Intrusion Detection Systems Alerts Reduction

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Download Full-text

An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

Sustainability ◽

10.3390/su131810057 ◽

2021 ◽

Vol 13 (18) ◽

pp. 10057

Author(s):

Imran ◽

Faisal Jamil ◽

Dohyeun Kim

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

The Internet ◽

Detection Accuracy ◽

Learning Mechanism ◽

Detection Systems ◽

Network Applications ◽

Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

Download Full-text

Data Mining Techniques for Providing Network Security through Intrusion Detection Systems: a Survey

International Journal of Advances in Applied Sciences ◽

10.11591/ijaas.v7.i1.pp7-12 ◽

2018 ◽

Vol 7 (1) ◽

pp. 7

Author(s):

Prabhu Kavin B ◽

Ganapathy S

Keyword(s):

Data Mining ◽

Network Security ◽

Intrusion Detection ◽

Detection System ◽

Intrusion Detection Systems ◽

Detection Accuracy ◽

Data Mining Techniques ◽

Detection Systems ◽

Data Mining Algorithms ◽

Soft Computing Techniques

Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.

Download Full-text

Multilevel Intrusion Alert Post-processing for the Elimination of False Positives

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.37789 ◽

2021 ◽

Vol 9 (8) ◽

pp. 2458-2468

Author(s):

Riyad AM

Keyword(s):

Intrusion Detection ◽

Detection System ◽

False Positives ◽

Intrusion Detection Systems ◽

Post Processing ◽

Alert Correlation ◽

Detection Systems ◽

Correlation Graph ◽

Multi Level ◽

Intrusion Alerts

Abstract: Intrusion detection systems are the last line of defence in the network security domain. Improving the performance of intrusion detection systems always increase false positives. This is a serious problem in the field of intrusion detection. In order to overcome this issue to a great extend, we propose a multi level post processing of intrusion alerts eliminating false positives produced by various intrusion detection systems in the network. For this purpose, the alerts are normalized first. Then, a preliminary alert filtration phase prioritize the alerts and removes irrelevant alerts. The higher priority alerts are then aggregated to fewer numbers of hyper alerts. In the final phase, alert correlation is done and alert correlation graph is constructed for finding the causal relationship among the alerts which further eliminates false positives. Experiments were conducted on LLDOS 1.0 dataset for verifying the approach and measuring the accuracy. Keywords: Intrusion detection system, alert prioritization, alert aggregation, alert correlation, LLDOS 1.0 dataset, alert correlation graph.

Download Full-text

Flow-based anomaly intrusion detection system using two neural network stages

Computer Science and Information Systems ◽

10.2298/csis130415035a ◽

2014 ◽

Vol 11 (2) ◽

pp. 601-622 ◽

Cited By ~ 15

Author(s):

Yousef Abuadlla ◽

Goran Kvascev ◽

Slavko Gajin ◽

Zoran Jovanovic

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

High Speed ◽

Detection System ◽

Intrusion Detection Systems ◽

Computational Time ◽

False Alarms ◽

Detection Systems

Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability of false alarms.

Download Full-text

Hybrid ModifiedK-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems

The Scientific World JOURNAL ◽

10.1155/2015/294761 ◽

2015 ◽

Vol 2015 ◽

pp. 1-14 ◽

Cited By ~ 12

Author(s):

Wathiq Laftah Al-Yaseen ◽

Zulaiha Ali Othman ◽

Mohd Zakree Ahmad Nazri

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Processing Time ◽

Detection System ◽

Network Size ◽

Intrusion Detection Systems ◽

Data Networks ◽

Detection Accuracy ◽

Detection Systems ◽

And Performance

Presently, the processing time and performance of intrusion detection systems are of great importance due to the increased speed of traffic data networks and a growing number of attacks on networks and computers. Several approaches have been proposed to address this issue, including hybridizing with several algorithms. However, this paper aims at proposing a hybrid of modifiedK-means with C4.5 intrusion detection system in a multiagent system (MAS-IDS). The MAS-IDS consists of three agents, namely, coordinator, analysis, and communication agent. The basic concept underpinning the utilized MAS is dividing the large captured network dataset into a number of subsets and distributing these to a number of agents depending on the data network size and core CPU availability. KDD Cup 1999 dataset is used for evaluation. The proposed hybrid modifiedK-means with C4.5 classification in MAS is developed in JADE platform. The results show that compared to the current methods, the MAS-IDS reduces the IDS processing time by up to 70%, while improving the detection accuracy.

Download Full-text

Approaches for improving the performance of snort Intrusion Detection Systems

International Journal of Computer Science and Informatics ◽

10.47893/ijcsi.2012.1073 ◽

2012 ◽

pp. 102-105

Author(s):

V.P. Kshirsagar ◽

S.S. Vishnu ◽

S.M. Tidke

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

High Speed ◽

Detection System ◽

Intrusion Detection Systems ◽

Dynamic Adjustment ◽

Rule Based ◽

Matching Algorithm ◽

Detection Systems ◽

Rule Based System

The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as intrusion detection systems (IDS).In this paper the architecture of the snort which is an open source Intrusion detection system is explained. It is a rule based system hence the structure of the rule is also explained. But to match with the high speed of network traffic the performance of the SNORT need to be improved hence the various methods has been developed three of them are reviewed here which are Rules Matching Algorithm Based on Dynamic Adjustment, NAPI and LASSP.

Download Full-text

Effectiveness of Intrusion Detection Systems in High-speed Networks

International Journal of Information Communication Technology and Applications ◽

10.17972/ijicta20184138 ◽

2018 ◽

Vol 4 (1) ◽

pp. 1-10

Author(s):

Qinwen Hu ◽

Muhammad Rizwan Asghar ◽

Nevil Brownlee

Keyword(s):

Intrusion Detection ◽

High Speed ◽

Large Scale ◽

Network Flows ◽

Intrusion Detection Systems ◽

Detection Accuracy ◽

Detection Systems ◽

Network Intrusion ◽

Traffic Volumes ◽

Packet Drop

Network Intrusion Detection Systems (NIDSs) play a crucial role in detecting malicious activities within networks. Basically, a NIDS monitors network flows and compares them with a set of pre-defined suspicious patterns. To be effective, different intrusion detection algorithms and packet capturing methods have been implemented. With rapidly increasing network speeds, NIDSs face a challenging problem of monitoring large and diverse traffic volumes; in particular, high packet drop rates can have a significant impact on detection accuracy. In this work, we investigate three popular open-source NIDSs: Snort, Suricata, and Bro along with their comparative performance benchmarks. We investigate key factors (including system resource usage, packet processing speed and packet drop rate) that limit the applicability of NIDSs to large-scale networks. Moreover, we also analyse and compare the performance of NIDSs when configurations and traffic volumes are changed.

Download Full-text

A Fraud Detection System Based on Anomaly Intrusion Detection Systems for E-Commerce Applications

Computer and Information Science ◽

10.5539/cis.v7n2p117 ◽

2014 ◽

Vol 7 (2) ◽

Cited By ~ 4

Author(s):

Daniel Massa ◽

Raul Valverde

Keyword(s):

Intrusion Detection ◽

Detection System ◽

Fraud Detection ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Anomaly Intrusion Detection

Download Full-text

A Model based on Parallel Intrusion Detection Systems for High Speed Networking Security

New Technologies, Mobility and Security ◽

10.1007/978-1-4020-6270-4_40 ◽

2007 ◽

pp. 481-491

Author(s):

Sourour Meharouech ◽

Adel Bouhoula ◽

Tarek Abbes

Keyword(s):

Intrusion Detection ◽

High Speed ◽

Intrusion Detection Systems ◽

Detection Systems ◽

Model Based ◽

Networking Security

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text