Comparison of Hybrid Intrusion Detection System

Cahyo, Aditya Nur; Sari, Anny Kartika; Riasetiawan, Mardhani

doi:10.1109/icitee49829.2020.9271727

Cited by 9 publications

(5 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It can base its operation on different modalities, the most common of them are: (i) anomaly-based, according to which it classifies the network activities based on a rules/heuristic-based strategy, then by analyzing their behavior instead querying a database of known patterns [25]; (ii) signature-based, where the new network activity pattern is compared to the known patterns stored in a database, and it is classified based on the basis of this comparison process [26]; (iii) specification-based, according to which the system inspects the involved protocols to detect anomalous sequences that may refer to an attack in progress [27]; (iv) hybrid-based, which does not represent a pure modality but a combination of the previous ones [28].…”

Section: Background and Related Workmentioning

confidence: 99%

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Saia,

Carta,

Fenu

et al. 2023

JAIT

View full text Add to dashboard Cite

The ever-increasing use of services based on computer networks, even in crucial areas unthinkable until a few years ago, has made the security of these networks a crucial element for anyone, also in consideration of the increasingly sophisticated techniques and strategies available to attackers. In this context, Intrusion Detection Systems (IDSs) play a primary role since they are responsible for analyzing and classifying each network activity as legitimate or illegitimate, allowing us to take the necessary countermeasures at the appropriate time. However, these systems are not infallible due to several reasons, the most important of which are the constant evolution of the attacks (e.g., zero-day attacks) and the problem that many of the attacks have behavior similar to those of legitimate activities, and therefore they are very hard to identify. This work relies on the hypothesis that the subdivision of the training data used for the IDS classification model definition into a certain number of partitions, in terms of events and features, can improve the characterization of the network events, improving the system performance. The non-overlapping data partitions train independent classification models, classifying the event according to a majority-voting rule. A series of experiments conducted on a benchmark real-world dataset support the initial hypothesis, showing a performance improvement with respect to a canonical training approach.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Saia,

Carta,

Fenu

et al. 2023

JAIT

View full text Add to dashboard Cite

show abstract

“…In contrast, anomaly-based systems strive to establish a baseline of normal behavior and flag any activity that strays from this standard. Given the dynamic nature of cybersecurity threats, adaptive security measures that combine these methodologies are the preferred choice [3], [38].…”

Section: Network Intrusion Detectionmentioning

confidence: 99%

Applications of Certainty Scoring for Machine Learning Classification in Multi-modal Contexts

Berenbeim,

Bierbrauer,

Cruickshank

et al. 2023

Preprint

View full text Add to dashboard Cite

<p>Quantitative characterizations and estimations of uncertainty are of fundamental importance for machine learning classification, particularly in safety-critical settings such as the military battlefield where continuous real-time monitoring requires explainable and reliable scoring. Reliance on the maximum a posteriori principle to determine label classification can obscure a model's certainty of label assignment. We develop quantitative scores of certainty and competence based on predicted probability estimates as an effective tool for inferring the verity of positives across different data modalities and architectures. Our theoretical results establish that competent models have distinct distributions of certainty for true and false positives. Our empirical results bear out that there are distinct distributions of certainty scores on training and holdout data, as well as data that is a priori out-of-distribution. Further, we find that the most reliable test for out-of-distribution data is to compare the global True positive certainty score distribution against test data. At least 92.3% of out-of-distribution are successfully identified this way across our two experimental modalities at the tranche level. Further, 100% of the out-of-context images are identified as out-of-distribution using the stochastic form of our out-of-distribution detection test across all five stochastic variants of the ResNet models. Consequently, we find that the use of our certainty framework provides a robust means of detecting out-of-distribution inputs, while also serving as a reliable mechanism for comparing model quality of accurately distinguishing between true and False positives, particularly in safety-critical contexts.</p>

show abstract

“…In Network-based IDS, the outside intrusion is very well detected, and it can protect all hosts, but there is too much traffic to analyze [63]. Hybrid IDS is flexible and provides more security as it combines features of both Host-based and Network-based IDS [64]. In Active IDS, definite action is taken for certain alerts, whereas only reports are generated, or alarms are raised in Passive IDS.…”

Section: Intrusion Detection Systemmentioning

confidence: 99%

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

2021

View full text Add to dashboard Cite

Internet of Things (IoT) technology is prospering and entering every part of our lives, be it education, home, vehicles, or healthcare. With the increase in the number of connected devices, several challenges are also coming up with IoT technology: heterogeneity, scalability, quality of service, security requirements, and many more. Security management takes a back seat in IoT because of cost, size, and power. It poses a significant risk as lack of security makes users skeptical towards using IoT devices. This, in turn, makes IoT vulnerable to security attacks, ultimately causing enormous financial and reputational losses. It makes up for an urgent need to assess present security risks and discuss the upcoming challenges to be ready to face the same. The undertaken study is a multi-fold survey of different security issues present in IoT layers: perception layer, network layer, support layer, application layer, with further focus on Distributed Denial of Service (DDoS) attacks. DDoS attacks are significant threats for the cyber world because of their potential to bring down the victims. Different types of DDoS attacks, DDoS attacks in IoT devices, impacts of DDoS attacks, and solutions for mitigation are discussed in detail. The presented review work compares Intrusion Detection and Prevention models for mitigating DDoS attacks and focuses on Intrusion Detection models. Furthermore, the classification of Intrusion Detection Systems, different anomaly detection techniques, different Intrusion Detection System models based on datasets, various machine learning and deep learning techniques for data pre-processing and malware detection has been discussed. In the end, a broader perspective has been envisioned while discussing research challenges, its proposed solutions, and future visions.

show abstract

Comparison of Hybrid Intrusion Detection System

Cited by 9 publications

References 27 publications

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Applications of Certainty Scoring for Machine Learning Classification in Multi-modal Contexts

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

Contact Info

Product

Resources

About