An End-to-End Framework for Machine Learning-Based Network Intrusion Detection System

Bertoli, Gustavo de Carvalho; Pereira, Lourenço Alves; Saotome, Osamu; Santos, Aldri; Verri, Filipe Alves Neto; Marcondes, Cesar Augusto Cavalheiro; Barbieri, Sidnei; Rodrigues, Moises S.; Oliveira, José M. Parente de

doi:10.1109/access.2021.3101188

Cited by 61 publications

(27 citation statements)

References 34 publications

(58 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Gustavo et al [ 16 ] introduced the AB-TRAP framework to facilitate the full deployment of the solution, which allows the use of new network traffic and takes operational factors into account. Their methodology includes developing attack and legitimate datasets, training machine learning models, putting the solution into practice on a target system, and assessing the effectiveness of the security module.…”

Section: Related Workmentioning

confidence: 99%

Composition of Hybrid Deep Learning Model and Feature Optimization for Intrusion Detection System

Henry

Gautam

Khanna

et al. 2023

Sensors

View full text Add to dashboard Cite

Recently, with the massive growth of IoT devices, the attack surfaces have also intensified. Thus, cybersecurity has become a critical component to protect organizational boundaries. In networks, Intrusion Detection Systems (IDSs) are employed to raise critical flags during network management. One aspect is malicious traffic identification, where zero-day attack detection is a critical problem of study. Current approaches are aligned towards deep learning (DL) methods for IDSs, but the success of the DL mechanism depends on the feature learning process, which is an open challenge. Thus, in this paper, the authors propose a technique which combines both CNN, and GRU, where different CNN–GRU combination sequences are presented to optimize the network parameters. In the simulation, the authors used the CICIDS-2017 benchmark dataset and used metrics such as precision, recall, False Positive Rate (FPR), True Positive Rate (TRP), and other aligned metrics. The results suggest a significant improvement, where many network attacks are detected with an accuracy of 98.73%, and an FPR rate of 0.075. We also performed a comparative analysis with other existing techniques, and the obtained results indicate the efficacy of the proposed IDS scheme in real cybersecurity setups.

show abstract

Section: Related Workmentioning

confidence: 99%

Composition of Hybrid Deep Learning Model and Feature Optimization for Intrusion Detection System

Henry

Gautam

Khanna

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Sirisha et al [20] used the KDDTrain+ and KDDTest+ files. However, Bertoli et al [19] noted limitations of the data which rendered use of the data in ML-based solutions impractical.…”

Section: Datasetsmentioning

confidence: 99%

Reproducing Random Forest Efficacy in Detecting Port Scanning

Pittman¹

2023

Preprint

View full text Add to dashboard Cite

Port scanning is the process of attempting to connect to various network ports on a computing endpoint to determine which ports are open and which services are running on them. It is a common method used by hackers to identify vulnerabilities in a network or system. By determining which ports are open, an attacker can identify which services and applications are running on a device and potentially exploit any known vulnerabilities in those services. Consequently, it is important to detect port scanning because it is often the first step in a cyber attack. By identifying port scanning attempts, cybersecurity professionals can take proactive measures to protect the systems and networks before an attacker has a chance to exploit any vulnerabilities. Against this background, researchers have worked for over a decade to develop robust methods to detect port scanning. One such method revealed by a recent systematic review is the random forest supervised machine learning algorithm. The review revealed six existing studies using random forest since 2021. Unfortunately, those studies each exhibit different results, do not all use the same training and testing dataset, and only two include source code. Accordingly, the goal of this work was to reproduce the six random forest studies while addressing the apparent shortcomings. The outcomes are significant for researchers looking to explore random forest to detect port scanning and for practitioners interested in reliable technology to detect the early stages of cyber attack.

show abstract

“…Como destacado em [De Carvalho Bertoli et al 2021], além de produzir modelos de aprendizado, o passo no sentido de sua operacionalizac ¸ão (MLOps) é importante. Logo, a observância de modelos plausíveis de implementac ¸ão nos dispositivos-alvo deve ser considerado.…”

Section: Trabalhos Relacionadosunclassified

Detecção incremental de comportamento malicioso em VANETs

Dutra¹,

Bonfim²,

Travagini³

et al. 2022

Anais Do XXII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2022)

Self Cite

View full text Add to dashboard Cite

Falsificação de posição em C-ITS pode causar efeitos desastrosos no trânsito, sendo um problema em aberto na literatura. Este trabalho apresenta o DISMISS-BSM, um algoritmo capaz de identificar os ataques de falsificação de posição, utilizando dois novos atributos preditores e uma nova forma de agrupamento das mensagens em janelas deslizantes de análise de tamanho incremental, aliando agilidade e eficácia na detecção. Para avaliação do desempenho foram utilizados cinco modelos de aprendizado de máquina. Destacam-se o desempenho na detecção dos ataques random offset, superando os demais trabalhos da área, e o custo-benefício do modelo Decision Tree, com média de tempo de treinamento e inferência, de 47,617 e 0,085 seg, respectivamente.

show abstract

An End-to-End Framework for Machine Learning-Based Network Intrusion Detection System

Cited by 61 publications

References 34 publications

Composition of Hybrid Deep Learning Model and Feature Optimization for Intrusion Detection System

Composition of Hybrid Deep Learning Model and Feature Optimization for Intrusion Detection System

Reproducing Random Forest Efficacy in Detecting Port Scanning

Detecção incremental de comportamento malicioso em VANETs

Contact Info

Product

Resources

About