Comprehensive Examination of Network Intrusion Detection Models on Data Science

The increased requirement of data science in recent times has given rise to the concept of data security, which has become a major issue; thus, the amalgamation of data science methodology with intrusion detection systems as a field of research has acquired a lot of prominence. The level of access to the information system and its visibility to user pursuit was required to operate securely. Intrusion detection has been gaining popularity in the area of data science to incorporate the overall information security infrastructure, where regular operations depend upon shared use of information. The problems are to build an intrusion detection system efficient enough for detecting attacks and to reduce the false positives with a high detection rate. In this paper, the authors analyse various techniques of intrusion detection combined with data science, which will help in understanding the best fit technique under different circumstances.

Download Full-text

Enhanced Network Intrusion Detection System

Sensors ◽

10.3390/s21237835 ◽

2021 ◽

Vol 21 (23) ◽

pp. 7835

Author(s):

Ketan Kotecha ◽

Raghav Verma ◽

Prahalad V. Rao ◽

Priyanshu Prasad ◽

Vipul Kumar Mishra ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Network Intrusion Detection ◽

High Detection Rate ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection System ◽

Network Intrusion Detection Systems ◽

High Detection

A reasonably good network intrusion detection system generally requires a high detection rate and a low false alarm rate in order to predict anomalies more accurately. Older datasets cannot capture the schema of a set of modern attacks; therefore, modelling based on these datasets lacked sufficient generalizability. This paper operates on the UNSW-NB15 Dataset, which is currently one of the best representatives of modern attacks and suggests various models. We discuss various models and conclude our discussion with the model that performs the best using various kinds of evaluation metrics. Alongside modelling, a comprehensive data analysis on the features of the dataset itself using our understanding of correlation, variance, and similar factors for a wider picture is done for better modelling. Furthermore, hypothetical ponderings are discussed for potential network intrusion detection systems, including suggestions on prospective modelling and dataset generation as well.

Download Full-text

A New Negative Selection Algorithm for Adaptive Network Intrusion Detection System

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2014100101 ◽

2014 ◽

Vol 8 (4) ◽

pp. 1-25 ◽

Cited By ~ 4

Author(s):

Chikh Ramdane ◽

Salim Chikhi

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Negative Selection ◽

Detection System ◽

Selection Algorithm ◽

High Detection Rate ◽

Negative Selection Algorithm ◽

Detection Systems ◽

Network Intrusion ◽

System Adaptation

Negative Selection Algorithm (NSA) is one of the widely used techniques for Intrusion Detection Systems (IDS) designing. In this paper, the proposed is an IDS based on a new model of NSA namely HNSA-IDSA (Hybrid NSA for Intrusion Detection System Adaptation). The proposed system can detect unknown attacks; moreover can be adapted automatically when new profiles' changes of the system are detected. To determine the efficiency of the proposed approach, the standard KDD99 dataset was used for performing experiments. The obtained results show that the authors' mechanism outperforms some literature techniques providing variant important properties as high detection rate, low false positive, adaptability and new attacks detection.

Download Full-text

THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.7.1730 ◽

2020 ◽

Vol 3 (7) ◽

pp. 17-30

Author(s):

Tamara Radivilova ◽

Lyudmyla Kirichenko ◽

Maksym Tawalbeh ◽

Petro Zinchenko ◽

Vitalii Bulakh

Keyword(s):

Load Balancing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Deep Packet Inspection ◽

Detection Systems ◽

Network Intrusion ◽

Load Imbalance ◽

Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Download Full-text

An Intelligent Network Intrusion Detection System Based on Multi-Modal Support Vector Machines

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2013100104 ◽

2013 ◽

Vol 7 (4) ◽

pp. 37-52

Author(s):

Srinivasa K G

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Techniques ◽

Support Vector ◽

Intelligent Network ◽

Statistical Machine Learning ◽

High Detection Rate ◽

Network Intrusion

Increase in the number of network based transactions for both personal and professional use has made network security gain a significant and indispensable status. The possible attacks that an Intrusion Detection System (IDS) has to tackle can be of an existing type or of an entirely new type. The challenge for researchers is to develop an intelligent IDS which can detect new attacks as efficiently as they detect known ones. Intrusion Detection Systems are rendered intelligent by employing machine learning techniques. In this paper we present a statistical machine learning approach to the IDS using the Support Vector Machine (SVM). Unike conventional SVMs this paper describes a milti model approach which makes use of an extra layer over the existing SVM. The network traffic is modeled into connections based on protocols at various network layers. These connection statistics are given as input to SVM which in turn plots each input vector. The new attacks are identified by plotting them with respect to the trained system. The experimental results demonstrate the lower execution time of the proposed system with high detection rate and low false positive number. The 1999 DARPA IDS dataset is used as the evaluation dataset for both training and testing. The proposed system, SVM NIDS is bench marked with SNORT (Roesch, M. 1999), an open source IDS.

Download Full-text

Proposed Network Intrusion Detection System ‎In Cloud Environment Based on Back ‎Propagation Neural Network

Journal of University of Babylon for Pure and Applied Sciences ◽

10.29196/jub.v26i1.351 ◽

2017 ◽

Vol 26 (1) ◽

pp. 29-40 ◽

Cited By ~ 7

Author(s):

Shawq Malik Mehibs ◽

Soukaena Hassan Hashim

Keyword(s):

Neural Network ◽

Cloud Computing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Back Propagation ◽

Network Intrusion Detection ◽

Cloud Environment ◽

High Detection Rate ◽

Network Intrusion

Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over the internet. This low-cost service fulfills the basic requirements of users. Because of the open nature and services introduced by cloud computing intruders impersonate legitimate users and misuse cloud resource and services. To detect intruders and suspicious activities in and around the cloud computing environment, intrusion detection system used to discover the illegitimate users and suspicious action by monitors different user activities on the network .this work proposed based back propagation artificial neural network to construct t network intrusion detection in the cloud environment. The proposed module evaluated with kdd99 dataset the experimental results shows promising approach to detect attack with high detection rate and low false alarm rate

Download Full-text

Classification of Intrusion using Artificial Neural Network with GWO

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.d7597.049420 ◽

2020 ◽

Vol 9 (4) ◽

pp. 599-606

Keyword(s):

Neural Network ◽

Artificial Neural Network ◽

Intrusion Detection ◽

Detection System ◽

Denial Of Service ◽

Data Set ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems ◽

Artificial Neural

In the present milieu of connected world, where security is the major concern, Intrusion Detection System is the prominent area of research to deal with various types of attacks in network. Intrusion detection systems (IDS) finds the dynamic and malicious traffic of network, in accordance to the aspect of network. Various form of IDS has been developed working on distinctive approaches. One popular approach is machine learning in which various algorithms like ANN, SVM etc. have been used. But the most prominent method used is ANN. The performance of the ANN can significantly be improved by combining it with different metaheuristic algorithms. In present work, GWO is used to optimize ANN. For this KDD-99 data-set is used to classify various types of attacks i.e. denial of service (DOS), normal and other form of attack. The present paper provides detailed analysis of the performance of Artificial Neural Network and optimized Artificial Neural Network with GA, PSO and GWO. The research shows that ANN with GWO outperform as compared to others (ANN, ANN with PSO and ANN with GA).

Download Full-text

A Review on Network Intrusion Detection System Using Machine Learning

International Journal of Innovative Computing ◽

10.11113/ijic.v10n1.252 ◽

2020 ◽

Vol 10 (1) ◽

Author(s):

Bello Nazifi Kagara ◽

Maheyzah Md Siraj

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Current Trend ◽

Holistic Approach ◽

Machine Learning Techniques ◽

Detection Systems ◽

Network Intrusion ◽

Daunting Task

The quality or state of being secure is the crucial concern of our daily life usage of any network. However, with the rapid breakthrough in network technology, attacks are becoming more trailblazing than defenses. It is a daunting task to design an effective and reliable intrusion detection system (IDS), while maintaining minimal complexity. The concept of machine learning is considered an important method used in intrusion detection systems to detect irregular network traffic activities. The use of machine learning is the current trend in developing IDS in order to mitigate false positives (FP) and False Negatives (FN) in the anomalous IDS. This paper targets to present a holistic approach to intrusion detection system and the popular machine learning techniques applied on IDS systems, bearing In mind the need to help research scholars in this continuous burgeoning field of Intrusion detection (ID).

Download Full-text

Research on Property and Model Optimization of Multiclass SVM for NIDS

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.347-350.3696 ◽

2013 ◽

Vol 347-350 ◽

pp. 3696-3701 ◽

Cited By ~ 1

Author(s):

Jian Hao Song ◽

Gang Zhao ◽

Jun Yi Song

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

High Rate ◽

Support Vector ◽

False Negatives ◽

Online Data ◽

Detection Systems ◽

Network Intrusion ◽

Multiclass Svm

By investigating insufficiency of typical artificial intelligence algorithms aiming at the high rate of False-Positives and False-Negatives in the Intrusion Detection Systems (IDS), this paper presents an approach that Support Vector Machine (SVM) is embedded in Network Intrusion Detection System (NIDS). At the same time, by using online data and K-fold cross-validation method, this paper proposes a method to optimize the attributes and model of SVM respectively. Experimental results show that by using this method as the detection core of the intrusion detection system, the rate of False-Negatives in IDS can be reduced significantly.

Download Full-text

An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

Sustainability ◽

10.3390/su131810057 ◽

2021 ◽

Vol 13 (18) ◽

pp. 10057

Author(s):

Imran ◽

Faisal Jamil ◽

Dohyeun Kim

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

The Internet ◽

Detection Accuracy ◽

Learning Mechanism ◽

Detection Systems ◽

Network Applications ◽

Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

Download Full-text

Feature Selection Strategy for Network Intrusion Detection System (NIDS) Using Meerkat Clan Algorithm

International Journal of Interactive Mobile Technologies (iJIM) ◽

10.3991/ijim.v15i16.24173 ◽

2021 ◽

Vol 15 (16) ◽

pp. 158

Author(s):

Atheer R. Muhsen ◽

Ghazwh G. Jumaa ◽

Nadia F. AL Bakri ◽

Ahmed T. Sadiq

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Selection Strategy ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems ◽

Experimental Findings

The task of network security is to keep services available at all times by dealing with hacker attacks. One of the mechanisms obtainable is the Intrusion Detection System (IDS) which is used to sense and classify any abnormal actions. Therefore, the IDS system should always be up-to-date with the latest hacker attack signatures to keep services confidential, safe, and available. IDS speed is a very important issue in addition to learning new attacks. A modified selection strategy based on features was proposed in this paper one of the important swarm intelligent algorithms is the Meerkat Clan Algorithm (MCA). Meerkat Clan Algorithm has good diversity solutions through its neighboring generation conduct and it was used to solve several problems. The proposed strategy benefitted from mutual information to increase the performance and decrease the consumed time. Two datasets (NSL-KDD & UNSW-NB15) for Network Intrusion Detection Systems (NIDS) have been used to verify the performance of the proposed algorithm. The experimental findings indicate that, compared to other approaches, the proposed algorithm produces good results in a minimum of time.

Download Full-text