scholarly journals A Model for Anomaly Detection Using the Metaheuristic Methods

2022 ◽  
Vol 16 ◽  
pp. 12-16
Author(s):  
Sara Haj Ebrahimi ◽  
Amid Khatibi
Keyword(s):  
Neural Network ◽  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Clustering Algorithm ◽  
Performance Metrics ◽  
Weight Vector ◽  
New Approach ◽  
Metaheuristic Methods

Today detection of new threats has become a need for secured communication to provide complete data confidentiality, integrity and availability. Design and development of such an intrusion detection system in the communication world, should not only be new, accurate and fast but also effective in an environment encompassing the surrounding network. In this paper, a new approach is proposed for network anomaly detection by combining neural network and clustering algorithms. We propose a modified Self Organizing Map algorithm which initially starts with null network and grows with the original data space as initial weight vector, updating neighborhood rules and learning rate dynamically in order to overcome the fixed architecture and random weight vector assignment of simple SOM. New nodes are created using distance threshold parameter and their neighborhood is identified using connection strength and its learning rule and the weight vector updating is carried out for neighborhood nodes. The Fuzzy k-means clustering algorithm is employed for grouping similar nodes of Modified SOM into k clusters using similarity measures. Performance of the new approach is evaluated with standard bench mark dataset. The new approach is evaluated using performance metrics such as detection rate and false alarm rate. The result is compared with other individual neural network methods, which shows considerable increase in the detection rate and 1.5% false alarm rate.

An Intelligent Approach for Intrusion Detection using Convolutional Neural Network

2022 ◽  
Vol 8 (1) ◽  
Author(s):  
P. Manoj Kumar ◽  
M. Parvathy ◽  
C. Abinaya Devi
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
False Alarm ◽  
Convolutional Neural Network ◽  
False Alarm Rate ◽  
Real Time ◽  
Detection Rate ◽  
Performance Metrics ◽  
Classification Model ◽  
Real Time Traffic

Intrusion Detection Systems (IDS) is one of the important aspects of cyber security that can detect the anomalies in the network traffic. IDS are a part of Second defense line of a system that can be deployed along with other security measures such as access control, authentication mechanisms and encryption techniques to secure the systems against cyber-attacks. However, IDS suffers from the problem of handling large volume of data and in detecting zero-day attacks (new types of attacks) in a real-time traffic environment. To overcome this problem, an intelligent Deep Learning approach for Intrusion Detection is proposed based on Convolutional Neural Network (CNN-IDS). Initially, the model is trained and tested under a new real-time traffic dataset, CSE-CIC-IDS 2018 dataset. Then, the performance of CNN-IDS model is studied based on three important performance metrics namely, accuracy / training time, detection rate and false alarm rate. Finally, the experimental results are compared with those of various Deep Discriminative models including Recurrent Neural network (RNN), Deep Neural Network (DNN) etc., proposed for IDS under the same dataset. The Comparative results show that the proposed CNN-IDS model is very much suitable for modelling a classification model both in terms of binary and multi-class classification with higher detection rate, accuracy, and lower false alarm rate. The CNN-IDS model improves the accuracy of intrusion detection and provides a new research method for intrusion detection.

scholarly journals Infrared small target detection based on region proposal and CNN classifier

2021 ◽  
Author(s):  
Mingming Fan ◽  
Shaoqing Tian ◽  
Kai Liu ◽  
Jiaxin Zhao ◽  
Yunsong Li
Keyword(s):  
Neural Network ◽  
False Alarm ◽  
False Alarm Rate ◽  
Target Detection ◽  
Detection Rate ◽  
Corner Detection ◽  
Small Target ◽  
Small Target Detection ◽  
Potential Target ◽  
Infrared Small Target

AbstractInfrared small target detection has been a challenging task due to the weak radiation intensity of targets and the complexity of the background. Traditional methods using hand-designed features are usually effective for specific background and have the problems of low detection rate and high false alarm rate in complex infrared scene. In order to fully exploit the features of infrared image, this paper proposes an infrared small target detection method based on region proposal and convolution neural network. Firstly, the small target intensity is enhanced according to the local intensity characteristics. Then, potential target regions are proposed by corner detection to ensure high detection rate of the method. Finally, the potential target regions are fed into the classifier based on convolutional neural network to eliminate the non-target regions, which can effectively suppress the complex background clutter. Extensive experiments demonstrate that the proposed method can effectively reduce the false alarm rate, and outperform other state-of-the-art methods in terms of subjective visual impression and quantitative evaluation metrics.

An improved real-valued negative selection algorithm based on the constant detector for anomaly detection

2021 ◽  
Vol 40 (5) ◽  
pp. 8793-8806
Author(s):  
Dong Li ◽  
Xin Sun ◽  
Furong Gao ◽  
Shulin Liu
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
State Space ◽  
False Alarm Rate ◽  
Negative Selection ◽  
Detection Rate ◽  
Detection Methods ◽  
Selection Algorithm ◽  
Negative Selection Algorithm ◽  
Synthetic Datasets

Compared with the traditional negative selection algorithms produce detectors randomly in whole state space, the boundary-fixed negative selection algorithm (FB-NSA) non-randomly produces a layer of detectors closely surrounding the self space. However, the false alarm rate of FB-NSA is higher than many anomaly detection methods. Its detection rate is very low when normal data close to the boundary of state space. This paper proposed an improved FB-NSA (IFB-NSA) to solve these problems. IFB-NSA enlarges the state space and adds auxiliary detectors in appropriate places to improve the detection rate, and uses variable-sized training samples to reduce the false alarm rate. We present experiments on synthetic datasets and the UCI Iris dataset to demonstrate the effectiveness of this approach. The results show that IFB-NSA outperforms FB-NSA and the other anomaly detection methods in most of the cases.

scholarly journals Interface Detector Based on Vaccination Strategy for Anomaly Detection

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Yinghui Liu ◽  
Dong Li ◽  
Yuan Wei ◽  
Hongli Zhang
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Adaptive Learning ◽  
Detection Rate ◽  
Vaccination Strategy ◽  
Negative Selection Algorithm ◽  
Training Samples ◽  
Testing Stage ◽  
And Training

Interface detector is an enhanced negative selection algorithm with online adaptive learning under small training samples for anomaly detection. It has better detection performance when it has an appropriate self-radius. Otherwise, overfitting or underfitting would occur. In the present paper, an improved interface detector, which is based on vaccination strategy, is proposed. During the testing stage, negative vaccine can overcome overfitting to improve the detection rate and positive vaccine can overcome underfitting to reduce the false alarm rate. The experimental results show that under the same dataset, self-radius, and training samples condition, the detection rate of the interface detector with negative vaccine is much higher than that of interface detector, SVM, and BP neural network. Moreover, the false alarm rate of the interface detector with positive vaccine is much lower than that of the interface detector and PSA.

Improving the Accuracy of an Artificial Neural Network Using Multiple Differently Trained Networks

1992 ◽  
Vol 4 (5) ◽  
pp. 772-780 ◽  
Author(s):  
William G. Baxt
Keyword(s):  
Neural Network ◽  
Myocardial Infarction ◽  
Artificial Neural Network ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Rate Sensitivity ◽  
The Other ◽  
Risk Patients ◽  
Artificial Neural

When either detection rate (sensitivity) or false alarm rate (specificity) is optimized in an artificial neural network trained to identify myocardial infarction, the increase in the accuracy of one is always done at the expense of the accuracy of the other. To overcome this loss, two networks that were separately trained on populations of patients with different likelihoods of myocardial infarction were used in concert. One network was trained on clinical pattern sets derived from patients who had a low likelihood of myocardial infarction, while the other was trained on pattern sets derived from patients with a high likelihood of myocardial infarction. Unknown patterns were analyzed by both networks. If the output generated by the network trained on the low risk patients was below an empirically set threshold, this output was chosen as the diagnostic output. If the output was above that threshold, the output of the network trained on the high risk patients was used as the diagnostic output. The dual network correctly identified 39 of the 40 patients who had sustained a myocardial infarction and 301 of 306 patients who did not have a myocardial infarction for a detection rate (sensitivity) and false alarm rate (1-specificity) of 97.50 and 1.63%, respectively. A parallel control experiment using a single network but identical training information correctly identified 39 of 40 patients who had sustained a myocardial infarction and 287 of 306 patients who had not sustained a myocardial infarction (p = 0.003).

Anomaly Detection Based on Chi-Square Statistic Technology in Computer Information System

2013 ◽  
Vol 462-463 ◽  
pp. 1046-1049 ◽  
Author(s):  
Ming Gu
Keyword(s):  
Information System ◽  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Detection Technique ◽  
Chi Square ◽  
Testing Data ◽  
Computer Information System

Algorithm and principle of anomaly detection technique based on a chi-square statistic was designed. In order to verify the effect of principle and algorithm, testing data of sample of Windows7 and Mac OS system was presented and compared. The results of this study show that chi-square technology achieves the 0% false alarm rate and the 100% detection rate for abnormal intrusion scenarios. All intrusion scenarios are detected at the first or second audit event.

scholarly journals Security of Things Intrusion Detection System for Smart Healthcare

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1375
Author(s):  
Celestine Iwendi ◽  
Joseph Henry Anajemba ◽  
Cresantus Biamba ◽  
Desire Ngabo
Keyword(s):  
Genetic Algorithm ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Web Security ◽  
Intrusion Detection Systems ◽  
High Detection Rate ◽  
Detection Systems ◽  
Smart Healthcare

Web security plays a very crucial role in the Security of Things (SoT) paradigm for smart healthcare and will continue to be impactful in medical infrastructures in the near future. This paper addressed a key component of security-intrusion detection systems due to the number of web security attacks, which have increased dramatically in recent years in healthcare, as well as the privacy issues. Various intrusion-detection systems have been proposed in different works to detect cyber threats in smart healthcare and to identify network-based attacks and privacy violations. This study was carried out as a result of the limitations of the intrusion detection systems in responding to attacks and challenges and in implementing privacy control and attacks in the smart healthcare industry. The research proposed a machine learning support system that combined a Random Forest (RF) and a genetic algorithm: a feature optimization method that built new intrusion detection systems with a high detection rate and a more accurate false alarm rate. To optimize the functionality of our approach, a weighted genetic algorithm and RF were combined to generate the best subset of functionality that achieved a high detection rate and a low false alarm rate. This study used the NSL-KDD dataset to simultaneously classify RF, Naive Bayes (NB) and logistic regression classifiers for machine learning. The results confirmed the importance of optimizing functionality, which gave better results in terms of the false alarm rate, precision, detection rate, recall and F1 metrics. The combination of our genetic algorithm and RF models achieved a detection rate of 98.81% and a false alarm rate of 0.8%. This research raised awareness of privacy and authentication in the smart healthcare domain, wireless communications and privacy control and developed the necessary intelligent and efficient web system. Furthermore, the proposed algorithm was applied to examine the F1-score and precisionperformance as compared to the NSL-KDD and CSE-CIC-IDS2018 datasets using different scaling factors. The results showed that the proposed GA was greatly optimized, for which the average precision was optimized by 5.65% and the average F1-score by 8.2%.

scholarly journals LA-GRU: Building Combined Intrusion Detection Model Based on Imbalanced Learning and Gated Recurrent Unit Neural Network

2018 ◽  
Vol 2018 ◽  
pp. 1-13 ◽  
Author(s):  
Binghao Yan ◽  
Guodong Han
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Network Traffic ◽  
Detection Performance ◽  
Imbalanced Learning ◽  
Traffic Distribution ◽  
Proposed Model ◽  
Gated Recurrent Unit

The intrusion detection models (IDMs) based on machine learning play a vital role in the security protection of the network environment, and, by learning the characteristics of the network traffic, these IDMs can divide the network traffic into normal behavior or attack behavior automatically. However, existing IDMs cannot solve the imbalance of traffic distribution, while ignoring the temporal relationship within traffic, which result in the reduction of the detection performance of the IDM and increase the false alarm rate, especially for low-frequency attacks. So, in this paper, we propose a new combined IDM called LA-GRU based on a novel imbalanced learning method and gated recurrent unit (GRU) neural network. In the proposed model, a modified local adaptive synthetic minority oversampling technique (LA-SMOTE) algorithm is provided to handle imbalanced traffic, and then the GRU neural network based on deep learning theory is used to implement the anomaly detection of traffic. The experimental results evaluated on the NSL-KDD dataset confirm that, compared with the existing state-of-the-art IDMs, the proposed model not only obtains excellent overall detection performance with a low false alarm rate but also more effectively solves the learning problem of imbalanced traffic distribution.

scholarly journals A Multiple Target Positioning and Tracking System Behind Brick-Concrete Walls Using Multiple Monostatic IR-UWB Radars

Sensors ◽  
2019 ◽  
Vol 19 (18) ◽  
pp. 4033 ◽  
Author(s):  
Yoo ◽  
Wang ◽  
Seol ◽  
Lee ◽  
Chung ◽  
...  
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Tracking System ◽  
Radar System ◽  
Ultra Wideband ◽  
Radar Signal ◽  
High Detection Rate ◽  
Concrete Walls ◽  
Uwb Radar

Recognizing and tracking the targets located behind walls through impulse radio ultra-wideband (IR-UWB) radar provides a significant advantage, as the characteristics of the IR-UWB radar signal enable it to penetrate obstacles. In this study, we design a through-wall radar system to estimate and track multiple targets behind a wall. The radar signal received through the wall experiences distortion, such as attenuation and delay, and the characteristics of the wall are estimated to compensate the distance error. In addition, unlike general cases, it is difficult to maintain a high detection rate and low false alarm rate in this through-wall radar application due to the attenuation and distortion caused by the wall. In particular, the generally used delay-and-sum algorithm is significantly affected by the motion of targets and distortion caused by the wall, rendering it difficult to obtain a good performance. Thus, we propose a novel method, which calculates the likelihood that a target exists in a certain location through a detection process. Unlike the delay-and-sum algorithm, this method does not use the radar signal directly. Simulations and experiments are conducted in different cases to show the validity of our through-wall radar system. The results obtained by using the proposed algorithm as well as delay-and-sum and trilateration are compared in terms of the detection rate, false alarm rate, and positioning error.

Sign in / Sign up

Export Citation Format

Share Document