Random-Forests-Based Network Intrusion Detection Systems

Zhang, Jiong; Zulkernine, Mohammad; Haque, Anwar

doi:10.1109/tsmcc.2008.923876

Cited by 415 publications

(81 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, we suggest providing network-based data sets in standard packet-based or flow-based formats as they are captured in real network environments. Simultaneously, many anomaly-based approaches (e.g., [91] or [92]) achieve high detection rates in data sets from the category other which is an indicator that the calculated attributes are promising for intrusion detection. Therefore, we recommend publishing both, the network-based data sets in a standard format and the scripts for transforming the data sets to other formats.…”

Section: Observations and Recommendationsmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

537

235

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

Section: Observations and Recommendationsmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

537

235

View full text Add to dashboard Cite

show abstract

“…However, the scheme has to take its time complexity and space complexity into account in WSNs because of the small memory space and the limited energy of sensor nodes. The scheme in [14] uses the DCA E-DBSCAN [18] and random forest algorithm [19] to detect network attacks of WSN. In the scheme, the data set organized by data from CHs to a SN is clustered by E-DBSCAN in SN.…”

Section: Schemes Against Selective Forwarding Attackmentioning

confidence: 99%

A Data Clustering Algorithm for Detecting Selective Forwarding Attack in Cluster-Based Wireless Sensor Networks

Liu

Dong

et al. 2019

Sensors

View full text Add to dashboard Cite

In cluster-based wireless sensor networks, cluster heads (CHs) gather and fuse data packets from sensor nodes; then, they forward fused packets to the sink node (SN). This helps wireless sensor networks balance energy effectively and efficiently to prolong their lifetime. However, cluster-based WSNs are vulnerable to selective forwarding attacks. Compromised CHs would become malicious and launch selective forwarding attacks in which they drop part of or all the packets from other nodes. In this paper, a data clustering algorithm (DCA) for detecting a selective forwarding attack (DCA-SF) is proposed. It can capture and isolate malicious CHs that have launched selective forwarding attacks by clustering their cumulative forwarding rates (CFRs). The DCA-SF algorithm has been strengthened by changing the DCA parameters (Eps, Minpts) adaptively. The simulation results show that the DCA-SF has a low missed detection rate of 1.04% and a false detection rate of 0.42% respectively with low energy consumption.Keywords: data clustering algorithm; selective forwarding attack; cumulative forwarding rate; cluster-based WSN IntroductionA wireless sensor network (WSN) is a self-organizing network formed by a mass of small and cheap sensor nodes, which have low energy, poor computing ability, and small storage. The cluster-based WSN has been widely applied in large-scale data gathering WSNs [1,2]. In the dense cluster-based WSN, as shown in Figure 1, member nodes (MNs) send data packets to their cluster heads (CHs). Then, CHs forward these packets to the next-hop CHs until they reach the sink node (SN). In this way, each CH does not have to exchange data with the SN directly. On the one hand, the direct communication between the CH and SN may fail due to the long-distance or poor channels. On the other hand, in some conditions, the energy cost of multi-hop communication is less than that of direct long-distance communication. All the nodes in the network take turns to act as CHs, so the energy consumption can get balanced. The network lifetime also becomes longer.

show abstract

“…These are commonly referred to as attack patterns, attack graphs or attack taxonomy depending upon the scenario in question. The definition of an attack graph by [7] and [8] are collection of scenarios that detail how a malicious agent can compromise the integrity of a targeted system. It represents prior knowledge about a given network in terms of vulnerabilities, exploits and connectivity.…”

Section: Related Workmentioning

confidence: 99%

Cyber-Attack Penetration Test and Vulnerability Analysis

et al. 2017

View full text Add to dashboard Cite

Abstract-Hacking attempts or cyber-attacks to information systems have recently evolved to be sophisticated and deadly, resulting in such incidents as leakage of personal information and system destruction. While various security solutions to cope with these risks are being developed and deployed, it is still necessary to systematically consider the methods to enhance the existing security system and build more effective defense systems. Under this circumstance, it is necessary to identify the latest types of attacks attempted to the primary security system. This paper analyzes cyber attack techniques as well as the anatomy of penetration test in order to assist security officers to perform appropriate self security assesment on their network systems.

show abstract

Random-Forests-Based Network Intrusion Detection Systems

Cited by 415 publications

References 17 publications

A survey of network-based intrusion detection data sets

A survey of network-based intrusion detection data sets

A Data Clustering Algorithm for Detecting Selective Forwarding Attack in Cluster-Based Wireless Sensor Networks

Cyber-Attack Penetration Test and Vulnerability Analysis

Contact Info

Product

Resources

About