Intrusion detection model based on selective packet sampling

Bakhoum, Ezzat G.

doi:10.1186/1687-417x-2011-2

Cited by 7 publications

(3 citation statements)

References 20 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors in [5] propose to single out large flows for IDS and sample fewer packets for increased computational efficiency. In [6] an approach based on Markov chains to sample packets for IDS was used. [7] lay out a gametheoretic model for determining which network paths are more vulnerable and require more packet sampling and [8] develop a system for Software Defined Networks, which aims to sample more packets from more vulnerable parts of the network.…”

Section: Related Workmentioning

confidence: 99%

SparseIDS: Learning Packet Sampling with Reinforcement Learning

Bachl,

Meghdouri,

Fabini

et al. 2020

Preprint

View full text Add to dashboard Cite

Recurrent Neural Networks (RNNs) have been shown to be valuable for constructing Intrusion Detection Systems (IDSs) for network data. They allow determining if a flow is malicious or not already before it is over, making it possible to take action immediately. However, considering the large number of packets that have to be inspected, the question of computational efficiency arises. We show that by using a novel Reinforcement Learning (RL)-based approach called SparseIDS, we can reduce the number of consumed packets by more than three fourths while keeping classification accuracy high. Comparing to various other sampling techniques, SparseIDS consistently achieves higher classification accuracy by learning to sample only relevant packets. A major novelty of our RL-based approach is that it can not only skip up to a predefined maximum number of samples like other approaches proposed in the domain of Natural Language Processing but can even skip arbitrarily many packets in one step. This enables saving even more computational resources for long sequences. Inspecting SparseIDS's behavior of choosing packets shows that it adopts different sampling strategies for different attack types and network flows. Finally we build an automatic steering mechanism that can guide SparseIDS in deployment to achieve a desired level of sparsity.

show abstract

Section: Related Workmentioning

confidence: 99%

SparseIDS: Learning Packet Sampling with Reinforcement Learning

Bachl,

Meghdouri,

Fabini

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Yet, rewalls can, up to some extent, lter the incoming packets based on security policy but are not perfect in stopping modern internet attacks such as Botnet attacks. Therefore, an Intrusion Detection System (IDS) [4,17] is used to provide security to the network. This IDS monitors the packets owing in the network and analyses them to nd attacks from the internet trying to compromise the system security.…”

Section: Introductionmentioning

confidence: 99%

A Hybrid Intrusion Detection System against Botnet Attack in IoT using Light Weight Signature and Ensemble Learning Technique

Babu

Srinivasa²,

Pemula³

et al. 2022

Preprint

View full text Add to dashboard Cite

Internet of Things (IoT) plays a substantial role in the digital era of the information and intelligent Age. The use of interactive internet apps has opened up opportunities for increased threats to cyber security. Recently, botnets threats in IoT had become the most common cyber security threats. These threats provide malicious services and carry out phishing links on the internet. Consequently, an efficient intrusion detection system (IDS) is needed to detect these botnet attacks and unknown attacks with a low false-positive rate. Existing IDS methods detect these new attacks but require a high-precision detector. Most of the existing IDS uses either single machine learning or multiple classifiers that fail to detect unknown attacks and produce a high false-positive rate. This paper proposes a hybrid-based IDS that solves and detects unknown and novel attacks with low false-positive rates, better accuracy levels, and detection rates. This proposed work is deployed using two IDS methods in a two-staged manner. First, we modelled a Signature-Based Detector against DDOS attack for providing a better detection rate, early detection of known and low false-positive rates. Next, we modelled an Anomaly-Based Detector against DDOS attacks to achieve low false alarm rates, improved accuracy levels, and detected botnet and unknown attacks using the Machine Learning-based ensemble technique. Finally, we evaluated the performance using the confusion matrix on the classified data. We assessed the classifier performance based on detection rate, precision, accuracy, AUC score, and false-positive rates. The proposed hybrid technique provides a lower false-positive rate and better detection rate than the proposed model's classification technique.

show abstract

“…Since confidentiality is often a minor priority in such networks, encryption can be neglected. A model using an intrusion detection system (IDS) based on selective packet sampling has been proposed in [3]. However, IDS in the embedded environment are associated with some drawbacks.…”

Section: Introductionmentioning

confidence: 99%

Assessment simulation model for uncoupled message authentication

Doerr

Fiala

Heigl

et al. 2017

2017 International Conference on Applied Electronics (AE)

View full text Add to dashboard Cite

Today's trend of an increasing number of networked embedded devices pervades many areas. Ranging from home automation, industrial or automotive applications with a large number of different protocols, low resources and often high demands on real-time make it difficult to secure the communication of such systems. A concept of an uncoupled MAC which is able to ensure the authenticity and integrity of communication flows between two network parties can be used. This is in particular of advance for outdated legacy components still participating in the network. In this paper a assessment simulation model of the mechanism behind this technology is described. It outlines the probability of detecting an attack depending on the message authentication overhead. The model considers all control variables and performs measurements based on random data traffic. The results of the statistical analysis state that a high attack detection rate can be obtained even with a small communication overhead.

show abstract

Intrusion detection model based on selective packet sampling

Cited by 7 publications

References 20 publications

SparseIDS: Learning Packet Sampling with Reinforcement Learning

SparseIDS: Learning Packet Sampling with Reinforcement Learning

A Hybrid Intrusion Detection System against Botnet Attack in IoT using Light Weight Signature and Ensemble Learning Technique

Assessment simulation model for uncoupled message authentication

Contact Info

Product

Resources

About