Implementing a network intrusion detection system using semi-supervised support vector machine and random forest

Shah, Sandeep; Muhuri, Pramita Sree; Yuan, Xiaohong; Chatterjee, Prosenjit

doi:10.1145/3409334.3452073

Cited by 14 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SVM's ability to handle high dimensional data and its potential to generalise well are key factors in its inclusion in this study. Shah et al (2021) introduced a semi-supervised IDS that employs support vector machines (SVMs) and random forests (RFs) (Shah et al, 2021). This IDS addresses the challenge of acquiring large, labelled datasets by leveraging semi-supervised learning.…”

Section: Related Workmentioning

confidence: 99%

Enhanced Network Security: A Data Mining Approach to Intrusion Detection

Teoh Chun Hwung,

Yusof

2024

jdsd

View full text Add to dashboard Cite

In the ever-evolving landscape of network security, the role of Intrusion Detection Systems (IDSs) is critical. These systems serve as the guardians of digital networks, defending against a relentless tide of cyber threats. However, the efficacy of IDSs in accurately detecting and preventing these threats remains a critical concern. The emergence of new attack vectors and the growing sophistication of cyberattacks underscore the need for innovative approaches to intrusion detection. Nonetheless, there is an information vacuum about the efficacy of different data mining approaches in intrusion detection. This study investigates the deployment of seven data mining models, which include Decision Tree, Random Forest, Support Vector Machine (SVM), Logistic Regression, Naïve Bayes, and two types of Recurrent Neural Networks (RNN) on five (5) IDS benchmark datasets. Based on the undertaken experiments, it is evident that the RNN is the best classifier as it obtained 100% accuracy for all datasets. Due to its strength in modelling time-dependent and sequential data problems, RNN has become powerful in predicting future attacks. As our digital world evolves, so must our cyber defences; hence, this study strives to equip network security professionals with the knowledge and tools needed to fortify their networks, ensuring resilience against the ever-adaptive landscape of cyber threats.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhanced Network Security: A Data Mining Approach to Intrusion Detection

Teoh Chun Hwung,

Yusof

2024

jdsd

View full text Add to dashboard Cite

show abstract

“…x new = x − x min x max − x min (9) There tend to be redundant or irrelevant features in the feature set. Feature analysis enables important features in the feature set to be extracted for higher speed and accuracy of model training.…”

Section: Feature Extraction Dataset Split and Metricsmentioning

confidence: 99%

“…NIDS is a major shield for the cybersecurity of the IoT; it can audit data packets in real time and when suspicious data is found, and it serves as a network security device that gives the alarm or takes response measures. Traditional NIDS [1][2][3][4][5][6][7][8][9] aim at binary classification or multi-classification and build a model through feature engineering (PCA "Principal Component Analysis", LDA "Linear Discriminant Analysis", SVD "Singular Value Decomposition", etc.) and machine learning (such as the BP neural network, CNN, RNN, SVM, etc.).…”

Section: Introductionmentioning

confidence: 99%

A Lightweight Intelligent Network Intrusion Detection System Using One-Class Autoencoder and Ensemble Learning for IoT

Yao

Hou

et al. 2023

Sensors

View full text Add to dashboard Cite

Network intrusion detection technology is key to cybersecurity regarding the Internet of Things (IoT). The traditional intrusion detection system targeting Binary or Multi-Classification can detect known attacks, but it is difficult to resist unknown attacks (such as zero-day attacks). Unknown attacks require security experts to confirm and retrain the model, but new models do not keep up to date. This paper proposes a Lightweight Intelligent NIDS using a One-Class Bidirectional GRU Autoencoder and Ensemble Learning. It can not only accurately identify normal and abnormal data, but also identify unknown attacks as the type most similar to known attacks. First, a One-Class Classification model based on a Bidirectional GRU Autoencoder is introduced. This model is trained with normal data, and has high prediction accuracy in the case of abnormal data and unknown attack data. Second, a multi-classification recognition method based on ensemble learning is proposed. It uses Soft Voting to evaluate the results of various base classifiers, and identify unknown attacks (novelty data) as the type most similar to known attacks, so that exception classification becomes more accurate. Experiments are conducted on WSN-DS, UNSW-NB15, and KDD CUP99 datasets, and the recognition rates of the proposed models in the three datasets are raised to 97.91%, 98.92%, and 98.23% respectively. The results verify the feasibility, efficiency, and portability of the algorithm proposed in the paper.

show abstract

“…Predictions are pooled from all Trees to make the final result of classification. In short, the Random Forest algorithm utilises a set of results to make a final prediction/ classification, and they are commonly named Ensemble Learning approaches [25]. The relevance of features is computed by using the decrease in the impurity of weighted nodes.…”

Section: Random Forest Algorithmmentioning

confidence: 99%

“…The relevance of features is computed by using the decrease in the impurity of weighted nodes. The probability is computed by using the frequency of features in the node, subdivided by the sum of all samples [25]. The greatest value represents the most important feature in the dataset.…”

Section: Random Forest Algorithmmentioning

confidence: 99%

The Application of Cyclostationary Malware Detection Using Boruta and PCA

Nkongolo

Deventer

Kasongo

2022

Computer Networks and Inventive Communication Technologies

View full text Add to dashboard Cite

Cyclostationarity involves periodic statistical variations in signals and processes, commonly used in signal analysis and network security. In the context of attacks, cyclostationarity helps detect malicious behaviors within network traffic, such as traffic patterns in Distributed Denial of Service (DDoS) attacks or hidden communication channels in malware. This approach enhances security by identifying abnormal patterns and informing Network Intrusion Detection Systems (NIDSs) to recognize potential attacks, enhancing protection against both known and novel threats. This research focuses on identifying cyclostationary malware behavior and its detection. The main goal is to pinpoint essential cyclostationary features used in NIDSs. These features are extracted using algorithms such as Boruta and Principal Component Analysis (PCA), and then categorized to find the most significant cyclostationary patterns. The aim of this article is to reveal periodically changing malware behaviors through cyclostationarity. The study highlights the importance of spotting cyclostationary malware in NIDSs by using established datasets like KDD99, NSL-KDD, and the UGRansome dataset. The UGRansome dataset is designed for anomaly detection research and includes both normal and abnormal network threat categories of zeroday attacks. A comparison is made using the Random Forest (RF) and Support Vector Machine (SVM) algorithms, while also evaluating the effectiveness of Boruta and PCA. The findings show that PCA is more promising than using Boruta alone for extracting cyclostationary network feature patterns. Additionally, the analysis identifies the internet protocol as the most noticeable cyclostationary feature pattern used by malware. Notably, the UGRansome dataset outperforms the KDD99 and NSL-KDD, achieving 99% accuracy in signature malware detection using the RF algorithm and 98% with the SVM. The research suggests that the UGRansome dataset is a valuable choice for studying anomaly and cyclostationary malware detection efficiently. Lastly, the study recommends using the RF algorithm for effectively categorizing and detecting cyclostationary malware behaviors.

show abstract

Implementing a network intrusion detection system using semi-supervised support vector machine and random forest

Cited by 14 publications

References 10 publications

Enhanced Network Security: A Data Mining Approach to Intrusion Detection

Enhanced Network Security: A Data Mining Approach to Intrusion Detection

A Lightweight Intelligent Network Intrusion Detection System Using One-Class Autoencoder and Ensemble Learning for IoT

The Application of Cyclostationary Malware Detection Using Boruta and PCA

Contact Info

Product

Resources

About