Fuzzy Rule-Based Layered Classifier and Entropy-Based Feature Selection for Intrusion Detection System

Detection System ◽

Fuzzy Rule ◽

Rule Based ◽

Detection Systems ◽

Positive Rate ◽

Rule Based Classifier

Intrusion detection systems must detect the vulnerability consistently in a network and also perform efficiently with the huge amount of traffic. Intrusion detection systems must be capable of detecting emerging and proactive threats in the networks. Various classifiers are used to classify the threats as normal or intrusive by supervising the system activity. In this chapter, layered fuzzy rule-based classifier is proposed to detect the various intrusions, and fuzzy entropy-based feature selection is proposed to identify the relevant features. Layered fuzzy rule-based classifier is proposed to improve the performance of the intrusion detection system. KDD dataset contains various attacks; these attacks are grouped into four classes, namely Denial-of-Service (DoS), Probe, Remote-to-Local (R2L), and User-to-Root (U2R). Real-time dataset is also considered in this research. Experimental result shows that the proposed method provides good detection rate, minimizes the false positive rate, and less computational time.

Intrusion Detection System for Malicious Traffic Using Evolutionary Search Algorithm

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813999200821162547 ◽

2020 ◽

Vol 13 ◽

Author(s):

Samar Al-Saqqa ◽

Mustafa Al-Fayoumi ◽

Malik Qasaimeh

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Search Algorithm ◽

Detection System ◽

Feature Subset Selection ◽

Feature Subset ◽

Evolutionary Search ◽

Detection Systems

Introduction: Intrusion detection systems play a key role in system security by identifying potential attacks and giving appropriate responses. As new attacks are always emerging, intrusion detection systems must adapt to these attacks, and more work is continuously needed to develop and propose new methods and techniques that can improve efficient and effective adaptive intrusion systems. Feature selection is one of the challenging areas that need more work because of its importance and impact on the performance of intrusion detection systems. This paper applies evolutionary search algorithm in feature subset selection for intrusion detection systems. Methods: The evolutionary search algorithm for the feature subset selection is applied and two classifiers are used, Naïve Bayes and decision tree J48, to evaluate system performance before and after features selection. NSL-KDD dataset and its subsets are used in all evaluation experiments. Results: The results show that feature selection using the evolutionary search algorithm enhances the intrusion detection system with respect to detection accuracy and detection of unknown attacks. Furthermore, time performance is achieved by reducing training time, which is reflected positively in overall system performance. Discussion: The evolutionary search applied to select IDS algorithm features can be developed by modifying and enhancing mutation and crossover operators and applying new enhanced techniques in the selection process, which can give better results and enhance the performance of intrusion detection for rare and complicated attacks. Conclusion: The evolutionary search algorithm is applied to find the best subset of features for the intrusion detection system. In conclusion, it is a promising approach to be used as a feature selection method for intrusion detection. The results showed better performance for the intrusion detection system in terms of accuracy and detection rate.

A novel time efficient learning-based approach for smart intrusion detection system

Journal Of Big Data ◽

10.1186/s40537-021-00498-8 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

Sugandh Seth ◽

Gurvinder Singh ◽

Kuljit Kaur Chahal

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Detection System ◽

Gradient Boosting ◽

Detection Systems ◽

Network Parameters ◽

Proposed Model ◽

Precision Rate

Abstract Background The ever increasing sophistication of intrusion approaches has led to the dire necessity for developing Intrusion Detection Systems with optimal efficacy. However, existing Intrusion Detection Systems have been developed using outdated attack datasets, with more focus on prediction accuracy and less on prediction latency. The smart Intrusion Detection System framework evolution looks forward to designing and deploying security systems that use various parameters for analyzing current and dynamic traffic trends and are highly time-efficient in predicting intrusions. Aims This paper proposes a novel approach for a time-efficient and smart Intrusion Detection System. Method Herein, we propose a Hybrid Feature Selection approach that aims to reduce the prediction latency without affecting attack prediction performance by lowering the model's complexity. Light Gradient Boosting Machine (LightGBM), a fast gradient boosting framework, is used to build the model on the latest CIC-IDS 2018 dataset. Results The proposed feature selection reduces the prediction latency ranging from 44.52% to 2.25% and the model building time ranging from 52.68% to 17.94% in various algorithms on the CIC-IDS 2018 dataset. The proposed model with hybrid feature selection and LightGBM gives 97.73% accuracy, 96% sensitivity, 99.3% precision rate, and comparatively low prediction latency. The proposed model successfully achieved a raise of 1.5% in accuracy rate and 3% precision rate over the existing model. An in-depth analysis of network parameters is also performed, which gives a deep insight into the variation of network parameters during the benign and malicious sessions.

Approaches for improving the performance of snort Intrusion Detection Systems

International Journal of Computer Science and Informatics ◽

10.47893/ijcsi.2012.1073 ◽

2012 ◽

pp. 102-105

Author(s):

V.P. Kshirsagar ◽

S.S. Vishnu ◽

S.M. Tidke

Keyword(s):

Intrusion Detection ◽

High Speed ◽

Detection System ◽

Dynamic Adjustment ◽

Rule Based ◽

Matching Algorithm ◽

Detection Systems ◽

Rule Based System

The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as intrusion detection systems (IDS).In this paper the architecture of the snort which is an open source Intrusion detection system is explained. It is a rule based system hence the structure of the rule is also explained. But to match with the high speed of network traffic the performance of the SNORT need to be improved hence the various methods has been developed three of them are reviewed here which are Rules Matching Algorithm Based on Dynamic Adjustment, NAPI and LASSP.

Evolutionary optimization of a fuzzy rule-based network intrusion detection system

2010 Annual Meeting of the North American Fuzzy Information Processing Society ◽

10.1109/nafips.2010.5548289 ◽

2010 ◽

Cited By ~ 2

Author(s):

Terrence P. Fries

Keyword(s):

Intrusion Detection ◽

Network Intrusion Detection System

Detection System ◽

Fuzzy Rule ◽

Evolutionary Optimization ◽

Network Intrusion Detection ◽

Rule Based ◽

Network Intrusion ◽

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Detection System ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

A Feature Selection Model for Network Intrusion Detection System Based on PSO, GWO, FFA and GA Algorithms

Symmetry ◽

10.3390/sym12061046 ◽

2020 ◽

Vol 12 (6) ◽

pp. 1046 ◽

Cited By ~ 3

Author(s):

Omar Almomani

Keyword(s):

Genetic Algorithm ◽

Feature Selection ◽

Intrusion Detection ◽

Detection System ◽

Selection Model ◽

Network Intrusion Detection ◽

Network Intrusion ◽

Proposed Model ◽

Positive Rate

The network intrusion detection system (NIDS) aims to identify virulent action in a network. It aims to do that through investigating the traffic network behavior. The approaches of data mining and machine learning (ML) are extensively used in the NIDS to discover anomalies. Regarding feature selection, it plays a significant role in improving the performance of NIDSs. That is because anomaly detection employs a great number of features that require much time. Therefore, the feature selection approach affects the time needed to investigate the traffic behavior and improve the accuracy level. The researcher of the present study aimed to propose a feature selection model for NIDSs. This model is based on the particle swarm optimization (PSO), grey wolf optimizer (GWO), firefly optimization (FFA) and genetic algorithm (GA). The proposed model aims at improving the performance of NIDSs. The proposed model deploys wrapper-based methods with the GA, PSO, GWO and FFA algorithms for selecting features using Anaconda Python Open Source, and deploys filtering-based methods for the mutual information (MI) of the GA, PSO, GWO and FFA algorithms that produced 13 sets of rules. The features derived from the proposed model are evaluated based on the support vector machine (SVM) and J48 ML classifiers and the UNSW-NB15 dataset. Based on the experiment, Rule 13 (R13) reduces the features into 30 features. Rule 12 (R12) reduces the features into 13 features. Rule 13 and Rule 12 offer the best results in terms of F-measure, accuracy and sensitivity. The genetic algorithm (GA) shows good results in terms of True Positive Rate (TPR) and False Negative Rate (FNR). As for Rules 11, 9 and 8, they show good results in terms of False Positive Rate (FPR), while PSO shows good results in terms of precision and True Negative Rate (TNR). It was found that the intrusion detection system with fewer features will increase accuracy. The proposed feature selection model for NIDS is rule-based pattern recognition to discover computer network attack which is in the scope of Symmetry journal.

Fusion of Feature Selection and Random Forest for an Anomaly-Based Intrusion Detection System

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2019.8332 ◽

2019 ◽

Vol 16 (8) ◽

pp. 3603-3607 ◽

Cited By ~ 1

Author(s):

Shraddha Khonde ◽

V. Ulagamuthalvi

Keyword(s):

Feature Selection ◽

Random Forest ◽

Intrusion Detection ◽

Real Time ◽

New Technologies ◽

Detection System ◽

Sensitive Data ◽

Detection Systems ◽

New Type

Considering current network scenario hackers and intruders has become a big threat today. As new technologies are emerging fast, extensive use of these technologies and computers, what plays an important role is security. Most of the computers in network can be easily compromised with attacks. Big issue of concern is increase in new type of attack these days. Security to the sensitive data is very big threat to deal with, it need to consider as high priority issue which should be addressed immediately. Highly efficient Intrusion Detection Systems (IDS) are available now a days which detects various types of attacks on network. But we require the IDS which is intelligent enough to detect and analyze all type of new threats on the network. Maximum accuracy is expected by any of this intelligent intrusion detection system. An Intrusion Detection System can be hardware or software that analyze and monitors all activities of network to detect malicious activities happened inside the network. It also informs and helps administrator to deal with malicious packets, which if enters in network can harm more number of computers connected together. In our work we have implemented an intellectual IDS which helps administrator to analyze real time network traffic. IDS does it by classifying packets entering into the system as normal or malicious. This paper mainly focus on techniques used for feature selection to reduce number of features from KDD-99 dataset. This paper also explains algorithm used for classification i.e., Random Forest which works with forest of trees to classify real time packet as normal or malicious. Random forest makes use of ensembling techniques to give final output which is derived by combining output from number of trees used to create forest. Dataset which is used while performing experiments is KDD-99. This dataset is used to train all trees to get more accuracy with help of random forest. From results achieved we can observe that random forest algorithm gives more accuracy in distributed network with reduced false alarm rate.

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Journal of Electrical and Computer Engineering ◽

10.1155/2017/1794849 ◽

2017 ◽

Vol 2017 ◽

pp. 1-6 ◽

Cited By ~ 5

Author(s):

Uma R. Salunkhe ◽

Suresh N. Mali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Detection Rate ◽

Detection System ◽

Hybrid Approach ◽

Classifier Ensemble ◽

Detection Rates ◽

Detection Systems

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

IDSFS: A Signature Based Intrusion Detection System with High Pertinent Feature Selection Method

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2019.8.2.2145 ◽

2019 ◽

Vol 8 (2) ◽

pp. 25-31

Author(s):

S. Latha ◽

Sinthu Janita Prakash

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Detection System ◽

False Positive Rate ◽

Feature Selection Method ◽

Selection Method ◽

Positive Rate ◽

Frame Work ◽

Pertinent Feature

Securing a network from the attackers is a challenging task at present as many users involve in variety of computer networks. To protect any individual host in a network or the entire network, some security system must be implemented. In this case, the Intrusion Detection System (IDS) is essential to protect the network from the intruders. The IDS have to deal with a lot of network packets with different characteristics. A signature-based IDS is a potential tool to understand former attacks and to define suitable method to conquest it in variety of applications. This research article elucidates the objective of IDS with a mechanism which combines the network and host-based IDS. The benchmark dataset for DARPA is considered to generate the IDS mechanism. In this paper, a frame work IDSFS – a signature-based IDS with high pertinent feature selection method is framed. This frame work consists of earlier proposed Feature Selection method (HPFSM), Artificial Neural Network for classification of nodes or packets in the network, then the signatures or attack rules are configured by implementing Association Rule mining algorithm and finally the rules are restructured using a pattern matching algorithm-Aho-Corasick to ease the rule checking. The metrics like number of features, classification accuracy, False Positive Rate (FPR), Precision, Number of rules, Running Time and Memory consumption are checked and proved the proposed frame work’s efficiency.