A Detailed Analysis of Benchmark Datasets for Network Intrusion Detection System

Ghurab, Mossa; Gaphari, Ghaleb; Alshami, Faisal; Alshamy, Reem; Othman, Suad

doi:10.9734/ajrcos/2021/v7i430185

Cited by 50 publications

(29 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Classical supervised learning models learn from historical data and continuously need to be retrained to detect new attacks. The limitation of this study is that both datasets are simulated and not realistic Ghurab, Gaphari, Alshamy, Othman and Suad (2021). Many criticisms of the KDD Cup 1999 for example are related the fact that no validation was ever performed to show that the dataset is actually similar to real network traffic Wang, Yang, Jing and Jin (2014).…”

Section: Discussionmentioning

confidence: 99%

Enabling intrusion detection systems with dueling double deep Q-learning

Badr

2022

DTS

View full text Add to dashboard Cite

PurposeIn this research, the authors demonstrate the advantage of reinforcement learning (RL) based intrusion detection systems (IDS) to solve very complex problems (e.g. selecting input features, considering scarce resources and constrains) that cannot be solved by classical machine learning. The authors include a comparative study to build intrusion detection based on statistical machine learning and representational learning, using knowledge discovery in databases (KDD) Cup99 and Installation Support Center of Expertise (ISCX) 2012.Design/methodology/approachThe methodology applies a data analytics approach, consisting of data exploration and machine learning model training and evaluation. To build a network-based intrusion detection system, the authors apply dueling double deep Q-networks architecture enabled with costly features, k-nearest neighbors (K-NN), support-vector machines (SVM) and convolution neural networks (CNN).FindingsMachine learning-based intrusion detection are trained on historical datasets which lead to model drift and lack of generalization whereas RL is trained with data collected through interactions. RL is bound to learn from its interactions with a stochastic environment in the absence of a training dataset whereas supervised learning simply learns from collected data and require less computational resources.Research limitations/implicationsAll machine learning models have achieved high accuracy values and performance. One potential reason is that both datasets are simulated, and not realistic. It was not clear whether a validation was ever performed to show that data were collected from real network traffics.Practical implicationsThe study provides guidelines to implement IDS with classical supervised learning, deep learning and RL.Originality/valueThe research applied the dueling double deep Q-networks architecture enabled with costly features to build network-based intrusion detection from network traffics. This research presents a comparative study of reinforcement-based instruction detection with counterparts built with statistical and representational machine learning.

show abstract

Section: Discussionmentioning

confidence: 99%

Enabling intrusion detection systems with dueling double deep Q-learning

Badr

2022

DTS

View full text Add to dashboard Cite

show abstract

“…This three-stage based architecture can increase user trust while filtering out all cloaked dangerous network data by introducing transparency to the decision-making process. CSE-CIC IDS 2018 [214] dataset was utilized to evaluate the performance of the proposed framework and the presented architecture produced accuracy rates of 98.5 percent and 100 percent, respectively on the test dataset and adversarial samples.…”

Section: ) Network Intrusionmentioning

confidence: 99%

Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research

et al. 2022

View full text Add to dashboard Cite

This survey presents a comprehensive review of current literature on Explainable Artificial Intelligence (XAI) methods for cyber security applications. Due to the rapid development of Internetconnected systems and Artificial Intelligence in recent years, Artificial Intelligence including Machine Learning (ML) and Deep Learning (DL) has been widely utilized in the fields of cyber security including intrusion detection, malware detection, and spam filtering. However, although Artificial Intelligence-based approaches for the detection and defense of cyber attacks and threats are more advanced and efficient compared to the conventional signature-based and rule-based cyber security strategies, most ML-based techniques and DL-based techniques are deployed in the ''black-box'' manner, meaning that security experts and customers are unable to explain how such procedures reach particular conclusions. The deficiencies of transparencies and interpretability of existing Artificial Intelligence techniques would decrease human users' confidence in the models utilized for the defense against cyber attacks, especially in current situations where cyber attacks become increasingly diverse and complicated. Therefore, it is essential to apply XAI in the establishment of cyber security models to create more explainable models while maintaining high accuracy and allowing human users to comprehend, trust, and manage the next generation of cyber defense mechanisms. Although there are papers reviewing Artificial Intelligence applications in cyber security areas and the vast literature on applying XAI in many fields including healthcare, financial services, and criminal justice, the surprising fact is that there are currently no survey research articles that concentrate on XAI applications in cyber security. Therefore, the motivation behind the survey is to bridge the research gap by presenting a detailed and up-to-date survey of XAI approaches applicable to issues in the cyber security field. Our work is the first to propose a clear roadmap for navigating the XAI literature in the context of applications in cyber security.

show abstract

“…AIDS is a research and development tool that compares current user activity to established profiles to detect aberrant behaviours that could be intrusions. AIDSs are excellent in detecting network-level attacks, and they are a good approach to spot unknown attacks [14]. Nonetheless, when dealing with the overlap between regular and aberrant traffic patterns, each detection approach has flaws; some shortcomings result in false positives, false negatives, slow networks, and increased CPU utilization [15].…”

Section: Introductionmentioning

confidence: 99%

A Novel MWKF-LSTM Based Intrusion Detection System for the IoT-Cloud Platform with Efficient User Authentication and Data Encryption Models

P¹,

Retnaswamy

2022

Preprint

View full text Add to dashboard Cite

During the past decade, the Internet of Things (IoT) integrated Cloud (IoT-Cloud) has gotten a lot of attention. Security turns out to be an important issue in the IoT-Cloud scenario as millions of devices is connected via the internet. Developing an intrusion detection system (IDS) along with a prevention model to improve IoT-Cloud security, with considered delay, detection rate, as well as false-positive rate are the most important research problems. Here, a new deep learning (DL) model, Morlet Wavelet Kernel Function included Long Short Term Memory (MWKF-LSTM) classifier is proposed to recognize the intrusions in the IoT-Cloud environment. Initially, to maintain a user’s privacy in the network, the SHA-512 hashing mechanism incorporated blockchain authentication (SHABA) model is developed that checks the authenticity of every device/user in the network for data uploading in the cloud. After successful authentication, the data is transmitted to the cloud through various gateways. Then the IDS using MWKF-LSTM is implemented for identifying the type of intrusions present in the received IoT data. The MWKF-LSTM classifier comes up with the Differential Evaluation based Dragonfly Algorithm (DEDFA) optimal feature selection (FS) model for increasing the performance of the classification. After intrusion detection (ID), the non-attacked data is encrypted as well as stored in the cloud securely utilizing Enhanced Elliptical Curve Cryptography (E2CC) mechanism. Finally, in the data retrieval phase, the authentication of the user is again checked for ensuring user privacy and preventing the encrypted data in the cloud from intruders. To show the efficacy of the proposed research model, simulations are performed and the outcomes prove the superior performance of the presented approach over existing models.

show abstract

A Detailed Analysis of Benchmark Datasets for Network Intrusion Detection System

Cited by 50 publications

References 58 publications

Enabling intrusion detection systems with dueling double deep Q-learning

Enabling intrusion detection systems with dueling double deep Q-learning

Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research

A Novel MWKF-LSTM Based Intrusion Detection System for the IoT-Cloud Platform with Efficient User Authentication and Data Encryption Models

Contact Info

Product

Resources

About