A two-stage intrusion detection approach for software-defined IoT networks

Tian, Qiuting; Han, Dong‐Guk; Hsieh, Meng-Yen; Li, Kuan‐Ching; Castiglione, Arcangelo

doi:10.1007/s00500-021-05809-y

Cited by 17 publications

(5 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Jafarian et al [16], Kaur [17], Jain and Kaur [21], Rashid et al [29], Wang et al [30] demonstrate that stacking generates a promising intrusion detection capability; however, most of the proposed stacking procedures do not consider LR as a second-level algorithm, as suggested by [32]. Alternatively, combiner strategies, such as majority voting [22] and weighted majority voting [25,28] may be utilized as anomaly detectors. The most prevalent mode of voting is majority rule.…”

Section: Related Workmentioning

confidence: 99%

“…In the intrusion detection field, feature selection techniques have also been exploited [34,35]. Specifically, bio-inspired algorithms have gained popularity and evolved into an alternate method for finding the optimal feature subset from the feature space [19,25,36]. Other filterbased approaches such as IG, gain ratio, chi-squared, and Pearson correlation have been intensively utilized to remove unnecessary features [16,20,22,28,29].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

PSO-Driven Feature Selection and Hybrid Ensemble for Network Anomaly Detection

Louk

Tama

2022

BDCC

View full text Add to dashboard Cite

As a system capable of monitoring and evaluating illegitimate network access, an intrusion detection system (IDS) profoundly impacts information security research. Since machine learning techniques constitute the backbone of IDS, it has been challenging to develop an accurate detection mechanism. This study aims to enhance the detection performance of IDS by using a particle swarm optimization (PSO)-driven feature selection approach and hybrid ensemble. Specifically, the final feature subsets derived from different IDS datasets, i.e., NSL-KDD, UNSW-NB15, and CICIDS-2017, are trained using a hybrid ensemble, comprising two well-known ensemble learners, i.e., gradient boosting machine (GBM) and bootstrap aggregation (bagging). Instead of training GBM with individual ensemble learning, we train GBM on a subsample of each intrusion dataset and combine the final class prediction using majority voting. Our proposed scheme led to pivotal refinements over existing baselines, such as TSE-IDS, voting ensembles, weighted majority voting, and other individual ensemble-based IDS such as LightGBM.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

PSO-Driven Feature Selection and Hybrid Ensemble for Network Anomaly Detection

Louk

Tama

2022

BDCC

View full text Add to dashboard Cite

show abstract

“…Em Tian et al (2021) [Tian et al 2021] é proposto uma abordagem de detecc ¸ão e classificac ¸ão de ataques em dois estágios para o contexto de Redes Definidas por Software (SDN -Software Defined Networks). Os autores utilizam um estágio para selecionar as características de rede usando um método bio-inspirado para se obter um conjunto otimizado das características mais relevantes.…”

Section: Trabalhos Relacionadosunclassified

“…O sistema proposto é avaliado nas bases de dados KDD99 e UNSW-NB15, obtendo acurácia de detecc ¸ão da presenc ¸a de ataques próxima de 100% para o KDD99 e próxima de 90% para o UNSW-NB15. Em termos de classificac ¸ão dos ataques, para a base KDD99 os resultados em todos os ataques foram próximos de 100%, porém, assim como em Tian et al (2021), para o UNSW-NB15 o sistema proposto teve apenas bons resultados para os ataques de classes majoritárias. Os autores também apresentam os resultados do tempo necessário em cada estágio da sua abordagem, e também o tempo por instância analisada.…”

Section: Trabalhos Relacionadosunclassified

Sistema Híbrido e On-line de Detecção e Classificação de Tráfego Malicioso

Abreu¹,

Abelem²

2022

Anais Do XL Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2022)

View full text Add to dashboard Cite

Diversas metodologias de Aprendizado de Máquina têm sido propostas para melhorar a segurança em redes de computadores e reduzir os danos causados pela ação de agentes maliciosos. Entretanto, detectar e classificar ataques de forma acurada e precisa ainda é um grande desafio nas redes atuais. Este artigo propõe um sistema on-line de detecção de ataques e classificação de tráfego de rede, que combina de forma híbrida Aprendizado de Máquina por Stream, o Aprendizado Profundo e a técnica Ensemble. Utilizando múltiplos estágios de análise dos dados, o sistema detecta a presença de fluxos de tráfegos maliciosos e classifica-os de acordo com o tipo de ataque que eles representam. O sistema foi avaliado em três bases de dados de referência em segurança, nas quais obteve acurácia e precisão acima de 90%, com taxa de falso alarme reduzida.

show abstract

“…In Tian et al ( 2021) [12] a two-stage attack detection and classification approach is proposed for the context of Software Defined Networks (SDN). The authors use the first stage to select the network features using a bio-inspired method to obtain an optimized set of the most relevant features.…”

Section: Introductionmentioning

confidence: 99%

OMINACS: Online ML-Based IoT Network Attack Detection and Classification System

Abreu,

Abelém

2023

Preprint

View full text Add to dashboard Cite

Several Machine Learning (ML) methodologies have been proposed to improve security in Internet Of Things (IoT) networks and reduce the damage caused by the action of malicious agents. However, detecting and classifying attacks with high accuracy and precision is still a major challenge. This paper proposes an online attack detection and network traffic classification system, which combines stream Machine Learning, Deep Learning, and Ensemble Learning technique. Using multiple stages of data analysis, the system can detect the presence of malicious traffic flows and classify them according to the type of attack they represent. Furthermore, we show how to implement this system both in an IoT network and from an ML point of view. The system was evaluated in three IoT network security datasets, in which it obtained accuracy and precision above 90% with a reduced false alarm rate.

show abstract

A two-stage intrusion detection approach for software-defined IoT networks

Cited by 17 publications

References 41 publications

PSO-Driven Feature Selection and Hybrid Ensemble for Network Anomaly Detection

PSO-Driven Feature Selection and Hybrid Ensemble for Network Anomaly Detection

Sistema Híbrido e On-line de Detecção e Classificação de Tráfego Malicioso

OMINACS: Online ML-Based IoT Network Attack Detection and Classification System

Contact Info

Product

Resources

About