scholarly journals An Improved Anomalous Intrusion Detection Model

2019 ◽  
Vol 4 (2) ◽  
Author(s):  
Bodunde O Akinyemi ◽  
Johnson B Adekunle ◽  
Temitope A Aladesanmi ◽  
Adesola G Aderounmu ◽  
Beman H Kamagate
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Clustering Algorithm ◽  
Information Gain ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Cyber Attack ◽  
Network Resources ◽  
Detection Model ◽  
Normal Network

The volume of cyber-attack targeting network resources within the cyberspace is steadily increasing and evolving. Network intrusions compromise the confidentiality, integrity or availability of network resources causing reputational damage and the consequential financial loss. One of the key cyber-defense tools against these attacks is the Intrusion Detection System. Existing anomalous intrusion detection models often misclassified normal network traffics as attacks while minority attacks go undetected due to an extreme imbalance in network traffic data. This leads to a high false positive and low detection rate. This study focused on improving the detection accuracy by addressing the class imbalanced problem which is often associated with network traffic dataset. Live network traffic packets were collected within the test case environment with Wireshark during normal network activities, Syncflood attack, slowhttppost attack and exploitation of known vulnerabilities on a targeted machine. Fifty-two features including forty-two features similar to Knowledge Discovery in Database (KDD ’99) intrusion detection dataset were extracted from the packet meta-data using Spleen tool. The features were normalized with min-max normalization algorithm and Information Gain algorithm was used to select the best discriminatory features from the feature space. An anomalous intrusion detection model was formulated by a cascade of k-means clustering algorithm and random-forest classifier. The proposed model was simulated and its performance was evaluated using detection accuracy, sensitivity, and specificity as metrics. The result of the evaluation showed 10% higher detection accuracy, 29% sensitivity, and 0.2% specificity than the existing model. Keywords— anomalous, cyber-attack, Detection, Intrusion

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

scholarly journals Denial-of-Service Attack Detection over IPv6 Network Based on KNN Algorithm

2021 ◽  
Vol 2021 ◽  
pp. 1-6
Author(s):  
Yasser Alharbi ◽  
Ali Alferaidi ◽  
Kusum Yadav ◽  
Gaurav Dhiman ◽  
Sandeep Kautish
Keyword(s):  
Intrusion Detection ◽  
Dimensionality Reduction ◽  
Network Traffic ◽  
Information Gain ◽  
Denial Of Service ◽  
Detection Performance ◽  
Attack Detection ◽  
Decision Algorithm ◽  
Gain Rate ◽  
Ipv6 Network

With the rapid increase and complexity of IPv6 network traffic, the traditional intrusion detection system Snort detects DoS attacks based on specific rules, which reduces the detection performance of IDS. To solve the DoS intrusion detection problem in the IPv6 network environment, the lightweight KNN optimization algorithm in machine learning is adopted. First, the double dimensionality reduction of features is achieved through the information gain rate, and discrete features with more subfeatures are selected and aggregated to further dimensionality reduction and feature dimension of the actual operation. Secondly, the information gain rate is used as the weight to optimize the sample Euclidean distance measurement. Based on the proposed measure of the reverse distance influence, the classification decision algorithm of the KNN algorithm is optimized to make the detection technology better. The effect is further improved. The experimental results show that the traditional TAD-KNN algorithm based on average distance and the GR-KNN algorithm that only optimizes the distance definition, the GR-AD-KNN algorithm can not only improve the overall detection performance in the detection of IPv6 network traffic characteristics but also for small groups of samples. As a result, classification has better detection results.

scholarly journals Random Forest based Hybrid Model for Intrusion Detection System

2019 ◽  
Vol 8 (4) ◽  
pp. 5054-5058
Keyword(s):  
Random Forest ◽  
Intrusion Detection ◽  
Hybrid Model ◽  
Detection System ◽  
Attack Detection ◽  
Cyber Attack ◽  
Financial Loss ◽  
Significant Information ◽  
Detection Model ◽  
Hybrid Approaches

Malicious threats are better known by their work of damages. This damages are not just limited to the system, but it might lead to significant information damage too. Along with this, threats are also responsible for financial loss. As technology increases, Types and attacks of threats also increases. Though the research community investigated a number of cyber attack prevention models it is challenging to detect the threat and preventing them from data, for the industries. Detection of the attacks with IDS is common and popular in organizations . Now a days data mining and hybrid approaches are getting priority combine with IDS in the area of anomalies and attack detection. In this paper, we focus on the designing a tool based on signature approach and the random forest algorithm for intrusion detection that offers data security and protection. Both algorithm works individually for IDS system but signature base algorithm have some limitations of known database requirement. In our research paper, we proposed a Hybrid intrusion detection model which allows us to double filtration of the intrusions in the application with implementation of combine signature and behavior based algorithm in one system. This paper addresses the various kinds of feature and the behavior of the threat and their different functioning further intrusion detection hybrid model is the extension for the simple individual model who work on either behavior or on signature.

scholarly journals Intelligent Cyber-Attack Detection and Classification for Network-based Intrusion Detection Systems

2020 ◽  
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are constantly shared across the network making it susceptible to an attack that can compromise data confidentiality, integrity and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform a timely detection of malicious events through the inspection of network traffic or host-based logs. Throughout the years, many machine learning techniques have proven to be successful at conducting anomaly detection but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP) and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, that only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes lead to believe that anomaly detection can be better addressed from a sequential perspective and that the LSTM is a very reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and a f1-score of 91.66%.

scholarly journals Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link

2021 ◽  
Vol 9 ◽  
Author(s):  
Lei Wang ◽  
Pengcheng Xu ◽  
Zhaoyang Qu ◽  
Xiaoyong Bo ◽  
Yunchang Dong ◽  
...  
Keyword(s):  
Power System ◽  
Principal Component ◽  
Attack Detection ◽  
Detection Methods ◽  
Gradient Boosting ◽  
Intensity Difference ◽  
Detection Accuracy ◽  
Cyber Attack ◽  
Data Link ◽  
Detection Model

Existing coordinated cyber-attack detection methods have low detection accuracy and efficiency and poor generalization ability due to difficulties dealing with unbalanced attack data samples, high data dimensionality, and noisy data sets. This paper proposes a model for cyber and physical data fusion using a data link for detecting attacks on a Cyber–Physical Power System (CPPS). The two-step principal component analysis (PCA) is used for classifying the system’s operating status. An adaptive synthetic sampling algorithm is used to reduce the imbalance in the categories’ samples. The loss function is improved according to the feature intensity difference of the attack event, and an integrated classifier is established using a classification algorithm based on the cost-sensitive gradient boosting decision tree (CS-GBDT). The simulation results show that the proposed method provides higher accuracy, recall, and F-Score than comparable algorithms.

scholarly journals OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

2016 ◽  
Vol 8 (3) ◽  
pp. 327-333 ◽  
Author(s):  
Rimas Ciplinskas ◽  
Nerijus Paulauskas
Keyword(s):  
Anomaly Detection ◽  
Network Flow ◽  
Detection Method ◽  
Attack Detection ◽  
Detection Methods ◽  
Cyber Attack ◽  
Normal Network ◽  
New Type ◽  
Flow Detection ◽  
F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

scholarly journals Lightweight Convolutional Neural Network Based Intrusion Detection System

2020 ◽  
pp. 808-817
Author(s):  
Vinh Pham ◽  
◽  
Eunil Seo ◽  
Tai-Myoung Chung
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Intrusion Detection ◽  
Convolutional Neural Network ◽  
Network Traffic ◽  
Detection System ◽  
Image Data ◽  
Training Data ◽  
Deep Packet Inspection ◽  
Detection Model

Identifying threats contained within encrypted network traffic poses a great challenge to Intrusion Detection Systems (IDS). Because traditional approaches like deep packet inspection could not operate on encrypted network traffic, machine learning-based IDS is a promising solution. However, machine learning-based IDS requires enormous amounts of statistical data based on network traffic flow as input data and also demands high computing power for processing, but is slow in detecting intrusions. We propose a lightweight IDS that transforms raw network traffic into representation images. We begin by inspecting the characteristics of malicious network traffic of the CSE-CIC-IDS2018 dataset. We then adapt methods for effectively representing those characteristics into image data. A Convolutional Neural Network (CNN) based detection model is used to identify malicious traffic underlying within image data. To demonstrate the feasibility of the proposed lightweight IDS, we conduct three simulations on two datasets that contain encrypted traffic with current network attack scenarios. The experiment results show that our proposed IDS is capable of achieving 95% accuracy with a reasonable detection time while requiring relatively small size training data.

scholarly journals Deep Learning Enabled Data Offloading With Cyber Attack Detection Model in Mobile Edge Computing Systems

IEEE Access ◽  
2020 ◽  
Vol 8 ◽  
pp. 185938-185949
Author(s):  
T. Gopalakrishnan ◽  
D. Ruby ◽  
Fadi Al-Turjman ◽  
Deepak Gupta ◽  
Irina V. Pustokhina ◽  
...  
Keyword(s):  
Deep Learning ◽  
Attack Detection ◽  
Edge Computing ◽  
Mobile Edge Computing ◽  
Cyber Attack ◽  
Computing Systems ◽  
Data Offloading ◽  
Detection Model
Sign in / Sign up

Export Citation Format

Share Document