IDERES: Intrusion detection and response system using machine learning and attack graphs

Rose, Joseph; Swann, Matthew; Grammatikakis, Konstantinos-Panagiotis; Koufos, Ioannis; Bendiab, Gueltoum; Shiaeles, Stavros; Kolokotronis, Nicholas

doi:10.1016/j.sysarc.2022.102722

Cited by 20 publications

(4 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By actively and dynamically profiling and monitoring all interconnected devices, it effectively identifies potential tampering attempts on IoT devices and detects suspicious transactions occurring within the network. In 28 puts forth an advanced intrusion detection solution with a focus on IoT environments. This solution operates on an anomaly-based principle, constantly profiling and monitoring networked devices.…”

Section: Literature Reviewmentioning

confidence: 99%

Firefly algorithm based WSN-IoT security enhancement with machine learning for intrusion detection

Karthikeyan,

Manimegalai,

RajaGopal

2024

Sci Rep

View full text Add to dashboard Cite

A Wireless Sensor Network (WSN) aided by the Internet of Things (IoT) is a collaborative system of WSN systems and IoT networks are work to exchange, gather, and handle data. The primary objective of this collaboration is to enhance data analysis and automation to facilitate improved decision-making. Securing IoT with the assistance of WSN necessitates the implementation of protective measures to confirm the safety and reliability of the interconnected WSN and IoT components. This research significantly advances the current state of the art in IoT and WSN security by synergistically harnessing the potential of machine learning and the Firefly Algorithm. The contributions of this work are twofold: firstly, the proposed FA-ML technique exhibits an exceptional capability to enhance intrusion detection accuracy within the WSN-IoT landscape. Secondly, the amalgamation of the Firefly Algorithm and machine learning introduces a novel dimension to the domain of security-oriented optimization techniques. The implications of this research resonate across various sectors, ranging from critical infrastructure protection to industrial automation and beyond, where safeguarding the integrity of interconnected systems are of paramount importance. The amalgamation of cutting-edge machine learning and bio-inspired algorithms marks a pivotal step forward in crafting robust and intelligent security measures for the evolving landscape of IoT-driven technologies. For intrusion detection in the WSN-IoT, the FA-ML method employs a support vector machine (SVM) machine model for classification with parameter tuning accomplished using a Grey Wolf Optimizer (GWO) algorithm. The experimental evaluation is simulated using NSL-KDD Dataset, revealing the remarkable enhancement of the FA-ML technique, achieving a maximum accuracy of 99.34%. In comparison, the KNN-PSO and XGBoost models achieved lower accuracies of 96.42% and 95.36%, respectively. The findings validate the potential of the FA-ML technique as an active security solution for WSN-IoT systems, harnessing the power of machine learning and the Firefly Algorithm to bolster intrusion detection capabilities.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Firefly algorithm based WSN-IoT security enhancement with machine learning for intrusion detection

Karthikeyan,

Manimegalai,

RajaGopal

2024

Sci Rep

View full text Add to dashboard Cite

show abstract

“…Hercule [31], Tiresias [32], Attack2vec [33], ATLAS [1], and IDERES [34] use machine learning techniques to model attack behaviors. Hercule uses community detection algorithms to correlate attack events, identifying clear behavioral divisions between threat events and normal events.…”

Section: Related Workmentioning

confidence: 99%

ProvGRP: A Context-Aware Provenance Graph Reduction and Partition Approach for Facilitating Attack Investigation

Li,

Zhang,

Liu

2023

Electronics

View full text Add to dashboard Cite

Attack investigation is a crucial technique in proactively defending against sophisticated attacks. Its purpose is to identify attack entry points and previously unknown attack traces through comprehensive analysis of audit data. However, a major challenge arises from the vast and redundant nature of audit logs, making attack investigation difficult and prohibitively expensive. To address this challenge, various technologies have been proposed to reduce audit data, facilitating efficient analysis. However, most of these techniques rely on defined templates without considering the rich context information of events. Moreover, these methods fail to remove false dependencies caused by the coarse-grained nature of logs. To address these limitations, this paper proposes a context-aware provenance graph reduction and partition approach for facilitating attack investigation named ProvGRP. Specifically, three features are proposed to determine whether system events are the same behavior from multiple dimensions. Based on the insight that information paths belonging to the same high-level behavior share similar information flow patterns, ProvGRP generates information paths containing context, and identifies and merges paths that share similar flow patterns. Experimental results show that ProvGRP can efficiently reduce provenance graphs with minimal loss of crucial information, thereby facilitating attack investigation in terms of runtime and results.

show abstract

“…Intrusion prevention systems (IPS) represent a subset of IDS that actively stops or blocks identified intrusions. They can generate alerts, recognize fraudulent activities, restore interfaces, restrict traffic from irrelevant IP addresses, and filter out undesirable transportation and network-related options [5]. IDSs can be categorized based on the detection location (network or host) or the detection mechanism used (signature or anomaly-based).…”

Section: Introductionmentioning

confidence: 99%

Scientific Elegance in NIDS: Unveiling Cardinality Reduction, Box-Cox Transformation, and ADASYN for Enhanced Intrusion Detection

Alabrah

2024

CMC

View full text Add to dashboard Cite

The emergence of digital networks and the wide adoption of information on internet platforms have given rise to threats against users' private information. Many intruders actively seek such private data either for sale or other inappropriate purposes. Similarly, national and international organizations have country-level and company-level private information that could be accessed by different network attacks. Therefore, the need for a Network Intruder Detection System (NIDS) becomes essential for protecting these networks and organizations. In the evolution of NIDS, Artificial Intelligence (AI) assisted tools and methods have been widely adopted to provide effective solutions. However, the development of NIDS still faces challenges at the dataset and machine learning levels, such as large deviations in numeric features, the presence of numerous irrelevant categorical features resulting in reduced cardinality, and class imbalance in multiclass-level data. To address these challenges and offer a unified solution to NIDS development, this study proposes a novel framework that preprocesses datasets and applies a boxcox transformation to linearly transform the numeric features and bring them into closer alignment. Cardinality reduction was applied to categorical features through the binning method. Subsequently, the class imbalance dataset was addressed using the adaptive synthetic sampling data generation method. Finally, the preprocessed, refined, and oversampled feature set was divided into training and test sets with an 80-20 ratio, and two experiments were conducted. In Experiment 1, the binary classification was executed using four machine learning classifiers, with the extra trees classifier achieving the highest accuracy of 97.23% and an AUC of 0.9961. In Experiment 2, multiclass classification was performed, and the extra trees classifier emerged as the most effective, achieving an accuracy of 81.27% and an AUC of 0.97. The results were evaluated based on training, testing, and total time, and a comparative analysis with state-of-the-art studies proved the robustness and significance of the applied methods in developing a timely and precision-efficient solution to NIDS.

show abstract

IDERES: Intrusion detection and response system using machine learning and attack graphs

Cited by 20 publications

References 26 publications

Firefly algorithm based WSN-IoT security enhancement with machine learning for intrusion detection

Firefly algorithm based WSN-IoT security enhancement with machine learning for intrusion detection

ProvGRP: A Context-Aware Provenance Graph Reduction and Partition Approach for Facilitating Attack Investigation

Scientific Elegance in NIDS: Unveiling Cardinality Reduction, Box-Cox Transformation, and ADASYN for Enhanced Intrusion Detection

Contact Info

Product

Resources

About