Anomaly-Based Intrusion Detection System

Jyothsna, V.; Prasad, KDV

doi:10.5772/intechopen.82287

Cited by 26 publications

(16 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many techniques have been used for developing NIDS including computing based, data mining based, statistical based, machine learning, cognitive based or knowledge based, user intention identification, etc. [24] Machine learning techniques are one of the most used approaches due to their ability to learn patterns from data and differentiate between abnormal and normal traffic. Many classical machine learning techniques have been applied in IDS [29].…”

Section: Related Work In Ids Developmentmentioning

confidence: 99%

Handling class Imbalance problem in Intrusion Detection System based on deep learning

Mbow

Koide

Sakurai

2022

IJNC

View full text Add to dashboard Cite

Network intrusion detection system(NIDS) is the most used tool to detect malicious network activities. The NIDS has achieved in the recent years promising results for detecting known and novel attacks, with the adoption of deep learning. However, these NIDSs still have shortcomings. Most of the datasets used for NIDS are highly imbalanced, where the number of samples that belong to normal traffic is much larger than the attack traffic. The problem of imbalanced class skews the results. It limits the deep learning classifier's performance for minority classes by misleading the classifier to be biased in favor of the majority class. To improve the detection rate for minority classes while ensuring efficiency, this study proposes a hybrid approach to handle the imbalance problem. This hybrid approach is a combination of oversampling with Synthetic Minority Over-Sampling (SMOTE) and Tomek link, an undersampling method to reduce noise. Additionally, this study uses two deep learning models such as Long Short-Term Memory Network (LSTM) and Convolutional Neural Network (CNN) to provide a better intrusion detection system. The advantage of our proposed model is tested in NSL-KDD, CICIDS2017 datasets. In addition, we evaluate the method in the most recent intrusion detection dataset, CICIDS2018 dataset. We use 10-fold cross validation in this work to train the learning models and an independent test set for evaluation. The experimental results show that in the multi-class classification with NSLKDD dataset, the proposed model reached an overall accuracy and Fscore of 99% and 99.0.2% respectively on LSTM, an overall accuracy and Fscore of 99.70% and 99.27% respectively for CNN. And with CICIDS2017 an overall accuracy and Fscore of 99.65% and 98 % respectively on LSTM, an overall accuracy and Fscore of 99.85% and 98.98% respectively for CNN. In CICIDS2018 the proposed method achieved an overall detection rate and Fscore of 95% and 94% respectively.

show abstract

Section: Related Work In Ids Developmentmentioning

confidence: 99%

Handling class Imbalance problem in Intrusion Detection System based on deep learning

Mbow

Koide

Sakurai

2022

IJNC

View full text Add to dashboard Cite

show abstract

“…In the second phase, which is the testing phase, previously unseen intrusions are learned using a new dataset. AIDS can be divided into statistics-based, knowledge-based, and machine-learning methods [28].…”

Section: Page 302mentioning

confidence: 99%

Machine Learning and Deep Learning Techniques for IoT-based Intrusion Detection Systems: A Literature Review

Thomas¹,

Bhat

2021

IJMTS

View full text Add to dashboard Cite

Purpose: The authors attempt to examine the work done in the area of Intrusion Detection System in IoT utilizing Machine Learning/Deep Learning technique and various accessible datasets for IoT security in this review of literature. Methodology: The papers in this study were published between 2014 and 2021 and dealt with the use of IDS in IoT security. Various databases such as IEEE, Wiley, Science Direct, MDPI, and others were searched for this purpose, and shortlisted articles used Machine Learning and Deep Learning techniques to handle various IoT vulnerabilities. Findings/Result: In the past few years, the IDS has grown in popularity as a result of their robustness. The main idea behind intrusion detection systems is to detect intruders in a given region. An intruder is a host that tries to connect to other nodes without permission in the world of the Internet of Things. In the field of IDS, there is a research gap. Different ML/DL techniques are used for IDS in IoT. But it does not properly deal with complexity issues. Also, these techniques are limited to some attacks, and it does not provide high accuracy. Originality: A review had been executed from various research works available from online databases and based on the survey derived a structure for the future study. Paper Type: Literature Review.

show abstract

“…Moreover, countless types of cyber-attacks have evolved dramatically since the inception of the Internet and the swift growth of ground-breaking technologies. For example, social engineering or phishing ( Kushwaha, Buckchash & Raman, 2017 ), zero-day attack ( Jyothsna & Prasad, 2019 ), malware attack ( McIntosh et al, 2019 ), denial of service (DoS) ( Verma & Ranga, 2020 ), unauthorized access of confidential and valuable resources ( Saleh, Talaat & Labib, 2019 ). Additionally, according to the authors of Papastergiou, Mouratidis & Kalogeraki (2020) , a nation’s competitive edge in the global market and national security is currently driven by harnessing these efficient, productive, and highly secure leading-edge technologies with intelligent and dynamic means of timely detection and prevention of cyberattacks.…”

Section: Introductionmentioning

confidence: 99%

“…Otherwise, the anomaly detection system triggers an alert of anomaly ( Kagara & Md Siraj, 2020 ). It is essential to note that the main design idea of the anomaly detection method is to outline and represent the usual and expected standard behavior profile through observing activities and then defining anomalous activities by their degree of deviation from the expected behavior profile using statistical-based, knowledge-based, and machine learning-based methods ( Jyothsna & Prasad, 2019 ; Khraisat et al, 2020 ). The acceptable network behavior can be learned using the predefined network conditions, more like blocklists or allowlists that determine the network behavior outside a predefined acceptable range.…”

Section: Introductionmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.

show abstract

Anomaly-Based Intrusion Detection System

Cited by 26 publications

References 10 publications

Handling class Imbalance problem in Intrusion Detection System based on deep learning

Handling class Imbalance problem in Intrusion Detection System based on deep learning

Machine Learning and Deep Learning Techniques for IoT-based Intrusion Detection Systems: A Literature Review

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Contact Info

Product

Resources

About