An efficient local region and clustering-based ensemble system for intrusion detection

Nguyen, Huu Hoa; Harbi, Nouria; Darmont, Jérôme

doi:10.1145/2076623.2076647

Cited by 15 publications

(11 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The clustering technique follows a simple rule; whenever the input network instances match one of the intrusion signatures, the system reacts to the security administrator concerning the possible threat in details, one of the limitations of proposed system is the paucity of extracted features, which is a lot less compared to the features in popular datasets such as UNSW-NB15, KDD99, and NSL-KDD datasets. Although various clustering techniques have been used for NADSs, the most utilized techniques for malicious detection are regular and co-clustering techniques using different strategies and processing methods [ 9 , 65 , 66 ]. For example, the K-means, as a regular clustering method, assembles features from the dataset instances, but co-clustering techniques concurrently consider both features and instances in the dataset to make clusters.…”

Section: Machine Learning Techniques For Network Malicious Behavior Detection and Recognitionmentioning

confidence: 99%

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Rabbani

Wang

Khoshkangini

et al. 2021

Entropy

View full text Add to dashboard Cite

Network anomaly detection systems (NADSs) play a significant role in every network defense system as they detect and prevent malicious activities. Therefore, this paper offers an exhaustive overview of different aspects of anomaly-based network intrusion detection systems (NIDSs). Additionally, contemporary malicious activities in network systems and the important properties of intrusion detection systems are discussed as well. The present survey explains important phases of NADSs, such as pre-processing, feature extraction and malicious behavior detection and recognition. In addition, with regard to the detection and recognition phase, recent machine learning approaches including supervised, unsupervised, new deep and ensemble learning techniques have been comprehensively discussed; moreover, some details about currently available benchmark datasets for training and evaluating machine learning techniques are provided by the researchers. In the end, potential challenges together with some future directions for machine learning-based NADSs are specified.

show abstract

Section: Machine Learning Techniques For Network Malicious Behavior Detection and Recognitionmentioning

confidence: 99%

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Rabbani

Wang

Khoshkangini

et al. 2021

Entropy

View full text Add to dashboard Cite

show abstract

“…Most of the researchers are now days creating own customized dataset. Sources can be a heterogeneous in manner used for data collection [23]. Most of the sources can be log files, audit files, and packets entering in the network from various senders.…”

Section: Related Workmentioning

confidence: 99%

“…Methodology Classifiers [6] Supervised, Ensemble SVM, RF [12] Supervised, Ensemble SVM, KNN [13] Supervised, Ensemble RF, j48 [14] Supervised, DT [15] Supervised, Ensemble Multiple SVM [16] Supervised, Ensemble ANN, SVM, DT, KNN [17] Ensemble SVM, weighted majority, KNN [19] Ensemble K means and SVM [20] Supervised, Ensemble RF [21] Supervised, Ensemble Clustering, SVM [22] Supervised, Ensemble BIRCH, SVM [23] Semi-Supervised DT, weighted mean and k means clustering…”

Section: Numbermentioning

confidence: 99%

Hybrid Architecture for Distributed Intrusion Detection System Using Semi-supervised Classifiers in Ensemble Approach

Khonde¹,

Ulagamuthalvi²

2020

AMA_B

View full text Add to dashboard Cite

Security of data is becoming a big treat today because of modern attacks. All the data passing through network is at risk as intruders can easily access and modify data. Security to the network is provided using Intrusion Detection System (IDS) which helps to monitor and analyze each packet entering or passing through the network. In this paper hybrid architecture for IDS is proposed which can work as an intelligent system in distributed environment. Proposed system makes use of semi-supervised machine learning classifiers into an ensemble approach. Classifiers used are Support vector machine, decision tree and k-nearest neighbor. Ensemble of this classifier is done and final prediction is given by majority voting algorithm. This system makes use of feature selection technique to reduce number of features used for training various classifiers. Experiments are conducted on NSL-KDD dataset. From results it is observed that ensemble technique increases accuracy by 3% and reduces false alarm rate by 0.05. System performance improves if used in ensemble approach as compare to individual classifier.

show abstract

“…Using a hybrid (combine different data mining methods) approach is very interesting because it takes care about alert management [7] [8]. H.Nguyen et al [9] use an ensemble system of classifiers, called CBE based on K-mean algorithm but the classe number must be fixed a priori [10]. This may take time depending on the number of servers to be monitored.…”

Section: B Data Mining-based Idssmentioning

confidence: 99%

Hybrid Intrusion Detection in Information Systems

Pierrot

Harbi

Darmont

2016

2016 International Conference on Information Science and Security (ICISS)

Self Cite

View full text Add to dashboard Cite

The expansion and democratization of the digital world coupled with the effect of the Internet globalization, has allowed for individuals, countries, states and companies to interconnect and interact at incidence levels never previously imagined. Cybercrime, in turn, is unfortunately one the negative aspects of this rapid global interconnection expansion. We often find malicious individuals and/or groups aiming to undermine the integrity of Information Systems for either financial gain or to serve a cause. Our study investigates and proposes a hybrid data mining methodology in order to detect abnormal behavior that could potentially threaten the security of an Information System, in a simple way that is understandable to all involved parties, whether they are security experts or standard users.

show abstract

An efficient local region and clustering-based ensemble system for intrusion detection

Cited by 15 publications

References 16 publications

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Hybrid Architecture for Distributed Intrusion Detection System Using Semi-supervised Classifiers in Ensemble Approach

Hybrid Intrusion Detection in Information Systems

Contact Info

Product

Resources

About