A Hybrid Anomaly Classification with Deep Learning (DL) and Binary Algorithms (BA) as Optimizer in the Intrusion Detection System (IDS)

Atefi, Kayvan; Hashim, Habibah; Khodadadi, Touraj

doi:10.1109/cspa48992.2020.9068725

Cited by 22 publications

(8 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to horizontally compare the performance of the LS model proposed in this article with other algorithm models, this chapter selected the commonly used XGBoost iterative algorithm, random forest algorithm in the field of traffic anomaly detection, and the recently proposed hybrid network by Atifi et al [31] as the control group for comparative experiments. According to the Table 8, it can be seen that the LS model proposed in this article has the best F1-score on the DNTAD dataset, reaching 74.56%.…”

Section: Resultsmentioning

confidence: 99%

Research on Anomaly Network Detection Based on Self-Attention Mechanism

Ruan

et al. 2023

Sensors

View full text Add to dashboard Cite

Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accuracy of network traffic anomaly detection. The specific research work mainly includes the following two aspects: 1. In order to construct a more comprehensive dataset, this article first starts from the raw data of the classic traffic anomaly detection dataset UNSW-NB15 and combines the feature extraction standards and feature calculation methods of other classic detection datasets to re-extract and design a feature description set for the original traffic data in order to accurately and completely describe the network traffic status. We reconstructed the dataset DNTAD using the feature-processing method designed in this article and conducted evaluation experiments on it. Experiments have shown that by verifying classic machine learning algorithms, such as XGBoost, this method not only does not reduce the training performance of the algorithm but also improves its operational efficiency. 2. This article proposes a detection algorithm model based on LSTM and the recurrent neural network self-attention mechanism for important time-series information contained in the abnormal traffic datasets. With this model, through the memory mechanism of the LSTM, the time dependence of traffic features can be learned. On the basis of LSTM, a self-attention mechanism is introduced, which can weight the features at different positions in the sequence, enabling the model to better learn the direct relationship between traffic features. A series of ablation experiments were also used to demonstrate the effectiveness of each component of the model. The experimental results show that, compared to other comparative models, the model proposed in this article achieves better experimental results on the constructed dataset.

show abstract

Section: Resultsmentioning

confidence: 99%

Research on Anomaly Network Detection Based on Self-Attention Mechanism

Ruan

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Atefi et al [34] proposed an ensemble-based modified adaptive boosting algorithm to detect network intrusions that have two types such as M-Adaboost-A-SMV and M-Adaboost-A-PSO. This proposed work aimed to solve the imbalance in the network intrusions detection which covers the area of boosting process.…”

Section: Related Workmentioning

confidence: 99%

Three level intrusion detection system based on conditional generative adversarial network

Abdulameer¹,

Musa²,

Salim

2023

IJECE

View full text Add to dashboard Cite

<span lang="EN-US">Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.</span>

show abstract

“…All intrusive activity is considered anomalous by Anomaly detection [13,[15][16][17][23][24][25]. That is, an activity does not match standard treatment as an intrusion.…”

Section: Related Workmentioning

confidence: 99%

Development of PCCNN-Based Network Intrusion Detection System for EDGE Computing

Abodayeh¹,

Raza²,

Rafiq³

et al. 2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Intrusion Detection System (IDS) plays a crucial role in detecting and identifying the DoS and DDoS type of attacks on IoT devices. However, anomaly-based techniques do not provide acceptable accuracy for efficacious intrusion detection. Also, we found many difficulty levels when applying IDS to IoT devices for identifying attempted attacks. Given this background, we designed a solution to detect intrusions using the Convolutional Neural Network (CNN) for Enhanced Data rates for GSM Evolution (EDGE) Computing. We created two separate categories to handle the attack and non-attack events in the system. The findings of this study indicate that this approach was significantly effective. We attempted both multiclass and binary classification. In the case of binary, we clustered all malicious traffic data in a single class. Also, we developed 13 layers of Sequential 1-D CNN for IDS detection and assessed them on the public dataset NSL-KDD. Principal Component Analysis (PCA) was implemented to decrease the size of the feature vector based on feature extraction and engineering. The approach proposed in the current investigation obtained accuracies of 99.34% and 99.13% for binary and multiclass classification, respectively, for the NSL-KDD dataset. The experimental outcomes showed that the proposed Principal Component-based Convolution Neural Network (PCCNN) approach achieved greater precision based on deep learning and has potential use in modern intrusion detection for IoT systems.

show abstract

A Hybrid Anomaly Classification with Deep Learning (DL) and Binary Algorithms (BA) as Optimizer in the Intrusion Detection System (IDS)

Cited by 22 publications

References 20 publications

Research on Anomaly Network Detection Based on Self-Attention Mechanism

Research on Anomaly Network Detection Based on Self-Attention Mechanism

Three level intrusion detection system based on conditional generative adversarial network

Development of PCCNN-Based Network Intrusion Detection System for EDGE Computing

Contact Info

Product

Resources

About