scholarly journals Research and development automatically generate detection rules for IDS based on machine learning technology

2022 ◽  
Vol 2 (14) ◽  
pp. 45-54
Author(s):  
Nguyen Huy Trung ◽  
Le Hai Viet ◽  
Tran Duc Thang
Keyword(s):  
Machine Learning ◽  
False Alarm ◽  
Attack Detection ◽  
Learning Technology ◽  
Network Attacks ◽  
New Approach ◽  
Network Attack ◽  
Detection Systems ◽  
Resource Requirements ◽  
System Resource

Abstract—Nowadays, there have been many signature-based intrusion detection systems deployed and widely used. These systems are capable of detecting known attacks with low false alarm rates, fast detection times, and little system resource requirements. However, these systems are less effective against new attacks that are not included in the ruleset. In addition, recent studies provide a new approach to the problem of detecting unknown types of network attacks based on machine learning and deep learning. However, this new approach requires a lot of resources, processing time and has a high false alarm rate. Therefore, it is necessary to find a solution that combines the advantages of the two approaches above in the problem of detecting network attacks. In this paper, the authors present a method to automatically generate network attack detection rules for the IDS system based on the results of training machine learning models. Through testing, the author proves that the system that automatically generates network attack detection rules for IDS based on machine learning meets the requirements of increasing the ability to detect new types of attacks, ensuring automatic effective updates of new signs of network attacks. Tóm tắt—Ngày nay, đã có nhiều hệ thống phát hiện xâm nhập dựa trên chữ ký được triển khai và sử dụng rộng rãi. Các hệ thống này có khả năng phát hiện các cuộc tấn công đã biết với tỷ lệ báo động giả thấp, thời gian phát hiện nhanh và yêu cầu ít tài nguyên hệ thống. Tuy nhiên, các hệ thống này kém hiệu quả khi chống lại các cuộc tấn công mới không có trong tập luật. Các nghiên cứu gần đây cung cấp một cách tiếp cận mới cho vấn đề phát hiện các kiểu tấn công mạng mới dựa trên học máy và học sâu. Tuy nhiên, cách tiếp cận này đòi hỏi nhiều tài nguyên, thời gian xử lý. Vì vậy, cần tìm ra giải pháp kết hợp ưu điểm của hai cách tiếp cận trên trong bài toán phát hiện tấn công mạng. Trong bài báo này, nhóm tác giả trình bày phương pháp tự động sinh luật phát hiện tấn công mạng cho hệ thống phát hiện xâm nhập dựa trên kết quả huấn luyện mô hình học máy. Qua thử nghiệm, tác giả chứng minh rằng phương pháp này đáp ứng yêu cầu tăng khả năng phát hiện chính xác các kiểu tấn công mới, đảm bảo tự động cập nhật hiệu quả các dấu hiệu tấn công mạng mới vào tập luật.

scholarly journals An IoT based Machine Learning Technique for Efficient Online Load Forecasting

2021 ◽  
Vol 11 (2) ◽  
pp. 547-554
Author(s):  
B. Madhuravani ◽  
Srujan Atluri ◽  
Hema Valpadasu
Keyword(s):  
Machine Learning ◽  
Attack Detection ◽  
Data Set ◽  
Network Attacks ◽  
New Approach ◽  
Training Time ◽  
Network Attack ◽  
Integral Measure ◽  
Parallel Data ◽  
Learning Technique

Internet of Things (IoT) networks are computer networks that have an extreme issue with IT security and an issue with the monitoring of computer threats in specific. The paper proposes a combination of machine learning methods and parallel data analysis to address this challenge. The architecture and a new approach to the combination of the key classifiers intended for IoT network attacks are being developed. The issue classification statement is created in which the consistency ratio to training time is the integral measure of effectiveness. To improve the preparation and assessment pace, it is suggested to use the data processing and multi-threaded mode offered by Spark. In comparison, a preprocessing data set approach is proposed, resulting in a significant reduction in the length of the sample. An experimental review of the proposed approach reveals that the precision of IoT network attack detection is 100%, and the processing speed of the data collection increases with the number of parallel threads.

scholarly journals Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

Sensors ◽  
2021 ◽  
Vol 21 (21) ◽  
pp. 7070
Author(s):  
Malak Aljabri ◽  
Sumayh S. Aljameel ◽  
Rami Mustafa A. Mohammad ◽  
Sultan H. Almotiri ◽  
Samiha Mirza ◽  
...  
Keyword(s):  
Rapid Development ◽  
Attack Detection ◽  
Network Attacks ◽  
Research Directions ◽  
Network Attack ◽  
Detection Systems ◽  
Increased Risk ◽  
Use Of The Internet ◽  
Main Components ◽  
Network Technologies

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.

scholarly journals Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches

2020 ◽  
Vol 10 (5) ◽  
pp. 1775 ◽  
Author(s):  
Roberto Magán-Carrión ◽  
Daniel Urda ◽  
Ignacio Díaz-Cano ◽  
Bernabé Dorronsoro
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Learning Approaches ◽  
Network Attack ◽  
Detection Systems ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR’16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further.

scholarly journals CLUSTERING NETWORK ATTACK FEATURES IN INFORMATION SECURITY ANALYSIS TASKS

2020 ◽  
Vol 1 (9) ◽  
pp. 45-58
Author(s):  
Valerii Lakhno ◽  
Borys Husiev ◽  
Andrii Blozva ◽  
Dmytro Kasatkin ◽  
Tetiana Osypova
Keyword(s):  
Information Security ◽  
Computational Experiment ◽  
Security Analysis ◽  
Attack Detection ◽  
Intelligent Network ◽  
Automatic Assessment ◽  
Network Attacks ◽  
Homogeneous Groups ◽  
Network Attack ◽  
Detection Systems

The paper proposes an algorithm with self-learning elements for intrusion detection systems, as well as an improved clustering technique which is recorded by the data system concerning information security events. The proposed approaches differ from those known using an entropy approach allowing data to be presented as homogeneous groups, moreover, each such group (or cluster) may correspond to predetermined parameters. The proposed solutions relate to the possibilities of assessing dynamic dependencies between clusters characterizing the analysed classes of invasions. The studies have found that in case of manifestation of new signs of information security events, the corresponding scale changes and describes the distances between clusters. A computational experiment was conducted to verify the operability and adequacy of the proposed solutions. During the computational experiment, it has been found that step-by-step calculation of parameters of informative characteristics of network attacks allows to form sufficiently informative cluster structures of data having characteristic attributes. These attributes further become the basis for the knowledge base of intelligent network attack detection systems. Dynamic dependencies between clusters are calculated allowing for a sufficiently accurate definition of the many information security events that can become the source data for further automatic assessment of current threats extent detected by attack detection systems. The methodology and algorithm presented in the paper for clustering the signs of network attacks, in our opinion it is simpler for software implementation than existing analogues.

scholarly journals Computer Network Attack Detection Using Enhanced Clustering Technologies

2022 ◽  
Vol 9 (6) ◽  
Author(s):  
Dhamyaa Salim Mutar
Keyword(s):  
Machine Learning ◽  
Computer Network ◽  
Learning Algorithm ◽  
Attack Detection ◽  
Learning Technology ◽  
Feed Forward Neural Network ◽  
Network Attack ◽  
The Road ◽  
Network Intrusions ◽  
Smart Machine

The need for security means has brought from the fact of privacy of data especially after the communication revolution in the recent times. The advancement of data mining and machine learning technology has paved the road for establishment an efficient attack prediction paradigm for protecting of large scaled networks. In this project, computer network intrusions had been eliminated by using smart machine learning algorithm. Referring a big dataset named as KDD computer intrusion dataset which includes large number of connections that diagnosed with several types of attacks; the model is established for predicting the type of attack by learning through this data. Feed forward neural network model is outperformed over the other proposed clustering models in attack prediction accuracy.

Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach

2021 ◽  
pp. 1-30
Author(s):  
Qingtian Zou ◽  
Anoop Singhal ◽  
Xiaoyan Sun ◽  
Peng Liu
Keyword(s):  
Deep Learning ◽  
Attack Detection ◽  
Network Data ◽  
Learning Models ◽  
Real World Data ◽  
Network Attacks ◽  
Network Attack ◽  
Public Network ◽  
Network Intrusion ◽  
End To End

Network attacks have become a major security concern for organizations worldwide. A category of network attacks that exploit the logic (security) flaws of a few widely-deployed authentication protocols has been commonly observed in recent years. Such logic-flaw-exploiting network attacks often do not have distinguishing signatures, and can thus easily evade the typical signature-based network intrusion detection systems. Recently, researchers have applied neural networks to detect network attacks with network logs. However, public network data sets have major drawbacks such as limited data sample variations and unbalanced data with respect to malicious and benign samples. In this paper, we present a new end-to-end approach based on protocol fuzzing to automatically generate high-quality network data, on which deep learning models can be trained for network attack detection. Our findings show that protocol fuzzing can generate data samples that cover real-world data, and deep learning models trained with fuzzed data can successfully detect the logic-flaw-exploiting network attacks.

Network Attack Detection With SNMP-MIB Using Deep Neural Network

2020 ◽  
pp. 66-76
Author(s):  
Mouhammd Sharari Alkasassbeh ◽  
Mohannad Zead Khairallah
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Information Technologies ◽  
Deep Neural Network ◽  
Detection System ◽  
Attack Detection ◽  
Machine Learning Techniques ◽  
Network Attack ◽  
Security Breaches ◽  
Security Issues

Over the past decades, the Internet and information technologies have elevated security issues due to the huge use of networks. Because of this advance information and communication and sharing information, the threats of cybersecurity have been increasing daily. Intrusion Detection System (IDS) is considered one of the most critical security components which detects network security breaches in organizations. However, a lot of challenges raise while implementing dynamics and effective NIDS for unknown and unpredictable attacks. Consider the machine learning approach to developing an effective and flexible IDS. A deep neural network model is proposed to increase the effectiveness of intrusions detection system. This chapter presents an efficient mechanism for network attacks detection and attack classification using the Management Information Base (MIB) variables with machine learning techniques. During the evaluation test, the proposed model seems highly effective with deep neural network implementation with a precision of 99.6% accuracy rate.

scholarly journals A Semi-Supervised Learning Approach for Tackling Twitter Spam Drift

2019 ◽  
Vol 18 (02) ◽  
pp. 1950010 ◽  
Author(s):  
Niddal Imam ◽  
Biju Issac ◽  
Seibu Mary Jacob
Keyword(s):  
Machine Learning ◽  
Supervised Learning ◽  
Research Community ◽  
Machine Learning Techniques ◽  
Spam Detection ◽  
Learning Approach ◽  
New Approach ◽  
Detection Systems ◽  
Learning Techniques ◽  
Over Time

Twitter has changed the way people get information by allowing them to express their opinion and comments on the daily tweets. Unfortunately, due to the high popularity of Twitter, it has become very attractive to spammers. Unlike other types of spam, Twitter spam has become a serious issue in the last few years. The large number of users and the high amount of information being shared on Twitter play an important role in accelerating the spread of spam. In order to protect the users, Twitter and the research community have been developing different spam detection systems by applying different machine-learning techniques. However, a recent study showed that the current machine learning-based detection systems are not able to detect spam accurately because spam tweet characteristics vary over time. This issue is called “Twitter Spam Drift”. In this paper, a semi-supervised learning approach (SSLA) has been proposed to tackle this. The new approach uses the unlabeled data to learn the structure of the domain. Different experiments were performed on English and Arabic datasets to test and evaluate the proposed approach and the results show that the proposed SSLA can reduce the effect of Twitter spam drift and outperform the existing techniques.

Sign in / Sign up

Export Citation Format

Share Document