Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw, Ebrima; Wang, Xueming

doi:10.3390/sym13101764

Cited by 54 publications

(39 citation statements)

References 81 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, it evaluates how well the SARG can efficiently generate standard and reliable Snort rules by executing SARG against live attacks in existing pcap files. Finally, this section will also highlight the results and performance evaluation of the (SEC) model that significantly mitigates the challenges of the vast alerts generated by the Snort IDS and the earlier proposed feature selection and ensemble-based IDS ( Jaw & Wang, 2021 ).…”

Section: Resultsmentioning

confidence: 99%

“…(ii) Investigate the apparent relationship of COTIME and correlated alerts and present solutions to how we can correlate a larger sample size of alerts within an acceptable time frame to mitigate the need for unceasing computing resources. (iii) Finally, evaluate SEC within a live network environment instead of pcap files and auto-generate reliable and efficient Snort rules using the knowledge of the proposed anomaly IDS ( Jaw & Wang, 2021 ).…”

Section: Discussionmentioning

confidence: 99%

“…In addressing these security challenges, specifically for IDSs, the research industry has proposed significant pieces of literature with remarkable achievements in lessening the huge false alarm rates of current cutting-edge proposed systems ( Mahfouz et al, 2020 ; Zhou et al, 2020 ). Nevertheless, irrespective of these significant achievements, there is still a need to propose new approaches with much efficiency and effectiveness to help mitigate the vast false alarm rates of the earlier proposed systems ( Jaw & Wang, 2021 ). Therefore, this paper presents a novel alert correlation model that correlates and prioritizes IDS alerts.…”

Section: Methodsmentioning

confidence: 99%

See 2 more Smart Citations

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…As a result, the other types-based accuracy performances were also low, supporting this prediction. Jaw et al 36 designed an ensemble classifier (K-means, OneClass SVM, and Expectation-Maximization) and classified the UNSWNB-15 dataset into multiple classes. They used the genetic algorithm for the proposed approach and achieved an overall accuracy of 99.99%.…”

Section: Discussionmentioning

confidence: 99%

Detecting attacks on IoT devices with probabilistic Bayesian neural networks and hunger games search optimization approaches

Toğaçar

2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Technologies that enable physical objects to communicate with each other are attracting a lot of interest day by day. Internet of Things (IoT) is a communication network that is used to connect with technological devices and systems.The growth of IoT networks has led to malicious targeting of these systems by third parties. To prevent such malicious purposes, network security should be at the forefront. Recently, artificial intelligence-based approaches have been used in security domains. Two accessible datasets were used in this study. The datasets consist of simulated bot IoT network traffic data containing distributed denial-of-service (DDoS) attack types. In the proposed approach, probabilistic Bayesian neural networks and normal Bayesian neural networks are used as the deep learning models. All features of the dataset were trained using two models. Then, the datasets were optimized using hunger games search (HGS) method and the most efficient parameters of the datasets were selected and retrained using deep learning models. In the analysis performed using the proposed approach, an overall accuracy of 100% was obtained for the dataset used in the first experiment and 99.99% for the dataset used in the second experiment. It was also observed that metaheuristic optimization helps the proposed approach to save time in detecting DDoS attacks.

show abstract

“…However, these valuable data are generally localized in practical applications and divided into asymmetric and symmetric data distributions. Examples include symmetrical relationships between data from extra-vehicular networks and asymmetrical probability distributions of malicious and normal network traffic [10]. Hence, the information security problem has always been one of the important factors of ICV that should be considered [2,11].…”

Section: Introductionmentioning

confidence: 99%

TCAN-IDS: Intrusion Detection System for Internet of Vehicle Using Temporal Convolutional Attention Network

Cheng

et al. 2022

Symmetry

View full text Add to dashboard Cite

Intrusion detection systems based on recurrent neural network (RNN) have been considered as one of the effective methods to detect time-series data of in-vehicle networks. However, building a model for each arbitration bit is not only complex in structure but also has high computational overhead. Convolutional neural network (CNN) has always performed excellently in processing images, but they have recently shown great performance in learning features of normal and attack traffic by constructing message matrices in such a manner as to achieve real-time monitoring but suffer from the problem of temporal relationships in context and inadequate feature representation in key regions. Therefore, this paper proposes a temporal convolutional network with global attention to construct an in-vehicle network intrusion detection model, called TCAN-IDS. Specifically, the TCAN-IDS model continuously encodes 19-bit features consisting of an arbitration bit and data field of the original message into a message matrix, which is symmetric to messages recalling a historical moment. Thereafter, the feature extraction model extracts its spatial-temporal detail features. Notably, global attention enables global critical region attention based on channel and spatial feature coefficients, thus ignoring unimportant byte changes. Finally, anomalous traffic is monitored by a two-class classification component. Experiments show that TCAN-IDS demonstrates high detection performance on publicly known attack datasets and is able to accomplish real-time monitoring. In particular, it is anticipated to provide a high level of symmetry between information security and illegal intrusion.

show abstract

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Cited by 54 publications

References 81 publications

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Detecting attacks on IoT devices with probabilistic Bayesian neural networks and hunger games search optimization approaches

TCAN-IDS: Intrusion Detection System for Internet of Vehicle Using Temporal Convolutional Attention Network

Contact Info

Product

Resources

About