Visualization Technique for Intrusion Detection

Intrusion detection system (IDS) plays a vital and crucial role in a computer security. However, they suffer from a number of problems such as low detection of DoS (denial-of-service)/DDoS (distributed denial-of-service) attacks with a high rate of false alarms. In this chapter, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets), which are automatically represented by simple geometric graphs in order to highlight relevant elements. Two implementations for this technique are performed. The first is based on the Euclidian distance while the second is based on KNN algorithm. The effectiveness of the proposed technique has been proven through a simulation of network traffic drawn from the 10% KDD and a comparison with other classification techniques for intrusion detection.

Download Full-text

Classification of DOS Attacks Using Visualization Technique

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2014040102 ◽

2014 ◽

Vol 8 (2) ◽

pp. 19-32 ◽

Cited By ~ 1

Author(s):

Mohamed Cheikh ◽

Salima Hacini ◽

Zizette Boufaida

Keyword(s):

Denial Of Service ◽

Matlab Simulation ◽

Dos Attacks ◽

Network Parameter ◽

Network Resource ◽

Data Packets ◽

Denial Of Service Attack ◽

Service Attack ◽

A New Technique ◽

Parameter Values

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. In this paper, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets) which are automatically represented by simple geometric graphs form in order to highlight relevant elements. The effectiveness of the proposed technique has been proven through a MATLAB simulation of network traffic drawn from the 10% KDD, and a comparison with other classification techniques for intrusion detection.

Download Full-text

Efficient Intrusion Detection System for SDN Orchestrated Internet of Things

Journal of Computer Networks and Communications ◽

10.1155/2021/5593214 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Esubalew M. Zeleke ◽

Henock M. Melaku ◽

Fikreselam G. Mengistu

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Service Availability ◽

Dos Attacks ◽

Network Systems ◽

Security Challenge ◽

Accuracy Result

Internet of Things (IoT) can simply be defined as an extension of the current Internet system. It extends the human to human interconnection and intercommunication scenario of the Internet by including things, to bring anytime, anywhere, and anything communication. A discipline in networking evolving in parallel with IoT is Software Defined Networking (SDN). It is an important technology that is aimed to solve the different problems existing in the traditional network systems. It provides a new convenient home to address the different challenges existing in different network-based systems including IoT. One important security challenge prevailing in such SDN-based IoT (SDIoT) systems is guarantying service availability. The ever-increasing denial of service (DoS) attacks are responsible for such service denials. A centralized signature-based intrusion detection system (IDS) is proposed and developed in this work. Random Forest (RF) classifier is used for training the model. A very popular and recent benchmark dataset, CICIDS2017, has been used for training and validating the machine learning (ML) models. An accuracy result of 99.968% has been achieved by using only 12 features on Wednesday’s release of the dataset. This result is higher than the achieved accuracy results of related works considering the original CICIDS2017 dataset. A maximum cross-validated accuracy result of 99.713% has been achieved on the same release of the dataset. These developed models meet the basic requirement of a supervised IDS system developed for smart environments and can effectively be used in different IoT service scenarios.

Download Full-text

A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections

International Journal of Information Security and Privacy ◽

10.4018/jisp.2010010102 ◽

2010 ◽

Vol 4 (1) ◽

pp. 18-31

Author(s):

Ran Tao ◽

Li Yang ◽

Lu Peng ◽

Bin Li

Keyword(s):

Operating System ◽

Intrusion Detection ◽

Detection System ◽

Denial Of Service ◽

Hardware Architecture ◽

Intrusion Detection Systems ◽

System Level ◽

Gradient Boosting ◽

Dos Attacks ◽

Detection Systems

Application features like port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions toward a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has not been well revealed. When increasingly sophisticated intrusions emerge, some attacks are able to bypass both the application and the operating system level feature monitors. Therefore, a more effective solution is required to enhance existing HIDSs. In this article, the authors identify the following hardware architecture features: Instruction Count, Cache Miss, Bus Traffic and integrate them into a HIDS framework based on a modern statistical Gradient Boosting Trees model. Through the integration of application, operating system and architecture level features, the proposed HIDS demonstrates a significant improvement of the detection rate in terms of sophisticated DoS intrusions.

Download Full-text

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Symmetry ◽

10.3390/sym13040557 ◽

2021 ◽

Vol 13 (4) ◽

pp. 557

Author(s):

Ivan Babić ◽

Aleksandar Miljković ◽

Milan Čabarkapa ◽

Vojkan Nikolić ◽

Aleksandar Đorđević ◽

...

Keyword(s):

Intrusion Detection ◽

Detection System ◽

Moving Average ◽

Denial Of Service ◽

False Alarms ◽

K Nearest Neighbors ◽

Variable Threshold ◽

Triple Modular Redundancy ◽

Novel Approach ◽

Modular Redundancy

This paper presents a novel approach for an Intrusion Detection System (IDS) based on one kind of asymmetric optimization which use any three already well-known IDS algorithms and Triple Modular Redundancy (TMR) algorithm together. Namely, a variable threshold which indicates an attack on an observed and protected network is determined by using all three values obtained with three known IDS algorithms i.e., on previously recorded data by making a decision by majority. For these algorithms authors used algorithm of k-nearest neighbors, cumulative sum algorithm, and algorithm of exponentially weighted moving average. Using a proposed method we can get a threshold that is more precisely determined than in the case of any method individual. Practically, using TMR we obtain a dynamically threshold adjustment of IDS software, which reduces the existence of false alarms and undetected attacks, so the efficiency of such IDS software is notably higher and can get better results. Today, Denial of Service attacks (DoS) are one of the most present type of attacks and the reason for the special attention paid to them in this paper. In addition, the authors of the proposed method for IDS software used a known CIC-DDoS2019 dataset, which contains various data recordings of such attacks. Obtained results with the proposed solution showed better characteristics than each individual used algorithm in this solution. IDS software with the proposed method worked precisely and timely, which means alarms were triggered properly and efficiently.

Download Full-text

Deteksi Serangan Denial of Service di Situs Web dengan Wireshark Menggunakan Metode IDS Berbasis Anomali

JELIKU (Jurnal Elektronik Ilmu Komputer Udayana) ◽

10.24843/jlk.2020.v08.i04.p02 ◽

2020 ◽

Vol 8 (4) ◽

pp. 375

Author(s):

Finandito Adhana ◽

I Ketut Gede Suhartana

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Dos Attack ◽

Dos Attacks ◽

Data Packets ◽

Anomaly Pattern ◽

Suspicious Activity

Denial of Service (DoS) attacks are increasingly dangerous. This DoS attack works by sending data packets continuously so that the target being attacked cannot be operated anymore. DoS attacks attack the most websites, thus making the website inaccessible. An anomaly based intrusion detection system (IDS) is a method used to detect suspicious activity in a system or network on the basis of anomaly pattern arising from such interference. Wireshark is software used to analyze network traffic packets that have various kinds of tools for network professionals.

Download Full-text

Network Intrusion Detection System (NIDS) in Cloud Environment based on Hidden Naïve Bayes Multiclass Classifier

Al-Mustansiriyah Journal of Science ◽

10.23851/mjs.v28i2.508 ◽

2018 ◽

Vol 28 (2) ◽

pp. 134 ◽

Cited By ~ 2

Author(s):

Hafza A. Mahmood

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Naive Bayes ◽

Detection System ◽

Denial Of Service ◽

Naïve Bayes ◽

Cloud Environment ◽

Dos Attacks ◽

Network Intrusion ◽

Hidden Naive Bayes

Cloud Environment is next generation internet based computing system that supplies customiza-ble services to the end user to work or access to the various cloud applications. In order to provide security and decrease the damage of information system, network and computer system it is im-portant to provide intrusion detection system (IDS. Now Cloud environment are under threads from network intrusions, as one of most prevalent and offensive means Denial of Service (DoS) attacks that cause dangerous impact on cloud computing systems. This paper propose Hidden naïve Bayes (HNB) Classifier to handle DoS attacks which is a data mining (DM) model used to relaxes the conditional independence assumption of Naïve Bayes classifier (NB), proposed sys-tem used HNB Classifier supported with discretization and feature selection where select the best feature enhance the performance of the system and reduce consuming time. To evaluate the per-formance of proposal system, KDD 99 CUP and NSL KDD Datasets has been used. The experi-mental results show that the HNB classifier improves the performance of NIDS in terms of accu-racy and detecting DoS attacks, where the accuracy of detect DoS is 100% in three test KDD cup 99 dataset by used only 12 feature that selected by use gain ratio while in NSL KDD Dataset the accuracy of detect DoS attack is 90 % in three Experimental NSL KDD dataset by select 10 fea-ture only.

Download Full-text

DECISION MAKING FOR NETWORK HEALTH ASSESSMENT IN AN INTELLIGENT INTRUSION DETECTION SYSTEM ARCHITECTURE

International Journal of Information Technology & Decision Making ◽

10.1142/s0219622004001057 ◽

2004 ◽

Vol 03 (02) ◽

pp. 281-306 ◽

Cited By ~ 6

Author(s):

AMBAREEN SIRAJ ◽

RAYFORD B. VAUGHN ◽

SUSAN M. BRIDGES

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Intrusion Detection System ◽

Detection System ◽

Health Assessment ◽

Fuzzy Rule ◽

Fuzzy Cognitive Maps ◽

Causal Knowledge ◽

Knowledge Reasoning ◽

Decision Engine

This paper describes the use of artificial intelligence techniques in the creation of a network-based decision engine for decision support in an Intelligent Intrusion Detection System (IIDS). In order to assess overall network health, the decision engine fuses outputs from different intrusion detection sensors serving as "experts" and then analyzes the integrated information to present an overall security view of the system for the security administrator. This paper reports on the workings of a decision engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research, Mississippi State University. The decision engine uses Fuzzy Cognitive Maps (FCM)s and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process.

Download Full-text

Intrusion Detection Based on Big Data Fuzzy Analytics

10.5772/intechopen.99636 ◽

2021 ◽

Author(s):

Farah Jemili ◽

Hajer Bouras

Keyword(s):

Big Data ◽

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

High Performance ◽

Detection System ◽

Training Dataset ◽

False Alarms ◽

Massive Datasets ◽

Detection Rates

In today’s world, Intrusion Detection System (IDS) is one of the significant tools used to the improvement of network security, by detecting attacks or abnormal data accesses. Most of existing IDS have many disadvantages such as high false alarm rates and low detection rates. For the IDS, dealing with distributed and massive data constitutes a challenge. Besides, dealing with imprecise data is another challenge. This paper proposes an Intrusion Detection System based on big data fuzzy analytics; Fuzzy C-Means (FCM) method is used to cluster and classify the pre-processed training dataset. The CTU-13 and the UNSW-NB15 are used as distributed and massive datasets to prove the feasibility of the method. The proposed system shows high performance in terms of accuracy, precision, detection rates, and false alarms.

Download Full-text

Intrusion Detection System for AES Encripted Low-Power IoT Networks

10.14210/cotb.v12.p392-399 ◽

2021 ◽

Author(s):

Eduardo De Oliveira Burger Monteiro Luiz ◽

Alessandro Copetti ◽

Luciano Bertini ◽

Juliano Fontoura Kazienko

Keyword(s):

Low Power ◽

Detection System ◽

Denial Of Service ◽

Security Requirements ◽

Power Devices ◽

Dos Attacks ◽

Reflection Attack ◽

Ipv6 Protocol ◽

Iot Devices ◽

High Level

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text