Enhanced Host-Based Intrusion Detection Using System Call Traces

To detect zero-day attacks in modern systems, several host-based intrusion detection systems are proposed using the newly compiled ADFA-LD dataset. These techniques use the system call traces of the dataset to detect anomalies, but generally they suffer either from high computational cost as in window-based techniques or low detection rate as in frequency-based techniques. To enhance the accuracy and speed, we propose a host-based intrusion detection system based on distinct short sequences extraction from traces of system calls with a novel algorithm to detect anomalies. To the best of our knowledge, the obtained results of the proposed system are superior to all up-to-date published systems in terms of computational cost and learning time. The obtained detection rate is also much higher than almost all compared systems and is very close to the highest result. In particular, the proposed system provides the best combination of high detection rate and very small learning time. The developed prototype achieved 90.48% detection rate, 22.5% false alarm rate, and a learning time of about 30 seconds. This provides high capability to detect zero-day attacks and also makes it flexible to cope with any environmental changes since it can learn quickly and incrementally without the need to rebuild the whole classifier from scratch.

Download Full-text

A Comparative Study of Data Mining Algorithms for High Detection Rate in Intrusion Detection System

Annals of Emerging Technologies in Computing ◽

10.33166/aetic.2018.01.005 ◽

2018 ◽

Vol 2 (1) ◽

pp. 49-57 ◽

Cited By ~ 10

Author(s):

Nabeela Ashraf ◽

Waqar Ahmad ◽

Rehan Ashraf

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Detection System ◽

Huge Amount ◽

High Detection Rate ◽

Data Mining Algorithms ◽

Secure Networks ◽

Mining Algorithms ◽

Speed And Accuracy

Due to the fast growth and tradition of the internet over the last decades, the network security problems are increasing vigorously. Humans can not handle the speed of processes and the huge amount of data required to handle network anomalies. Therefore, it needs substantial automation in both speed and accuracy. Intrusion Detection System is one of the approaches to recognize illegal access and rare attacks to secure networks. In this proposed paper, Naive Bayes, J48 and Random Forest classifiers are compared to compute the detection rate and accuracy of IDS. For experiments, the KDD_NSL dataset is used.

Download Full-text

An Intrusion Detection Based on Markov Model

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.268-270.988 ◽

2011 ◽

Vol 268-270 ◽

pp. 988-993 ◽

Cited By ~ 1

Author(s):

Hai Sheng Li

Keyword(s):

Intrusion Detection ◽

Anomaly Detection ◽

Detection Rate ◽

Markov Chain Model ◽

Training Data ◽

Chain Model ◽

High Detection Rate ◽

Detection Model ◽

System Calls ◽

High Detection

This paper presents an Intrusion detection technique through anomaly-detection, and proposes Modeling algorithm using training data and anomaly detection model. In this technique, a Markov-chain model is founded based on the characteristic pattern, which is a subsequence of system calls if this sequence satisfies the certain support degree. Experiments show that the method with high detection rate and low false alarm rate is valuable to intrusion detection.

Download Full-text

Security of Things Intrusion Detection System for Smart Healthcare

Electronics ◽

10.3390/electronics10121375 ◽

2021 ◽

Vol 10 (12) ◽

pp. 1375

Author(s):

Celestine Iwendi ◽

Joseph Henry Anajemba ◽

Cresantus Biamba ◽

Desire Ngabo

Keyword(s):

Genetic Algorithm ◽

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Detection Rate ◽

Web Security ◽

Intrusion Detection Systems ◽

High Detection Rate ◽

Detection Systems ◽

Smart Healthcare

Web security plays a very crucial role in the Security of Things (SoT) paradigm for smart healthcare and will continue to be impactful in medical infrastructures in the near future. This paper addressed a key component of security-intrusion detection systems due to the number of web security attacks, which have increased dramatically in recent years in healthcare, as well as the privacy issues. Various intrusion-detection systems have been proposed in different works to detect cyber threats in smart healthcare and to identify network-based attacks and privacy violations. This study was carried out as a result of the limitations of the intrusion detection systems in responding to attacks and challenges and in implementing privacy control and attacks in the smart healthcare industry. The research proposed a machine learning support system that combined a Random Forest (RF) and a genetic algorithm: a feature optimization method that built new intrusion detection systems with a high detection rate and a more accurate false alarm rate. To optimize the functionality of our approach, a weighted genetic algorithm and RF were combined to generate the best subset of functionality that achieved a high detection rate and a low false alarm rate. This study used the NSL-KDD dataset to simultaneously classify RF, Naive Bayes (NB) and logistic regression classifiers for machine learning. The results confirmed the importance of optimizing functionality, which gave better results in terms of the false alarm rate, precision, detection rate, recall and F1 metrics. The combination of our genetic algorithm and RF models achieved a detection rate of 98.81% and a false alarm rate of 0.8%. This research raised awareness of privacy and authentication in the smart healthcare domain, wireless communications and privacy control and developed the necessary intelligent and efficient web system. Furthermore, the proposed algorithm was applied to examine the F1-score and precisionperformance as compared to the NSL-KDD and CSE-CIC-IDS2018 datasets using different scaling factors. The results showed that the proposed GA was greatly optimized, for which the average precision was optimized by 5.65% and the average F1-score by 8.2%.

Download Full-text

Host-Based Intrusion Detection System with System Calls

ACM Computing Surveys ◽

10.1145/3214304 ◽

2019 ◽

Vol 51 (5) ◽

pp. 1-36 ◽

Cited By ~ 19

Author(s):

Ming Liu ◽

Zhi Xue ◽

Xianghua Xu ◽

Changmin Zhong ◽

Jinjun Chen

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

System Calls

Download Full-text

Network Anomaly Detection System with Optimized DS Evidence Theory

The Scientific World JOURNAL ◽

10.1155/2014/753659 ◽

2014 ◽

Vol 2014 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Yuan Liu ◽

Xiaofeng Wang ◽

Kaiyu Liu

Keyword(s):

Anomaly Detection ◽

Detection Rate ◽

Computer Network ◽

Detection System ◽

Evidence Theory ◽

Optimization Methods ◽

High Detection Rate ◽

Detection Model ◽

Network Anomaly Detection ◽

Anomaly Detection System

Network anomaly detection has been focused on by more people with the fast development of computer network. Some researchers utilized fusion method and DS evidence theory to do network anomaly detection but with low performance, and they did not consider features of network—complicated and varied. To achieve high detection rate, we present a novel network anomaly detection system with optimized Dempster-Shafer evidence theory (ODS) and regression basic probability assignment (RBPA) function. In this model, we add weights for each senor to optimize DS evidence theory according to its previous predict accuracy. And RBPA employs sensor’s regression ability to address complex network. By four kinds of experiments, we find that our novel network anomaly detection model has a better detection rate, and RBPA as well as ODS optimization methods can improve system performance significantly.

Download Full-text

Towards the Low False Alarms and High Detection Rate in Intrusions Detection System

International Journal of Machine Learning and Computing ◽

10.7763/ijmlc.2013.v3.332 ◽

2013 ◽

pp. 332-336

Author(s):

Hafiz Muhammad Imran ◽

Azween Bin Abdullah ◽

Sellappan Palaniappan

Keyword(s):

Detection Rate ◽

Detection System ◽

False Alarms ◽

High Detection Rate ◽

High Detection

Download Full-text

RICNN: A ResNet&Inception convolutional neural network for intrusion detection of abnormal traffic

Computer Science and Information Systems ◽

10.2298/csis210617055x ◽

2021 ◽

pp. 55-55

Author(s):

Benhui Xia ◽

Dezhi Han ◽

Ximing Yin ◽

Gao Na

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Convolutional Neural Network ◽

Detection Rate ◽

Recognition Rate ◽

Identification Accuracy ◽

Detection Accuracy ◽

Traffic Classification ◽

High Detection Rate ◽

Network Intrusion

To secure cloud computing and outsourced data while meeting the requirements of automation, many intrusion detection schemes based on deep learn ing are proposed. Though the detection rate of many network intrusion detection solutions can be quite high nowadays, their identification accuracy on imbalanced abnormal network traffic still remains low. Therefore, this paper proposes a ResNet &Inception-based convolutional neural network (RICNN) model to abnormal traffic classification. RICNN can learn more traffic features through the Inception unit, and the degradation problem of the network is eliminated through the direct map ping unit of ResNet, thus the improvement of the model?s generalization ability can be achievable. In addition, to simplify the network, an improved version of RICNN, which makes it possible to reduce the number of parameters that need to be learnt without degrading identification accuracy, is also proposed in this paper. The experimental results on the dataset CICIDS2017 show that RICNN not only achieves an overall accuracy of 99.386% but also has a high detection rate across different categories, especially for small samples. The comparison experiments show that the recognition rate of RICNN outperforms a variety of CNN models and RNN models, and the best detection accuracy can be achieved.

Download Full-text

A feature selection algorithm combining information gain and multi-objective genetic search for intrusion detection system

MATEC Web of Conferences ◽

10.1051/matecconf/202133608008 ◽

2021 ◽

Vol 336 ◽

pp. 08008

Author(s):

Tao Xie

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Information Gain ◽

Detection System ◽

Selection Algorithm ◽

Feature Selection Algorithm ◽

Genetic Search ◽

Multi Objective

In order to improve the detection rate and speed of intrusion detection system, this paper proposes a feature selection algorithm. The algorithm uses information gain to rank the features in descending order, and then uses a multi-objective genetic algorithm to gradually search the ranking features to find the optimal feature combination. We classified the Kddcup98 dataset into five classes, DOS, PROBE, R2L, and U2R, and conducted numerous experiments on each class. Experimental results show that for each class of attack, the proposed algorithm can not only speed up the feature selection, but also significantly improve the detection rate of the algorithm.

Download Full-text

Intrusion Detection Method Based on Adaptive Clonal Genetic Algorithm and Backpropagation Neural Network

Security and Communication Networks ◽

10.1155/2021/9938586 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Yi Lu ◽

Menghan Liu ◽

Jie Zhou ◽

Zhigang Li

Keyword(s):

Neural Network ◽

Genetic Algorithm ◽

Intrusion Detection ◽

Detection Rate ◽

Detection System ◽

Poor Performance ◽

Data Sets ◽

Backpropagation Neural Network ◽

External Threats ◽

Kdd Cup 99

Intrusion Detection System (IDS) is an important part of ensuring network security. When the system faces network attacks, it can identify the source of threats in a timely and accurate manner and adjust strategies to prevent hackers from intruding. Efficient IDS can identify external threats well, but traditional IDS has poor performance and low recognition accuracy. To improve the detection rate and accuracy of IDS, this paper proposes a novel ACGA-BPNN method based on adaptive clonal genetic algorithm (ACGA) and backpropagation neural network (BPNN). ACGA-BPNN is simulated on the KDD-CUP’99 and UNSW-NB15 data sets. The simulation results indicate that, in contrast to the methods based on simulated annealing (SA) and genetic algorithm (GA), the detection rate and accuracy of ACGA-BPNN are much higher than of GA-BPNN and SA-BPNN. In the classification results of KDD-CUP’99, the classification accuracy of ACGA-BPNN is 11% higher than GA-BPNN and 24.2% higher than SA-BPNN, and F-score reaches 99.0%. In addition, ACGA-BPNN has good global searchability and its convergence speed is higher than that of GA-BPNN and SA-BPNN. Furthermore, ACGA-BPNN significantly improves the overall detection performance of IDS.

Download Full-text

Comprehensive Examination of Network Intrusion Detection Models on Data Science

International Journal of Information Retrieval Research ◽

10.4018/ijirr.2021100102 ◽

2021 ◽

Vol 11 (4) ◽

pp. 14-40

Author(s):

Shyla ◽

Vishal Bhatnagar

Keyword(s):

Intrusion Detection ◽

Data Science ◽

Detection System ◽

High Detection Rate ◽

Detection Systems ◽

Network Intrusion ◽

Comprehensive Examination ◽

Security Infrastructure ◽

Science Methodology ◽

Best Fit

The increased requirement of data science in recent times has given rise to the concept of data security, which has become a major issue; thus, the amalgamation of data science methodology with intrusion detection systems as a field of research has acquired a lot of prominence. The level of access to the information system and its visibility to user pursuit was required to operate securely. Intrusion detection has been gaining popularity in the area of data science to incorporate the overall information security infrastructure, where regular operations depend upon shared use of information. The problems are to build an intrusion detection system efficient enough for detecting attacks and to reduce the false positives with a high detection rate. In this paper, the authors analyse various techniques of intrusion detection combined with data science, which will help in understanding the best fit technique under different circumstances.

Download Full-text