Network Intrusion Detection Based on an Efficient Neural Architecture Search

Lyu, Renjian; He, Mingshu; Jin, Lei; Wang, Xinlei

doi:10.3390/sym13081453

Cited by 7 publications

(2 citation statements)

References 44 publications

(50 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MIDS usually gives excellent detection accuracy, particularly for previously known intrusions. Nonetheless, this approach is questionable due to its inability to detect novel attacks and requires more extended time to analyze and process the massive volume of data in the signature database [14][15][16]. The authors of [17] proposed an exceptional signature-based intrusion detection system that effectively enhanced the detection rate of SQL injections within a database.…”

Section: Introductionmentioning

confidence: 99%

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw

Wang

2021

Symmetry

View full text Add to dashboard Cite

The emergence of ground-breaking technologies such as artificial intelligence, cloud computing, big data powered by the Internet, and its highly valued real-world applications consisting of symmetric and asymmetric data distributions, has significantly changed our lives in many positive aspects. However, it equally comes with the current catastrophic daily escalating cyberattacks. Thus, raising the need for researchers to harness the innovative strengths of machine learning to design and implement intrusion detection systems (IDSs) to help mitigate these unfortunate cyber threats. Nevertheless, trustworthy and effective IDSs is a challenge due to low accuracy engendered by vast, irrelevant, and redundant features; inept detection of all types of novel attacks by individual machine learning classifiers; costly and faulty use of labeled training datasets cum significant false alarm rates (FAR) and the excessive model building and testing time. Therefore, this paper proposed a promising hybrid feature selection (HFS) with an ensemble classifier, which efficiently selects relevant features and provides consistent attack classification. Initially, we harness the various strengths of CfsSubsetEval, genetic search, and a rule-based engine to effectively select subsets of features with high correlation, which considerably reduced the model complexity and enhanced the generalization of learning algorithms, both of which are symmetry learning attributes. Moreover, using a voting method and average of probabilities, we present an ensemble classifier that used K-means, One-Class SVM, DBSCAN, and Expectation-Maximization, abbreviated (KODE) as an enhanced classifier that consistently classifies the asymmetric probability distributions between malicious and normal instances. HFS-KODE achieves remarkable results using 10-fold cross-validation, CIC-IDS2017, NSL-KDD, and UNSW-NB15 datasets and various metrics. For example, it outclassed all the selected individual classification methods, cutting-edge feature selection, and some current IDSs techniques with an excellent performance accuracy of 99.99%, 99.73%, and 99.997%, and a detection rate of 99.75%, 96.64%, and 99.93% for CIC-IDS2017, NSL-KDD, and UNSW-NB15, respectively based on only 11, 8, 13 selected relevant features from the above datasets. Finally, considering the drastically reduced FAR and time, coupled with no need for labeled datasets, it is self-evident that HFS-KODE proves to have a remarkable performance compared to many current approaches.

show abstract

Section: Introductionmentioning

confidence: 99%

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw

Wang

2021

Symmetry

View full text Add to dashboard Cite

show abstract

“…Nevertheless, this approach is questionable due to its inability to detect novel attacks. Also, it requires more time to analyze and process the massive volume of data in the signature databases ( Khraisat et al, 2020 ; Lyu et al, 2021 ). The authors of Jabbar & Aluvalu (2018) presented an exceptional high-level SIDS architecture, which includes both distributed and centralized modules that effectively enhanced the protection of IoT networks against internal and external threats.…”

Section: Introductionmentioning

confidence: 99%

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw

Wang

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.

show abstract

Network intrusion detection model based on neural network feature extraction and PSO-SVM

Chen

Wang

et al. 2022

2022 7th International Conference on Intelligent Computing and Signal Processing (ICSP)

View full text Add to dashboard Cite

Network Intrusion Detection Based on an Efficient Neural Architecture Search

Cited by 7 publications

References 44 publications

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Network intrusion detection model based on neural network feature extraction and PSO-SVM

Contact Info

Product

Resources

About