Intrusion Detection in Communication Networks Using Different Classifiers

Bhosale, Karuna S.; Nenova, Maria; Iliev, Georgi

doi:10.1007/978-3-030-16962-6_3

Cited by 8 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to the authors of [9], "Intrusion Detection is the process of monitoring the events occurring in a computer system or network, and analyzing them for signs of intrusion", moreover, they define an intrusion as an attempt to bypass the security mechanisms of a network or a computer system, and then compromising the Confidentiality, Integrity, and Availability (CIA). Finally, the authors of [10,11] define an IDS as a piece of hardware or software program that monitors diverse malicious activities within computer systems and networks based on network packets, network flow, system logs, and rootkit analysis. The detailed roles and functionalities of a standard intrusion detection system are found in reference [12].…”

Section: Introductionmentioning

confidence: 99%

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw

Wang

2021

Symmetry

View full text Add to dashboard Cite

The emergence of ground-breaking technologies such as artificial intelligence, cloud computing, big data powered by the Internet, and its highly valued real-world applications consisting of symmetric and asymmetric data distributions, has significantly changed our lives in many positive aspects. However, it equally comes with the current catastrophic daily escalating cyberattacks. Thus, raising the need for researchers to harness the innovative strengths of machine learning to design and implement intrusion detection systems (IDSs) to help mitigate these unfortunate cyber threats. Nevertheless, trustworthy and effective IDSs is a challenge due to low accuracy engendered by vast, irrelevant, and redundant features; inept detection of all types of novel attacks by individual machine learning classifiers; costly and faulty use of labeled training datasets cum significant false alarm rates (FAR) and the excessive model building and testing time. Therefore, this paper proposed a promising hybrid feature selection (HFS) with an ensemble classifier, which efficiently selects relevant features and provides consistent attack classification. Initially, we harness the various strengths of CfsSubsetEval, genetic search, and a rule-based engine to effectively select subsets of features with high correlation, which considerably reduced the model complexity and enhanced the generalization of learning algorithms, both of which are symmetry learning attributes. Moreover, using a voting method and average of probabilities, we present an ensemble classifier that used K-means, One-Class SVM, DBSCAN, and Expectation-Maximization, abbreviated (KODE) as an enhanced classifier that consistently classifies the asymmetric probability distributions between malicious and normal instances. HFS-KODE achieves remarkable results using 10-fold cross-validation, CIC-IDS2017, NSL-KDD, and UNSW-NB15 datasets and various metrics. For example, it outclassed all the selected individual classification methods, cutting-edge feature selection, and some current IDSs techniques with an excellent performance accuracy of 99.99%, 99.73%, and 99.997%, and a detection rate of 99.75%, 96.64%, and 99.93% for CIC-IDS2017, NSL-KDD, and UNSW-NB15, respectively based on only 11, 8, 13 selected relevant features from the above datasets. Finally, considering the drastically reduced FAR and time, coupled with no need for labeled datasets, it is self-evident that HFS-KODE proves to have a remarkable performance compared to many current approaches.

show abstract

Section: Introductionmentioning

confidence: 99%

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw

Wang

2021

Symmetry

View full text Add to dashboard Cite

show abstract

“…Intrusion Detection is the procedure of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusion”, similarly, an intrusion is an attempt to bypass the security mechanisms of a network or a computer system, thereby compromising the Confidentiality, Integrity, and Availability (CIA) ( Kagara & Md Siraj, 2020 ). Moreover, an IDS is any piece of hardware or software program that monitors diverse malicious activities within computer systems and networks based on network packets, network flow, system logs, and rootkit analysis ( Bhosale, Nenova & Iliev, 2020 ; Liu & Lang, 2019 ). Misused detection (knowledge or signature-based) and anomaly-based methods are the two main approaches to detecting intrusions within computer systems or networks.…”

Section: Introductionmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.

show abstract

An intelligent intrusion detection system for distributed denial of service attacks: A support vector machine with hybrid optimization algorithm based approach

Sumathi

Rajesh

2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Cloud computing offers comfortable service to business sectors as they can concentrate on their products. Over the internet, cloud computing is liable to various security threats and attacks which is a primary obstacle to the growth of cloud computing services. Distributed denial of service (DDoS) is one such attack that exploits cloud computing services using compromised machines; hence, its detection is a significant field of research. Several DDoS detection schemes have been proposed in the past, but they fail to detect real‐time active DDoS attacks because of their growth in severity and volume. Machine learning (ML) techniques are efficient in making predictions; hence, in this study, a hybrid ML intrusion detection system (IDS) model is proposed. The performance of the proposed IDS model is improved by employing a 10‐fold cross‐validation technique to perform feature selection, reducing data dimensions on the publicly available benchmark NSL‐KDD dataset. Performance validation of the proposed hybrid IDS model is done using the confusion matrix. Support vector machine (SVM) parameters are fine‐tuned using hybrid Harris Hawks optimization (HHO) and particle swarm optimization (PSO) algorithms. The performance of these hybrid algorithms is compared with other classical algorithms such as C4.5, K‐nearest neighbor, and SVM using performance metrics such as precision, sensitivity, specificity, F1 score, and accuracy. From these comparisons, it can be inferred that the proposed SVM with hybrid optimization HHO‐PSO machine learning IDS model performs better DDoS detection with good performance metric values.

show abstract

Intrusion Detection in Communication Networks Using Different Classifiers

Cited by 8 publications

References 3 publications

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

An intelligent intrusion detection system for distributed denial of service attacks: A support vector machine with hybrid optimization algorithm based approach

Contact Info

Product

Resources

About