Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System

Shankar, D.; George, G. Victo Sudha; S, Janardhana Naidu J N S; Madhuri, P Shyamala

doi:10.14569/ijacsa.2023.0140129

Cited by 8 publications

(10 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another area of concern emerging in the current literature is the differentiation or classification accuracy between ransomware and other malware types [29], [30], which can affect the reliability and precision of the detection process. Moreover, many methodologies rely heavily on the quality and comprehensiveness of their training data [31], [32]. This leads to potential biases or inadequacies in their predictive capabilities.…”

Section: Comparative Analysis Of Existing Studiesmentioning

confidence: 99%

“…In 2021, Nkongolo et al [7] introduced the UGRansome dataset (Figure 3). UGRansome has demonstrated its inestimable value in identifying and combating ransomware threats, even those deemed zero-day vulnerabilities [32], [51]. What differentiates UGRansome from other datasets in the domain of Intrusion Detection Systems (IDS) is its all-encompassing coverage of previously unexplored ransomware attack types [52].…”

Section: A the Experimental Datasetmentioning

confidence: 99%

“…This metric assesses the algorithm's precision in positive predictions, where a high precision denotes fewer false positive errors. Recall, synonymous with sensitivity or true positive rate, gauges the ratio of true positive predictions to the overall number of actual positives (comprising true positives and false negatives) [31], [32]. It evaluates the algorithm's capacity to correctly identify all positive instances.…”

Section: B Evaluationmentioning

confidence: 99%

“…Furthermore, categorical variables were proficiently converted into numerical equivalents, making them suitable for a wide range of modeling and analytical https:// journal.uob.edu.bh The enriched dataset will enhance the model's understanding of underlying patterns, leading to improved accuracy and performance in predictive tasks. Overall, the numerical enrichment of the dataset empowers ML models to extract meaningful insights and make more accurate https:// journal.uob.edu.bh predictions [31], [32], [48].…”

Section: A Data Pre-processingmentioning

confidence: 99%

See 3 more Smart Citations

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

Nkongolo Wa Nkongolo

2024

IJCDS

View full text Add to dashboard Cite

This research introduces innovative features tailored to capture distinctive characteristics of ransomware activity within the cryptocurrency ecosystem. The study employs a multifaceted analysis to delve into ransomware-related data encompassing transaction metadata, ransom analysis, behavioral patterns, and financial aspects. A feature selection algorithm is explored to discern ransomware transactions in Bitcoin (BTC) and the United States Dollar (USD) using the UGRansome dataset. This comprehensive dataset of ransomware-related transactions facilitates the proposal of novel features designed to capture the unique traits of ransomware activity. The correlation matrix and temporal analysis of these features contribute to a nuanced understanding of the dynamic nature of ransomware threats. The research presents the Ransomware Feature Selection Algorithm (RFSA) based on Gini Impurity and Mutual Information (MI) to effectively select crucial ransomware features. Evaluation metrics such as precision, recall, accuracy, and F1 score highlight the effectiveness of the RFSA. The analysis reveals that approximately 68% of ransomware incidents involve BTC transactions ranging from 1.46 to 2.56, with an average of 2.01 BTC transactions per attack. Moreover, ransomware causes financial damages ranging from 4.38 to 172.36 USD, with an average damage of 88.37 USD. The RFSA identifies 17 ransomware types and their associated malware to shed light on their characteristics. The study investigates the pricing of ransomware and reveals that TowerWeb is associated with the highest fee, amounting to 135.26 BTC, while CryptoLocker has the lowest fee, recorded at 10.51 BTC. Additionally, the impact of ransomware duration on financial gains and network flow is investigated, disclosing a correlation between extended duration and higher financial gains. The research achieves outstanding performance metrics, including an MI score of 95%, accuracy of 93%, recall of 92%, and precision of 89%. These results showcase the superiority of the proposed approach over existing studies, emphasizing the dynamic and adaptable nature of ransomware demands. The findings suggest that there is no fixed amount for specific cyberattacks. This underscores the importance of adapting to the evolving landscape of ransomware threats.

show abstract

Section: Comparative Analysis Of Existing Studiesmentioning

confidence: 99%

Section: A the Experimental Datasetmentioning

confidence: 99%

Section: B Evaluationmentioning

confidence: 99%

Section: A Data Pre-processingmentioning

confidence: 99%

See 2 more Smart Citations

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

Nkongolo Wa Nkongolo

2024

IJCDS

View full text Add to dashboard Cite

show abstract

“…The detection of malicious traffic in the network is considered a binary and multiclassification issue. The AI (artificial intelligence) based models detect the intrusion in the network through various criteria like network based model, host based model, anomaly based model and signature based model [9,10,28]. Among these, signature-based network intrusion detection is widely utilized by creating a set of rules for identifying the network pattern.…”

Section: Introductionmentioning

confidence: 99%

Lightweight Hybrid CAE-ELM and Enhanced Smote Based Intrusion Detection for Networks

2023

IJIES

View full text Add to dashboard Cite

The intrusion detection system (IDS) plays an imperative role in defending the network from attacks. But, the IDS data is imbalanced, making the process complex for detecting the attacks accurately. According to these problems, this study proposes a network intrusion detection system based on an enhanced synthetic minority oversampling technique (SMOTE) and lightweight hybrid CAE (convolutional auto encoder)-ELM (extreme learning machine) model. Initially, the normalization of the original data is performed to avoid the influence of the maximum and minimum values. Secondly, an enhanced SMOTE is employed for solving the issues of the less detection rate of minority-attacks because of less training data. Here, the war strategy optimization (WSO) is incorporated with the SMOTE to design a novel WSO-based SMOTE technique for balancing the dataset. The three major steps utilized in WSO-based SMOTE are WSO based clustering, filtering and over-sampling. Then, the Information gain and fisher score based features extraction is employed for the reduction of computational complexity prior to the intrusion detection. Finally, the lightweight hybrid CAE-ELM model is executed for attack detection. CAEs are one of the most commonly used learning models because of their ability to construct a higher-level feature representation from the input data. Another model used in intrusion detection is the ELM, which provides an acceptable discrimination performance as well as a fast speed of learning. The performance of the proposed NIDS model is tested on the two benchmark datasets and achieved better accuracies of 99.21% and 99.15% on the UNSW-NB15 and CSE-CIC-IDS2018 datasets.

show abstract

Zero-Day Threats Detection for Critical Infrastructures

Nkongolo

Tokmak

2023

South African Institute of Computer Scientists and Information Technologists

View full text Add to dashboard Cite

Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System

Cited by 8 publications

References 64 publications

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

Lightweight Hybrid CAE-ELM and Enhanced Smote Based Intrusion Detection for Networks

Zero-Day Threats Detection for Critical Infrastructures

Contact Info

Product

Resources

About