An Intrusion Detection Model Based on Mining Maximal Frequent Itemsets over Data Streams

2013 ◽  
Vol 339 ◽  
pp. 341-348
Author(s):  
Yi Min Mao ◽  
Xiao Fang Xue ◽  
Jin Qing Chen
Keyword(s):  
Intrusion Detection ◽  
Data Streams ◽  
Intrusion Detection System ◽  
Behavior Pattern ◽  
Detection System ◽  
Response Speed ◽  
Frequent Itemsets ◽  
Abnormal Behavior ◽  
Data Set ◽  
Maximal Frequent Itemsets

Ming association rules have been proved as an important method to detect intrusions. To improve response speed and detecting precision in the current intrusion detection system, this papers proposes an intrusion detection system model of MMFIID-DS. Firstly, to improve response speed of the system by greatly reducing search space, various pruning strategies are proposed to mine the maximal frequent itemsets on trained normal data set, abnormal data set and current data streams to establish normal and abnormal behavior pattern as well as user behavior pattern of the system. Besides, to improve detection precision of the system, misuse detection and anomaly detection techniques are combined. Both theoretical and experimental results indicate that the MMFIID-DS intrusion detection system is fairly sound in performance.

scholarly journals DCNN-IDS : Deep Convolutional Neural Network based Intrusion Detection System

2020 ◽  
Author(s):  
Sriram Srinivasan ◽  
Shashank A ◽  
vinayakumar R ◽  
Soman KP
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Intrusion Detection System ◽  
Input Data ◽  
Detection System ◽  
Deep Convolutional Neural Network ◽  
Traffic Data ◽  
Data Set ◽  
Research Problems

In the present era, cyberspace is growing tremendously and the intrusion detection system (IDS) plays a key role in it to ensure information security. The IDS, which works in network and host level, should be capable of identifying various malicious attacks. The job of network-based IDS is to differentiate between normal and malicious traffic data and raise an alert in case of an attack. Apart from the traditional signature and anomaly-based approaches, many researchers have employed various deep learning (DL) techniques for detecting intrusion as DL models are capable of extracting salient features automatically from the input data. The application of deep convolutional neural network (DCNN), which is utilized quite often for solving research problems in image processing and vision fields, is not explored much for IDS. In this paper, a DCNN architecture for IDS which is trained on KDDCUP 99 data set is proposed. This work also shows that the DCNN-IDS model performs superior when compared with other existing works.

Enhance Network Intrusion Detection System by Exploiting BR Algorithm as an Optimal Feature Selection

2015 ◽  
pp. 17-32 ◽  
Author(s):  
Soukaena Hassan Hashem
Keyword(s):  
Intrusion Detection ◽  
Wireless Network ◽  
Intrusion Detection System ◽  
Missing Values ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Wireless Data ◽  
Data Set ◽  
Network Intrusion ◽  
Network Intrusion Detection System

This chapter aims to build a proposed Wire/Wireless Network Intrusion Detection System (WWNIDS) to detect intrusions and consider many of modern attacks which are not taken in account previously. The proposal WWNIDS treat intrusion detection with just intrinsic features but not all of them. The dataset of WWNIDS will consist of two parts; first part will be wire network dataset which has been constructed from KDD'99 that has 41 features with some modifications to produce the proposed dataset that called modern KDD and to be reliable in detecting intrusion by suggesting three additional features. The second part will be building wireless network dataset by collecting thousands of sessions (normal and intrusion); this proposed dataset is called Constructed Wireless Data Set (CWDS). The preprocessing process will be done on the two datasets (KDD & CWDS) to eliminate some problems that affect the detection of intrusion such as noise, missing values and duplication.

Computer Immunity Using an Intrusion Detection System (IDS)

2013 ◽  
Vol 824 ◽  
pp. 200-205 ◽  
Author(s):  
Susan Konyeha ◽  
Emmanuel A. Onibere
Keyword(s):  
Immune System ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Security Policy ◽  
Detection System ◽  
Human Immune System ◽  
Data Set ◽  
Computer Immune ◽  
Human Immune ◽  
Computer Immune System

Computers are involved in every aspect of modern society and have become an essential part of our lives, but their vulnerability is of increasing concern to us. Security flaws are inherent in the operation of computers Most flaws are caused by errors in the process of software engineering or unforeseen mishaps and it is difficult to solve these problems by conventional methods. A radical way of constantly monitoring the system for newly disclosed vulnerabilities is required. In order to devise such a system, this work draws an analogy between computer immune systems and the human immune system. The computer immune system is the equivalent of the human immune system. The primary objective of this paper is to use an intrusion detection system in the design and implementation of a computer immune system that would be built on the framework of the human immune system. This objective is successfully realized and in addition a prevention mechanism using the windows IP Firewall feature has been incorporated. Hence the system is able to perform intrusion detection and prevention. Data was collected about events occurring in a computer network that violate predefined security policy, such as attempts to affect the confidentiality, integrity or its availability using Snort rules for known attacks and adaptive detection for the unknown attacks. The system was tested using real-time data and Intrusion Detection evaluation (IDEVAL) Department of Defense Advanced Research Projects Agency (DARPA) data set. The results were quite encouraging as few false positive were recorded.

scholarly journals Measurement data intrusion detection in industrial control systems based on unsupervised learning

2021 ◽  
Vol 1 (1) ◽  
pp. 61-74
Author(s):  
Sohrab Mokhtari ◽  
◽  
Kang K Yen
Keyword(s):  
Intrusion Detection ◽  
Unsupervised Learning ◽  
Control Systems ◽  
Intrusion Detection System ◽  
Detection System ◽  
Measurement Data ◽  
Abnormal Behavior ◽  
Learning Models ◽  
Industrial Control ◽  
Industrial Control Systems

<abstract><p>Anomaly detection strategies in industrial control systems mainly investigate the transmitting network traffic called network intrusion detection system. However, The measurement intrusion detection system inspects the sensors data integrated into the supervisory control and data acquisition center to find any abnormal behavior. An approach to detect anomalies in the measurement data is training supervised learning models that can learn to classify normal and abnormal data. But, a labeled dataset consisting of abnormal behavior, such as attacks, or malfunctions is extremely hard to achieve. Therefore, the unsupervised learning strategy that does not require labeled data for being trained can be helpful to tackle this problem. This study evaluates the performance of unsupervised learning strategies in anomaly detection using measurement data in control systems. The most accurate algorithms are selected to train unsupervised learning models, and the results show an accuracy of 98% in stealthy attack detection.</p></abstract>

scholarly journals Building attack detection system base on machine learning

2021 ◽  
Vol 6 (2) ◽  
pp. 018-032
Author(s):  
Rasha Thamer Shawe ◽  
Kawther Thabt Saleh ◽  
Farah Neamah Abbas
Keyword(s):  
Data Mining ◽  
Support Vector Machine ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Attack Detection ◽  
Support Vector ◽  
Data Set ◽  
Kdd Cup 99

These days, security threats detection, generally discussed to as intrusion, has befitted actual significant and serious problem in network, information and data security. Thus, an intrusion detection system (IDS) has befitted actual important element in computer or network security. Avoidance of such intrusions wholly bases on detection ability of Intrusion Detection System (IDS) which productions necessary job in network security such it identifies different kinds of attacks in network. Moreover, the data mining has been playing an important job in the different disciplines of technologies and sciences. For computer security, data mining are presented for serving intrusion detection System (IDS) to detect intruders accurately. One of the vital techniques of data mining is characteristic, so we suggest Intrusion Detection System utilizing data mining approach: SVM (Support Vector Machine). In suggest system, the classification will be through by employing SVM and realization concerning the suggested system efficiency will be accomplish by executing a number of experiments employing KDD Cup’99 dataset. SVM (Support Vector Machine) is one of the best distinguished classification techniques in the data mining region. KDD Cup’99 data set is utilized to execute several investigates in our suggested system. The experimental results illustration that we can decrease wide time is taken to construct SVM model by accomplishment suitable data set pre-processing. False Positive Rate (FPR) is decrease and Attack detection rate of SVM is increased .applied with classification algorithm gives the accuracy highest result. Implementation Environment Intrusion detection system is implemented using Mat lab 2015 programming language, and the examinations have been implemented in the environment of Windows-7 operating system mat lab R2015a, the processor: Core i7- Duo CPU 2670, 2.5 GHz, and (8GB) RAM.

scholarly journals DNA Encoding for Misuse Intrusion Detection System based on UNSW-NB15 Data Set

2020 ◽  
pp. 3408-3416
Author(s):  
Omar Fitian Rashid
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Attack Detection ◽  
High Rate ◽  
Dna Encoding ◽  
Data Set ◽  
Detection Rates ◽  
Detection Systems ◽  
Threat Environment

Recent researches showed that DNA encoding and pattern matching can be used for the intrusion-detection system (IDS), with results of high rate of attack detection. The evaluation of these intrusion detection systems is based on datasets that are generated decades ago. However, numerous studies outlined that these datasets neither inclusively reflect the network traffic, nor the modern low footprint attacks, and do not cover the current network threat environment. In this paper, a new DNA encoding for misuse IDS based on UNSW-NB15 dataset is proposed. The proposed system is performed by building a DNA encoding for all values of 49 attributes. Then attack keys (based on attack signatures) are extracted and, finally, Raita algorithm is applied to classify records, either attacks or normal, based on the extracted keys. The results of the current experiment showed that the proposed system achieved good detection rates for all of attacks, which included the Analysis, Backdoor, DoS, Exploits, Fuzzers, Generic, Reconnaissance, Shellcode, and Worms, with values of 82.56%, 92.68%, 75.59%, 75.42%, 67%, 99.28%, 81.02%, 73.6%, 85%, and 90.91%, respectively. The values of false alarm rate and accuracy were equal to 24% and 89.05%, respectively. Also, the execution time for the proposed system was found to be short, where the values of the encoding time and matching time for one record were 0.45 and 0.002 second, respectively.

scholarly journals DCNN-IDS : Deep Convolutional Neural Network based Intrusion Detection System

2020 ◽  
Author(s):  
Sriram Srinivasan ◽  
Shashank A ◽  
vinayakumar R ◽  
Soman KP
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Intrusion Detection System ◽  
Input Data ◽  
Detection System ◽  
Deep Convolutional Neural Network ◽  
Traffic Data ◽  
Data Set ◽  
Research Problems

In the present era, cyberspace is growing tremendously and the intrusion detection system (IDS) plays a key role in it to ensure information security. The IDS, which works in network and host level, should be capable of identifying various malicious attacks. The job of network-based IDS is to differentiate between normal and malicious traffic data and raise an alert in case of an attack. Apart from the traditional signature and anomaly-based approaches, many researchers have employed various deep learning (DL) techniques for detecting intrusion as DL models are capable of extracting salient features automatically from the input data. The application of deep convolutional neural network (DCNN), which is utilized quite often for solving research problems in image processing and vision fields, is not explored much for IDS. In this paper, a DCNN architecture for IDS which is trained on KDDCUP 99 data set is proposed. This work also shows that the DCNN-IDS model performs superior when compared with other existing works.

scholarly journals A Multiple Rényi Entropy Based Intrusion Detection System for Connected Vehicles

Entropy ◽  
2020 ◽  
Vol 22 (2) ◽  
pp. 186 ◽  
Author(s):  
Ki-Soon Yu ◽  
Sung-Hyun Kim ◽  
Dae-Woon Lim ◽  
Young-Sik Kim
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Efficient Estimation ◽  
Renyi Entropy ◽  
Rényi Entropy ◽  
Accurate Estimation ◽  
Area Network ◽  
Data Set ◽  
Special Cases

In this paper, we propose an intrusion detection system based on the estimation of the Rényi entropy with multiple orders. The Rényi entropy is a generalized notion of entropy that includes the Shannon entropy and the min-entropy as special cases. In 2018, Kim proposed an efficient estimation method for the Rényi entropy with an arbitrary real order α . In this work, we utilize this method to construct a multiple order, Rényi entropy based intrusion detection system (IDS) for vehicular systems with various network connections. The proposed method estimates the Rényi entropies simultaneously with three distinct orders, two, three, and four, based on the controller area network (CAN)-IDs of consecutively generated frames. The collected frames are split into blocks with a fixed number of frames, and the entropies are evaluated based on these blocks. For a more accurate estimation against each type of attack, we also propose a retrospective sliding window method for decision of attacks based on the estimated entropies. For fair comparison, we utilized the CAN-ID attack data set generated by a research team from Korea University. Our results show that the proposed method can show the false negative and positive errors of less than 1% simultaneously.

scholarly journals Cybersecurity in Automotive: An Intrusion Detection System in Connected Vehicles

Electronics ◽  
2021 ◽  
Vol 10 (15) ◽  
pp. 1765
Author(s):  
Francesco Pascale ◽  
Ennio Andrea Adinolfi ◽  
Simone Coppola ◽  
Emanuele Santonicola
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cyber Attacks ◽  
Connected Vehicles ◽  
Area Network ◽  
Automotive Sector ◽  
Cyber Attack ◽  
Data Set ◽  
Evaluation Parameters

Today’s modern vehicles are connected to a network and are considered smart objects of IoT, thanks to the capability to send and receive data from the network. One of the greatest challenges in the automotive sector is to make the vehicle secure and reliable. In fact, there are more connected instruments on a vehicle, such as the infotainment system and/or data interchange systems. Indeed, with the advent of new paradigms, such as Smart City and Smart Road, the vision of Internet of Things has evolved substantially. Today, we talk about the V2X systems in which the vehicle is strongly connected with the rest of the world. In this scenario, the main aim of all connected vehicles vendors is to provide a secure system to guarantee the safety of the drive and persons against a possible cyber-attack. So, in this paper, an embedded Intrusion Detection System (IDS) for the automotive sector is introduced. It works by adopting a two-step algorithm that provides detection of a possible cyber-attack. In the first step, the methodology provides a filter of all the messages on the Controller Area Network (CAN-Bus) thanks to the use of a spatial and temporal analysis; if a set of messages are possibly malicious, these are analyzed by a Bayesian network, which gives the probability that a given event can be classified as an attack. To evaluate the efficiency and effectiveness of our method, an experimental campaign was conducted to evaluate them, according to the classic evaluation parameters for a test’s accuracy. These results were compared with a common data set on cyber-attacks present in the literature. The first experimental results, obtained in a test scenario, seem to be interesting. The results show that our method has good correspondence in the presence of the most common cyber-attacks (DDoS, Fuzzy, Impersonating), obtaining a good score relative to the classic evaluation parameters for a test’s accuracy. These results have decreased performance when we test the system on a Free State Attack.

Sign in / Sign up

Export Citation Format

Share Document