A Hybrid Approach for Network Intrusion Detection

Nebhen, Jamel; Mehmood, Mavra; Javed, Talha; Abbas, Sidra; Abid, Rabia; Bojja, Giridhar Reddy; Rizwan, Muhammad

doi:10.32604/cmc.2022.019127

Cited by 34 publications

(22 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent researches on network traffic classification focused on using statistical approach such as machine learning algorithm for classifying network traffic. However, the ML classification results (accuracy) becomes low over time as the application behavior changes [1].…”

Section: Hybrid-based Classification Methodsmentioning

confidence: 99%

“…Therefore, network traffic classification is an important foundation for identifying unknown Internet applications which have abnormal behaviors. In particular, network classification can detect traffic which includes threats, such as denial of service, flooding attacks and other such threats [1,2].…”

Section: Introductionmentioning

confidence: 99%

“…In the home network, traffic classification can help to enhance the Quality of Service (QoS) of Internet services. In general, the identification of Internet traffic helps in classifying of different types of attackers [1].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Hybrid Online Classifier System for Internet Traffic Based on Statistical Machine Learning Approach and Flow Port Number

et al. 2021

View full text Add to dashboard Cite

Internet traffic classification is a beneficial technique in the direction of intrusion detection and network monitoring. After several years of searching, there are still many open problems in Internet traffic classification. The hybrid classifier combines more than one classification method to identify Internet traffic. Using only one method to classify Internet traffic poses many risks. In addition, an online classifier is very important in order to manage threats on traffic such as denial of service, flooding attack and other similar threats. Therefore, this paper provides some information to differentiate between real and live internet traffic. In addition, this paper proposes a hybrid online classifier (HOC) system. HOC is based on two common classification methods, port-base and ML-base. HOC is able to perform an online classification since it can identify live Internet traffic at the same time as it is generated. HOC was used to classify three common Internet application classes, namely web, WhatsApp and Twitter. HOC produces more than 90% accuracy, which is higher than any individual classifiers.

show abstract

Section: Hybrid-based Classification Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Online Classifier System for Internet Traffic Based on Statistical Machine Learning Approach and Flow Port Number

et al. 2021

View full text Add to dashboard Cite

show abstract

“…For online banking fraud prevention, Mehmood and colleagues [29] employ a Hidden Markov Model (HMM). As a result, the bank's system has developed a one-time password that is sent directly to each customer's registered cell phone, ensuring that only legal transactions are rejected.…”

Section: Related Workmentioning

confidence: 99%

Detection of Distributed Denial of Service (DDoS) Attacks in IOT Based Monitoring System of Banking Sector Using Machine Learning Models

et al. 2022

View full text Add to dashboard Cite

Cyberattacks can trigger power outages, military equipment problems, and breaches of confidential information, i.e., medical records could be stolen if they get into the wrong hands. Due to the great monetary worth of the data it holds, the banking industry is particularly at risk. As the number of digital footprints of banks grows, so does the attack surface that hackers can exploit. This paper aims to detect distributed denial-of-service (DDOS) attacks on financial organizations using the Banking Dataset. In this research, we have used multiple classification models for the prediction of DDOS attacks. We have added some complexity to the architecture of generic models to enable them to perform well. We have further applied a support vector machine (SVM), K-Nearest Neighbors (KNN) and random forest algorithms (RF). The SVM shows an accuracy of 99.5%, while KNN and RF scored an accuracy of 97.5% and 98.74%, respectively, for the detection of (DDoS) attacks. Upon comparison, it has been concluded that the SVM is more robust as compared to KNN, RF and existing machine learning (ML) and deep learning (DL) approaches.

show abstract

“…In [20], the authors developed a hybrid network IDS model to address low false-negative and high false (cited as per the text) rates.…”

Section: Related Workmentioning

confidence: 99%

Visualizing Realistic Benchmarked IDS Dataset: CIRA-CIC-DoHBrw-2020

et al. 2022

View full text Add to dashboard Cite

Intrusion Detection System (IDS) dataset is crucial to detect lateral movement of cyber-attacks. IDS dataset will help to train the IDS classifier model to achieve earliest detection. A good near-realism public dataset is essential to assist the development of advanced IDS classifier models. However, the available public IDS dataset has long been under scrutiny for its practicality to reflect real low-footprint cyber threats, render real-time network scenario, reflect recent malware attack over newly developed DoH protocol, disregard layer 3 information and finally publish contradictory results of classification and analysis between various studies which makes it non-reproducible and without shareable results. This problem can be resolved by sophisticatedly visualizing a new realistic, real-time, low footprint and up-to-date benchmarked dataset. Visualization helps to detect data deformation before designing the optimized and highly accurate classifier model. Therefore, this study aims to review a new realistic benchmarked IDS dataset and apply sophisticated technique to visualize them. The review starts by carefully examining production network features. These are then compared with various well-established public IDS datasets. Many of them are static, unrealistic metafeatures and disregard source and destination Internet Protocol (IP) information except CIRA-CIC-DoHBrw-2020 dataset. The study then applies Eigen Centrality (EC) technique from the graph theory to visualize this layer 3 (L3) information. Finally, using various visualization techniques such as Principal Component Analysis (PCA) and Gaussian Mixture Model (GMM), the study further analyzes and subsequently visualizes the data. Results show that the CIRA-CIC-DoHBrw-2020 simulated recent malware attack and has a very imbalanced dataset which reflects the realistic low-footprint cyber-attacks. The centrality graph clearly visualizes IPs that are compromised by recent DoH attack in real-time, and the study concludes decisively that smaller packet length of size 1000 to 2000 bytes is to fit an attack trait.

show abstract

A Hybrid Approach for Network Intrusion Detection

Cited by 34 publications

References 28 publications

A Hybrid Online Classifier System for Internet Traffic Based on Statistical Machine Learning Approach and Flow Port Number

A Hybrid Online Classifier System for Internet Traffic Based on Statistical Machine Learning Approach and Flow Port Number

Detection of Distributed Denial of Service (DDoS) Attacks in IOT Based Monitoring System of Banking Sector Using Machine Learning Models

Visualizing Realistic Benchmarked IDS Dataset: CIRA-CIC-DoHBrw-2020

Contact Info

Product

Resources

About