A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System

Ouiazzane, Said; Addou, Malika; Barramou, Fatimazahra

doi:10.1007/978-3-030-91738-8_43

Cited by 6 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Intrusion detection with deep learning models on zero-day attacks is a highly researched topic [63][64][65][66]. Multiple papers [2,[64][65][66][67][68] claim that the advantage of machinelearning-based intrusion detection systems is the ability to detect zero-day attacks. In the next experiment, we test this claim in the context of multiclass classification.…”

Section: Fourth Experiment: Zero-day Attacksmentioning

confidence: 99%

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

Schrötter,

Niemann,

Schnor

2024

Information

View full text Add to dashboard Cite

Over the last few years, a plethora of papers presenting machine-learning-based approaches for intrusion detection have been published. However, the majority of those papers do not compare their results with a proper baseline of a signature-based intrusion detection system, thus violating good machine learning practices. In order to evaluate the pros and cons of the machine-learning-based approach, we replicated a research study that uses a deep neural network model for intrusion detection. The results of our replicated research study expose several systematic problems with the used datasets and evaluation methods. In our experiments, a signature-based intrusion detection system with a minimal setup was able to outperform the tested model even under small traffic changes. Testing the replicated neural network on a new dataset recorded in the same environment with the same attacks using the same tools showed that the accuracy of the neural network dropped to 54%. Furthermore, the often-claimed advantage of being able to detect zero-day attacks could not be seen in our experiments.

show abstract

Section: Fourth Experiment: Zero-day Attacksmentioning

confidence: 99%

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

Schrötter,

Niemann,

Schnor

2024

Information

View full text Add to dashboard Cite

show abstract

“…2) CICIDS2017 dataset preprocessing a) Composition of the intial CICIDS2017 dataset: The CICIDS2017 dataset has been chosen to model the network baseline, as it is reliable, up-to-date and can represent the modern real network traffic [33]. However, it poses certain cleaning, scaling and conversion problems for the use by machine learning algorithms [34]. Accordingly, preprocessing operations need to be undertaken before using the benign class to model the network baseline.…”

Section: Data Collectionmentioning

confidence: 99%

“…The abnormal class refers to all the attack classes mentioned in Table I. As a result, over-fitting and under-fitting problems can be generated during the learning phase [35]. www.ijacsa.thesai.org In order to overcome the problems of overfitting and underfitting, the dataset has been balanced to ensure a balanced presence of the different classes.…”

Section: Data Collectionmentioning

confidence: 99%

See 1 more Smart Citation

A Zero-Trust Model for Intrusion Detection in Drone Networks

OUIAZZANE,

ADDOU,

BARRAMOU

2023

IJACSA

View full text Add to dashboard Cite

Today's worldwide introduction of drone fleets in a range of industrial applications has led to numerous network security issues, opening drones up to cyberthreats. In response to these challenges, an innovative approach has been proposed to protect drone fleet networks against potentially dangerous cyberattacks. Indeed, drones are considered as flying computers, and the proposed approach takes into account their complex network structure and communication protocols. The proposed system is designed around a multi-agent architecture, with a hybrid zero-trust detection mechanism against known and emerging cyberthreats. The CICIDS2017 dataset was exploited after performing some essential pre-processing tasks including data cleaning, balancing, binarization and dimension reduction. The proposed approach guaranteed high levels of accuracy and scalability, enabling an effective response to potentially dangerous cyber threat scenarios threatening drone fleets. To evaluate the effectiveness of the proposed system, a test portion of CICIDS2017 was used. The accuracy in recognizing benign network traffic reached 99.99% with a very low false alarm rate, ensuring the system's effectiveness against known and unknown cyber threats. Extensive experimental testing has been carried out on never-before-seen data, highlighting the system's remarkable ability to rapidly recognize cyber threats in real time, thereby enhancing the overall security of drone networks. The contribution of the proposed approach is significant for drone network security, as it introduces a comprehensive model designed to meet the specific security requirements of drone fleets. Finally, the proposed approach offers practical prospects for improving the security of drone applications. Keywords-Fleet of drones; security; zero trust; intrusions; cybersecurity; zero day; Multi-Agent inter-drone communication and real-time data collection [12].There are a wide variety of possible deployments for drone fleets, from surveillance and inspection to precision farming, logistics and delivery, and disaster relief. [13] 2) Communication modes of a fleet of drones: A drone fleet can be designed based on four possible communication architectures: centralized communication architecture, cellular communication architecture, satellite communication architecture and adhoc communication architecture [14] [15]. a) Satellite communication architecture: This architecture involves establishing communications between drones via satellite connections as shown in Fig. 2. Such links offer global coverage and are therefore particularly well suited to applications requiring wide coverage in remote or extensive areas. [16]

show abstract

“…Additionally, current hybrid NIDPS designs do not have a method to identify and address these false positives, hindering the learning process of the system. Some researchers have proposed alternative hybrid NIDPS designs that eliminate the dependency on a central database [19]. This research expands on these ideas by introducing a new hybrid NIDPS architecture with two key functionalities: Manual Threat Inspection and Known False Positive Database.…”

mentioning

confidence: 99%

Combating Evolving Threats: A Signature-Anomaly Based Hybrid Intrusion Detection System for Smart Homes with False Positive Mitigation

Mehedy

2024

IJRASET

View full text Add to dashboard Cite

As people are looking for a more comfortable life, IoT applications are coming to play. Smart home system is one of the most popular IoT applications in the last decade. A smart home network is crucial to function smart home system properly. Cyber attacks on a smart home network can damage a lot. Network intrusion detection and prevention system (NIDPS) is a good solution to protect against Cyber threat in smart home network. This research will implement hybrid NIDPS in smart home network by combining signature based and anomaly-detection based NIDPS. This hybrid NIDPS will prevent known known attack from public internet, local internet and zero-day attack. Also, this system will be able to reduce false positive result and improve signature based NIDPS rules accurately by manual inspection.

show abstract

A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System

Cited by 6 publications

References 16 publications

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

A Zero-Trust Model for Intrusion Detection in Drone Networks

Combating Evolving Threats: A Signature-Anomaly Based Hybrid Intrusion Detection System for Smart Homes with False Positive Mitigation

Contact Info

Product

Resources

About