Intrusion Detection Using Fuzzy Meta-Heuristic Approaches

2014 ◽  
Vol 5 (2) ◽  
pp. 39-53 ◽  
Author(s):  
Bachir Bahamida ◽  
Dalila Boughaci
Keyword(s):  
Tabu Search ◽  
Intrusion Detection ◽  
Local Search ◽  
Knowledge Base ◽  
Fuzzy Rule ◽  
Intrusion Detection Systems ◽  
Stochastic Local Search ◽  
Traffic Data ◽  
Detection Systems ◽  
The Third

Due to a growing number of intrusion events, organizations are increasingly implementing various intrusion detection systems that classify network traffic data as normal or anomaly. In this paper, three intrusion detection systems based fuzzy meta-heuristics are proposed. The first one is a fuzzy stochastic local search (FSLS). The second one is a fuzzy tabu search (FTS) and the third one is a fuzzy deferential evolution (FDE). These classifiers are built on a knowledge base modelled as a fuzzy rule “if-then”. The main purpose of these methods is to get the highest quality solutions by optimizing the fuzzy rules generation. The proposed classifiers FSLS, FTS and FDE are tested on the benchmark KDD'99 intrusion dataset and compared with some well-known existing techniques for intrusion detection. The results show the efficiency of the proposed approaches in the intrusion detection field.

Fuzzy Rule-Based Layered Classifier and Entropy-Based Feature Selection for Intrusion Detection System

2021 ◽  
pp. 289-309
Author(s):  
Devaraju Sellappan ◽  
Ramakrishnan Srinivasan
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Fuzzy Rule ◽  
Intrusion Detection Systems ◽  
Rule Based ◽  
Detection Systems ◽  
Positive Rate ◽  
Rule Based Classifier

Intrusion detection systems must detect the vulnerability consistently in a network and also perform efficiently with the huge amount of traffic. Intrusion detection systems must be capable of detecting emerging and proactive threats in the networks. Various classifiers are used to classify the threats as normal or intrusive by supervising the system activity. In this chapter, layered fuzzy rule-based classifier is proposed to detect the various intrusions, and fuzzy entropy-based feature selection is proposed to identify the relevant features. Layered fuzzy rule-based classifier is proposed to improve the performance of the intrusion detection system. KDD dataset contains various attacks; these attacks are grouped into four classes, namely Denial-of-Service (DoS), Probe, Remote-to-Local (R2L), and User-to-Root (U2R). Real-time dataset is also considered in this research. Experimental result shows that the proposed method provides good detection rate, minimizes the false positive rate, and less computational time.

A comparative simulation of normalization methods for machine learning-based intrusion detection systems using KDD Cup’99 dataset

2021 ◽  
pp. 1-18
Author(s):  
Satish Kumar ◽  
Sunanda Gupta ◽  
Sakshi Arora
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection Systems ◽  
High Dimensional ◽  
Traffic Data ◽  
Detection Systems ◽  
Dimensional Network ◽  
Normalization Methods ◽  
Kdd Cup 99

Network Intrusion detection systems (NIDS) detect malicious and intrusive information in computer networks. Presently, commercial NIDS is based on machine learning approaches that have complex algorithms and increase intrusion detection efficiency and efficacy. These machine learning-based NIDS use high dimensional network traffic data from which intrusive information is to be detected. This high-dimensional network traffic data in NIDS needs to be preprocessed and normalized to make it suitable for machine learning tools. A machine learning approach with appropriate normalization and prepossessing increases NIDS performance. This paper presents an empirical study on various normalization methods implemented on a benchmark network traffic dataset, KDD Cup’99, that has been used to evaluate the NIDS model. The present study shows decimal normalization has a better prediction performance than non-normalized traffic data categorized into ‘normal’ or ‘intrusive’ classes.

scholarly journals Extending Isolation Forest for Anomaly Detection in Big Data via K-Means

2021 ◽  
Vol 5 (4) ◽  
pp. 1-26
Author(s):  
Md Tahmid Rahman Laskar ◽  
Jimmy Xiangji Huang ◽  
Vladan Smetana ◽  
Chris Stewart ◽  
Kees Pouw ◽  
...  
Keyword(s):  
Big Data ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Computer Networks ◽  
Network Traffic ◽  
Intrusion Detection Systems ◽  
Traffic Data ◽  
Detection Systems ◽  
Proposed Model ◽  
Isolation Forest

Industrial Information Technology infrastructures are often vulnerable to cyberattacks. To ensure security to the computer systems in an industrial environment, it is required to build effective intrusion detection systems to monitor the cyber-physical systems (e.g., computer networks) in the industry for malicious activities. This article aims to build such intrusion detection systems to protect the computer networks from cyberattacks. More specifically, we propose a novel unsupervised machine learning approach that combines the K-Means algorithm with the Isolation Forest for anomaly detection in industrial big data scenarios. Since our objective is to build the intrusion detection system for the big data scenario in the industrial domain, we utilize the Apache Spark framework to implement our proposed model that was trained in large network traffic data (about 123 million instances of network traffic) stored in Elasticsearch. Moreover, we evaluate our proposed model on the live streaming data and find that our proposed system can be used for real-time anomaly detection in the industrial setup. In addition, we address different challenges that we face while training our model on large datasets and explicitly describe how these issues were resolved. Based on our empirical evaluation in different use cases for anomaly detection in real-world network traffic data, we observe that our proposed system is effective to detect anomalies in big data scenarios. Finally, we evaluate our proposed model on several academic datasets to compare with other models and find that it provides comparable performance with other state-of-the-art approaches.

scholarly journals SCADA Vulnerabilities and Existing Security Approaches Towards Industrial Protection

2020 ◽  
Vol 9 (11) ◽  
pp. 258-264
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Distribution Systems ◽  
Communication Protocols ◽  
Intrusion Detection Systems ◽  
Security Level ◽  
Traffic Data ◽  
Open Communication ◽  
Detection Systems ◽  
Scada Networks

Attackers, spread all around the world, have become a major threat to SCADA systems, since they started using opened-standard networks, integrated to corporate networks and accessing the Internet. It is true that there are also many different security solutions and techniques available, such as firewalls, encryption, network traffic analysis and a few others, though, intruders still managed to gain access and control delicate systems. Pointed as a non-invasive solution, intrusion detection systems (IDS) are able to monitor and report activities of any anomaly or strange patterns. However, due to the lack of SCADA network traffic data, such IDS solutions are still primitive and based on just well-known vulnerabilities and attacks, where a dedicated IDS is necessary to properly protect SCADA in water distribution systems. This study highlights SCADA vulnerabilities and security issues, through a qualitative approach, using known attacks and examples in security as case studies and aiming to present scenarios on this issue, as well, an overview of today’s SCADA vulnerabilities and main threats. Results show that the identification of Intrusion Detection Systems (IDS), with their approaches and types, also widely implemented in regular IT networks, help on providing a higher security level and identifying abnormal traffic data. Such systems have indeed shown a good success rate on identifying malicious traffic in SCADA networks, mainly because of their evolution to Ethernet and open communication protocols. Based on these singular characteristics, studying SCADA networks and their communication protocols is seen as a major factor to properly develop robust security mechanisms and tolls.

Disadvantages of Modern Intrusion Detection Systems

2006 ◽  
Vol 65 (10) ◽  
pp. 929-936
Author(s):  
A. V. Agranovskiy ◽  
S. A. Repalov ◽  
R. A. Khadi ◽  
M. B. Yakubets
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Detection Systems
Sign in / Sign up

Export Citation Format

Share Document