A New Architecture for Network Intrusion Detection and Prevention

Bul’ajoul, Waleed; James, Anne; Shaikh, Siraj Ahmed

doi:10.1109/access.2019.2895898

Cited by 23 publications

(15 citation statements)

References 18 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the location, they can be divided into host-based IDS and network-based IDS, the main object of the host-based IDS is the system's behaviors of the target program [8], and the main object of the network-based IDS is the analysis of network traffic. According to different ways of finding intrusions, IDS can be divided into feature-based, anomaly-based, and hybrid-based [9]. Feature-based IDS is based on the predefined network attack mode of network security experts.…”

Section: Related Workmentioning

confidence: 99%

A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy Gradient

Liu

Pan

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Attacker identification from network traffic is a common practice of cyberspace security management. However, network administrators cannot cover all security equipment due to the cyberspace management cost constraints, giving attackers the chance to escape from the surveillance of network security administrators by legitimate actions and to perform the attack in both physical domain and digital domain. Therefore, we proposed a hidden attack sequence detection method based on reinforcement learning to deal with the challenge through modeling the network administrators as an intelligent agent that learns their action policy from the interaction with the cyberspace environment. Following Deep Deterministic Policy Gradient (DDPG), the intelligent agent can not only discover the hidden attackers hiding in the legitimate action sequences but also reduce the cyberspace management cost. Furthermore, a dynamic reward DDPG method was proposed to improve defense performance, which set dynamic reward depending on the hidden attack sequences steps and agent’s check steps, compared to the fixed reward in common methods. Meanwhile, the method was verified in a simulated experimental cyberspace environment. Finally, the experimental results demonstrate that there are hidden attack sequences in cyberspace, and the proposed method can discover the hidden attack sequences. The dynamic reward DDPG shows superior performance in detecting hidden attackers, with a detection rate of 97.46%, which can improve the ability to discover hidden attackers and reduce the 6% cyberspace management cost compared to DDPG.

show abstract

Section: Related Workmentioning

confidence: 99%

A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy Gradient

Liu

Pan

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Testing was done from Wincap, Flooder Packet, and Transmission Control Protocol (TCP) replay tools as attackers transmit TCP and User Datagram Protocol (UDP) traffic attacks. Testing with Novel NIDPS method architecture and integrating with Cisco Layer 3 switch resulted in better attack prevention and detection methods despite massive traffic attacks or high-speed traffic to internal networks [6].…”

Section: Literature Reviewmentioning

confidence: 99%

Evaluation of Data Center Network Security based on Next-Generation Firewall

Alhasan¹,

Surantha²

2021

IJACSA

View full text Add to dashboard Cite

This study aims to create a network security system that can mitigate attacks carried out by internal users and reduce attacks from internal networks. Further, a network security system is expected to overcome the difficulty of mitigating attacks carried out by internal users. The goal of this research is to analyze the effectiveness of the Next-Generation Firewall implemented to improve network security. The method used in this research is the comparison method with a test of TCP SYN attack, UDP flood attack, ICMP smurf attack, and DHCP starvation attack on a company network. From the experiment results, it can be concluded that the Next-Generation Firewall has significantly better performance for protecting mitigating attacks carried out by internal users on a company network. It can increase the security of data communication networks against threats from the internal networks.

show abstract

“…The eq. [6] shows another optimizer called Adamax. The difference between Adam and Adamax is, it extends the L2 norm of past gradients to L-infinity norm.…”

Section: Kernel Principal Component Analysis (Kpca)mentioning

confidence: 99%

“…Additionally, data which will be exchanged among these devices will be enormous. This made our research focus on identifying attacks more rapidly [6] [7]. Therefore efficient IDS for resource-constrained devices is required to identify and stop malicious activities.…”

Section: Introductionmentioning

confidence: 99%

Multi Core DNN based IDS for Botnet Attacks using KPCA Reduction Techniques

Sharmila

Nagapadma

2021

Preprint

View full text Add to dashboard Cite

Research on network security has recently acquired attention in the field of the Internet of Things. In the context of security, most of the IoT devices with the internet are connected directly which results in the exploitation of private data. Nowadays, the fraudster will release novel attacks very frequently especially for IoT devices. As a result, the traditional sophisticated Intrusion Detection System (IDS) model is not suitable for the identification of vulnerabilities in IoT devices. In our research work, we propose MCDNN for IDS. MCDNN is Multi Core DNN with having parallel optimizer. Rather than a traditional dataset, this paper experiment is conducted on the BoTIoT dataset. Since IoT devices generate a huge volume of data, this work focuses on reducing huge datasets using Kernel Principal Component Analysis(KPCA) reduction technique with optimizer parallelly. To decrease false alarm rate and maintaining less computational power multi-core is introduced in our research work. This helps identification of vulnerabilities in IoT devices using deep learning techniques faster. Experimental results indicate that designing MCDNN based IDS with different optimizers parallelly achieved higher performance than those of other techniques.

show abstract

A New Architecture for Network Intrusion Detection and Prevention

Cited by 23 publications

References 18 publications

A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy Gradient

A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy Gradient

Evaluation of Data Center Network Security based on Next-Generation Firewall

Multi Core DNN based IDS for Botnet Attacks using KPCA Reduction Techniques

Contact Info

Product

Resources

About

A New Architecture for Network Intrusion Detection and Prevention

Cited by 23 publications

References 18 publications

A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy Gradient

A Hidden Attack Sequences Detection Method Based on Dynamic Reward Deep Deterministic Policy Gradient

Evaluation of Data Center Network Security based on Next-Generation Firewall

Multi Core DN​N based IDS for Botnet Attacks using KPCA Reduction Techniques

Contact Info

Product

Resources

About

Multi Core DNN based IDS for Botnet Attacks using KPCA Reduction Techniques