Review of semi-supervised method for Intrusion Detection System

Fitriani, Sofy; Mandala, Satria; Murti, Muhammad Ary

doi:10.1109/apmediacast.2016.7878168

Cited by 20 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Numerous strategies related to detection and mitigation of the DDoS attack in SDN was surveyed [19−21]. Most of the models incorporate either supervised machine learning such as clustering, unsupervised machine learning such as classification or semi-supervised machine learning which is the combination of both supervised and unsupervised machine learning algorithms [22]. Entropy, a statistical approach, is considered to be the most common significant approach that measures the randomness which is then used to analyze the traffic flow.…”

Section: Related Workmentioning

confidence: 99%

A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

Riyad¹

2021

IJATEE

View full text Add to dashboard Cite

With the increase in the usage of the internet and related technologies such as cloud computing, the Internet of things, and big data, the network traffic is getting increased day by day. However, the traditional IP based network struggles in adopting the huge network traffic through scalability, controllability as well as manageability for which software defined network has become an alternative. It meets the requirements of modern technologies in which the control is centralized over the network. Due to the increased popularity and usage, the security of the SDN is often compromised. Distributed Denial of Service attack is a major threat that suppresses the service of the SDN network. This paper focuses on providing a defence framework for SDN against DDoS attacks with two main phases. The DDoS prevention phase implemented at the data plane is responsible for preventing attack packets through simple flow analysis. The DDoS detection phase at the control plane extracts the features from the incoming packets on which the rough set theory based entropy is applied to select the significant features. Later ensemble classifier categorizes the flow as normal or attack. The flow rules are updated based on the obtained results. The proposed model has experimented with two publically available datasets and the analysis are made with the obtained results. The proposed model has better precision values in predicting the flow as benign or attack with the values 96.3% and 96.12% respectively. The result analysis proves that the proposed model outperforms various other existing models in classifying DDoS attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

Riyad¹

2021

IJATEE

View full text Add to dashboard Cite

show abstract

“…We note that in theory, anomaly-based attack detection methods (as in AIDSs) necessitate only benign instances for training [9], as they are intended to capture only the normal traffic patterns of M , and then label any severe-enough abnormality as an attack. However, in practice, AIDSs tend to suffer from non-negligible FPR [9], [107], [108], [109], [110], [111], meaning that in too many cases, rare-yet-benign abnormal events are falsely identified as attacks. Consequently, redundant and potentially harsh countermeasures might be activated in response.…”

Section: Comparison Of Approaches For Iot Attack Detectability Assess...mentioning

confidence: 99%

“…Consequently, redundant and potentially harsh countermeasures might be activated in response. To decrease the FPR which is associated with such (unsupervised) anomaly-based methods, one could use labeled data for model calibration or anomaly threshold tuning, as in semisupervised [109], [110] or hybrid [111] approaches.…”

Section: Comparison Of Approaches For Iot Attack Detectability Assess...mentioning

confidence: 99%

Responses to AHP-style questionnaires regarding the publication "D-Score: An Expert-Based Method for Assessing the Detectability of IoT-Related Cyber-Attacks"

Benatar¹,

Biton²,

Shabtai³

2020

View full text Add to dashboard Cite

IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel taxonomy for IoT attack detection which also encapsulates traffic predictability aspects, (c) propose an expertbased attack detectability estimation method which uses this taxonomy to derive a detectability score (termed 'D-Score') for a given combination of IoT model and attack scenario, and (d) empirically evaluate our method while comparing it with a datadriven method.

show abstract

“…With the ability to learn knowledge from the data without specifically programming the system to do so, machine learning algorithms provide a human‐independent solution for the intrusion detection problem . There are three types of machine learning, namely supervised, semi‐supervised , and unsupervised . The advantage of unsupervised learning is that it does not require labeled data.…”

Section: Introductionmentioning

confidence: 99%

Unsupervised learning with hierarchical feature selection for DDoS mitigation within the ISP domain

Chambers

Barrett

2019

ETRI Journal

View full text Add to dashboard Cite

A new Mirai variant found recently was equipped with a dynamic update ability, which increases the level of difficulty for DDoS mitigation. Continuous development of 5G technology and an increasing number of Internet of Things (IoT) devices connected to the network pose serious threats to cyber security. Therefore, researchers have tried to develop better DDoS mitigation systems. However, the majority of the existing models provide centralized solutions either by deploying the system with additional servers at the host site, on the cloud, or at third party locations, which may cause latency. Since Internet service providers (ISP) are links between the internet and users, deploying the defense system within the ISP domain is the panacea for delivering an efficient solution. To cope with the dynamic nature of the new DDoS attacks, we utilized an unsupervised artificial neural network to develop a hierarchical two‐layered self‐organizing map equipped with a twofold feature selection for DDoS mitigation within the ISP domain.

show abstract

Review of semi-supervised method for Intrusion Detection System

Cited by 20 publications

References 23 publications

A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

Responses to AHP-style questionnaires regarding the publication "D-Score: An Expert-Based Method for Assessing the Detectability of IoT-Related Cyber-Attacks"

Unsupervised learning with hierarchical feature selection for DDoS mitigation within the ISP domain

Contact Info

Product

Resources

About