Modeling an Intrusion Detection System Based on Adaptive Immunology

Alaparthy, Vishwa Teja; Morgera, S.D.

doi:10.4018/ijitn.2019040104

Cited by 6 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This paper lists the comparison results of route authentication technology, prefix hijacking detection technology, and the aPHD on various evaluation indexes, as shown in Table 1. With the advent of immune network theory, some scholars have applied immune network theory to network security, especially intrusion detection [27]. Different from traditional intrusion detection schemes, intrusion detection schemes based on immune network theory are fully capable of coping with the dynamics and complexity of network security.…”

Section: B Prefix Hijacking Detection Technologymentioning

confidence: 99%

A Prefix Hijacking Detection Model Based on the Immune Network Theory

Zhang

Zhao

2019

IEEE Access

View full text Add to dashboard Cite

The prefix hijacking problem is an urgent security issue that need to address in the Border Gateway Protocol (BGP) security research. In order to solve the problem of prefix hijacking in BGP, we propose (a) new (p)refix (h)ijacking (d)etection model based on the immune network theory in this paper, called aPHD. To be specific, aPHD uses real BGP UPDATE messages for pre-training and has the ability to detect UPDATE messages in real time after pre-training. The aPHD (1) can effectively detect prefix hijacking attacks with high accuracy; (2)is easy to deployment; and (3) has a low false positive rate and low overhead. Extensive performance evaluation shows that our solution is secure and feasible. The aPHD improved the accuracy rate by 6.2% and reduced the false positive rate by 85.7%. INDEX TERMS Immune network theory, prefix hijacking, BGP security, negative selection.

show abstract

Section: B Prefix Hijacking Detection Technologymentioning

confidence: 99%

A Prefix Hijacking Detection Model Based on the Immune Network Theory

Zhang

Zhao

2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Machine learning methods have been used largely in the area of AIDS. Abundant methods and procedures such as genetic algorithms, decision trees, nearest neighbor methods, clustering, association rules, and neural networks have been applied for ascertaining the information from invaded datasets (Alaparthy and Morgera, 2019) .…”

Section: Introductionmentioning

confidence: 99%

Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

Kaur¹,

Bansal²,

Sran³

2021

Preprint

View full text Add to dashboard Cite

In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

show abstract

“…In addition, there has been an alternate field of study [12], which take the human immune system (HIS) as an inspiration and derives an IDS for IoT networks. IDSs engineered [13,14] from HIS are commonly based on three different immune theories namely danger theory, negative selection, and clonal selection.…”

Section: Introductionmentioning

confidence: 99%

A Machine Learning Based Intrusion Detection System for Mobile Internet of Things

Amouri

Alaparthy

Morgera

2020

Sensors

Self Cite

View full text Add to dashboard Cite

Intrusion detection systems plays a pivotal role in detecting malicious activities that denigrate the performance of the network. Mobile adhoc networks (MANETs) and wireless sensor networks (WSNs) are a form of wireless network that can transfer data without any need of infrastructure for their operation. A more novel paradigm of networking, namely Internet of Things (IoT) has emerged recently which can be considered as a superset to the afore mentioned paradigms. Their distributed nature and the limited resources available, present a considerable challenge for providing security to these networks. The need for an intrusion detection system (IDS) that can acclimate with such challenges is of extreme significance. Previously, we proposed a cross layer-based IDS with two layers of detection. It uses a heuristic approach which is based on the variability of the correctly classified instances (CCIs), which we refer to as the accumulated measure of fluctuation (AMoF). The current, proposed IDS is composed of two stages; stage one collects data through dedicated sniffers (DSs) and generates the CCI which is sent in a periodic fashion to the super node (SN), and in stage two the SN performs the linear regression process for the collected CCIs from different DSs in order to differentiate the benign from the malicious nodes. In this work, the detection characterization is presented for different extreme scenarios in the network, pertaining to the power level and node velocity for two different mobility models: Random way point (RWP), and Gauss Markov (GM). Malicious activity used in the work are the blackhole and the distributed denial of service (DDoS) attacks. Detection rates are in excess of 98% for high power/node velocity scenarios while they drop to around 90% for low power/node velocity scenarios.

show abstract

Modeling an Intrusion Detection System Based on Adaptive Immunology

Cited by 6 publications

References 10 publications

A Prefix Hijacking Detection Model Based on the Immune Network Theory

A Prefix Hijacking Detection Model Based on the Immune Network Theory

Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

A Machine Learning Based Intrusion Detection System for Mobile Internet of Things

Contact Info

Product

Resources

About