IDS Using Machine Learning - Current State of Art and Future Directions

Hamid, Yasir; Sugumaran, M.; Balasaraswathi, V. R.

doi:10.9734/bjast/2016/23668

Cited by 33 publications

(15 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Their experiments showed that evasions caused an exacerbation of the True Positive Rate(TPR) ranging from 7.8% to 66.8%, while the dataset augmentation increased the TPR by 4.21%-73.3%. However, all these proposed approaches are based on the anomaly-detection NIDS whose actual deployment is rarely seen due to its high false positive rate and low accuracy [27]. Du and Yang [28] developed probabilistic graphical models to analyse the impact of removal, insertion, and alteration evasion actions on performance of an NIDS.…”

Section: Related Workmentioning

confidence: 99%

Detection and Recognition of Atomic Evasions Against Network Intrusion Detection/Prevention Systems

et al. 2019

View full text Add to dashboard Cite

Network evasions can bypass network intrusion detection/prevention systems to deliver exploits, attacks, or malware to victims without being detected. This paper presents a novel method for the detection and recognition of atomic network evasions by the classification of a transmission control protocol (TCP) stream's packet behavior. The syntax for the conversion of TCP streams to codeword streams is proposed to facilitate the extraction of statistical features while preserving the evasion behavior attributes of original network flows. We developed a feature extraction method of employing the normalized term frequencies of codewords to characterize intra and inter packet attribute patterns hidden in actual TCP streams. A TCP stream is then transformed to a fixed length numeric feature vector. Supervised multi-class classifiers are built on the extracted feature vectors to differentiate different types of evasions from normal streams. The quantitative evaluations on an evasion dataset consisting of normal network flows and eight types of atomic evasion flows demonstrated that the proposed approach achieved an encouraging performance with an accuracy of 98.95%. INDEX TERMSNetwork intrusion detection/prevention, network evasion, term frequency and inverse document frequency.

show abstract

Section: Related Workmentioning

confidence: 99%

Detection and Recognition of Atomic Evasions Against Network Intrusion Detection/Prevention Systems

et al. 2019

View full text Add to dashboard Cite

show abstract

“…A discussion about the Network Intrusion Detection, techniques and open issues is given in [6]. A detailed survey of the research efforts spared for intrusion detection over last few decades is given in our work [7], with the plenty of works listed in the paper the authors conclude that Hybrid Machine Learning techniques have been used vastly. Authors in [8] proposed the hybrid Audit Data Analysis and Mining, where the anomaly detection is followed by misuse detection.…”

Section: Literature Reviewmentioning

confidence: 99%

Machine Learning Techniques for Intrusion Detection

Hamid

Sugumaran

Journaux

2016

Proceedings of the International Conference on Informatics and Analytics

Self Cite

View full text Add to dashboard Cite

With the growth of internet world has transformed into a global market with all monetary and business exercises being carried online. Being the most imperative resource of the developing scene, it is the vulnerable object and hence needs to be secured from the users with dangerous personality set. Since the Internet does not have focal surveillance component, assailants once in a while, utilizing varied and advancing hacking topologies discover a path to bypass framework"s security and one such collection of assaults is Intrusion. An intrusion is a movement of breaking into the framework by compromising the security arrangements of the framework set up. The technique of looking at the system information for the conceivable intrusions is known intrusion detection. For the last two decades, automatic intrusion detection system has been an important exploration point. Till now researchers have developed Intrusion Detection Systems (IDS) with the capability of detecting attacks in several available environments; latest on the scene are Machine Learning approaches. Machine learning techniques are the set of evolving algorithms that learn with experience, have improved performance in the situations they have already encountered and also enjoy a broad range of applications in speech recognition, pattern detection, outlier analysis etc. There are a number of machine learning techniques developed for different applications and there is no universal technique that can work equally well on all datasets. In this work, we evaluate all the machine learning algorithms provided by Weka against the standard data set for intrusion detection i.e. KddCupp99. Different measurements contemplated are False Positive Rate, precision, ROC, True Positive Rate.

show abstract

“…A complete survey of intrusion detection attempts using machine learning is given in our work [10], from the paper it is concluded that SVM is one of the most popular techniques for designing an intrusion detection system. Authors in [11] have attempted to compare the SVM with neural networks, even thought the accuracy of the two is more or less the same , time taken to build up the model is less is less in SVM.…”

Section: Literature Surveymentioning

confidence: 99%

A Fusion of Feature Extraction and Feature Selection Technique for Network Intrusion Detection

Hamid¹,

Sugumaran²,

Journaux³

2016

IJSIA

Self Cite

View full text Add to dashboard Cite

With varied and widespread attacks on information systems, intrusion detection systems (IDS) have become an indispensable part of security policy for protecting data. IDS monitor event logs and network traffic to uncover suspicious connections that deviate from the regular profile and identify them as threats or attacks. Like most of the cases the dataset used for intrusion detection i.e., KDD99 suffers two problems: imbalanced class distribution and curse of dimensionality. In this work SMOTE has been used for balancing the dataset and once balanced, Principal Component Analysis (PCA) has been used to extract the features. And after that on the transformed dataset Correlation based Feature Selection (CFS) is used to select a subset of important features. The reduced dimension dataset is tested with Support Vector Machines (SVM). Obtained results demonstrate improved detection accuracy, computational efficiency with minimal false alarms and less system resources utilization

show abstract

IDS Using Machine Learning - Current State of Art and Future Directions

Cited by 33 publications

References 0 publications

Detection and Recognition of Atomic Evasions Against Network Intrusion Detection/Prevention Systems

Detection and Recognition of Atomic Evasions Against Network Intrusion Detection/Prevention Systems

Machine Learning Techniques for Intrusion Detection

A Fusion of Feature Extraction and Feature Selection Technique for Network Intrusion Detection

Contact Info

Product

Resources

About