is realized by a large number of heterogeneous smart devices which sense, collect and share data with each other over the internet in order to control the physical world. Due to open nature, global connectivity and resource constrained nature of smart devices and wireless networks the Internet of Things is susceptible to various routing attacks. In this paper, we purpose an architecture of Ensemble Learning based Network Intrusion Detection System named ELNIDS for detecting routing attacks against IPv6 Routing Protocol for Low-Power and Lossy Networks. We implement four different ensemble based machine learning classifiers including Boosted Trees, Bagged Trees, Subspace Discriminant and RUSBoosted Trees. To evaluate proposed intrusion detection model we have used RPL-NIDDS17 dataset which contains packet traces of Sinkhole, Blackhole, Sybil, Clone ID, Selective Forwarding, Hello Flooding and Local Repair attacks. Simulation results show the effectiveness of the proposed architecture. We observe that ensemble of Boosted Trees achieve the highest Accuracy of 94.5% while Subspace Discriminant method achieves the lowest Accuracy of 77.8% among classifier validation methods. Similarly, an ensemble of RUSBoosted Trees achieves the highest Area under ROC value of 0.98 while lowest Area under ROC value of 0.87 is achieved by an ensemble of Subspace Discriminant among all classifier validation methods. All the implemented classifiers show acceptable performance results.

Download Full-text