Security anomaly detection in software‐defined networking based on a prediction technique

Jafarian, Tohid; Màsdàrí, Mohàmmàd; Ghaffari, Ali; Majidzadeh, Kambiz

doi:10.1002/dac.4524

Cited by 19 publications

(10 citation statements)

References 61 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Huan et al [149] argued that the fusion of clustering undersampling and AdaBoost algorithm improved the effect of network traffic anomaly detection. Jafarian et al [139] used a novel combined approach for anomaly detection. The method used NetFlow protocol for acquiring information and generating datasets, information gain ratio for selecting the relevant attributes, and stacking ensemble for detecting anomaly in SDN networks.…”

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are intrinsically linked to a comprehensive solution of cyberattacks prevention instruments. To achieve a higher detection rate, the ability to design an improved detection framework is sought after, particularly when utilizing ensemble learners. Designing an ensemble often lies in two main challenges such as the choice of available base classifiers and combiner methods. This paper performs an overview of how ensemble learners are exploited in IDSs by means of systematic mapping study. We collected and analyzed 124 prominent publications from the existing literature. The selected publications were then mapped into several categories such as years of publications, publication venues, datasets used, ensemble methods, and IDS techniques. Furthermore, this study reports and analyzes an empirical investigation of a new classifier ensemble approach, called stack of ensemble (SoE) for anomaly-based IDS. The SoE is an ensemble classifier that adopts parallel architecture to combine three individual ensemble learners such as random forest, gradient boosting machine, and extreme gradient boosting machine in a homogeneous manner. The performance significance among classification algorithms is statistically examined in terms of their Matthews correlation coefficients, accuracies, false positive rates, and area under ROC curve metrics. Our study fills the gap in current literature concerning an up-to-date systematic mapping study, not to mention an extensive empirical evaluation of the recent advances of ensemble learning techniques applied to IDSs.

show abstract

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

View full text Add to dashboard Cite

show abstract

“…Although the computational complexity of the proposed method is more, it is balanced in proportion to the increase in accuracy and execution time. The network is expanding both in size and complexity (Jafarian, Masdari et al 2020). Table 6 shows the comparison of model complexity and execution time in 100 rounds and three rounds for each model.…”

Section: Pclb Deep Model Evaluationmentioning

confidence: 99%

A novel feature selection algorithm for IoT networks intrusion detection system based on parallel CNN-LSTM model

Farkhady

Majidzadeh

Màsdàrí

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

As the Internet of Things networks expand globally, it is becoming increasingly important to protect against threats. one of the main reasons for the high number of false positives and low detection rates is the presence of redundant and irrelevant features. To address this problem, we propose a binary chimpanzee optimization algorithm for the feature selection process. This paper presents accurate network-based intrusion detection network, named parallel convolutional neural network long and short-term memory network branch, which has two branches. The input vector of the network is permuted in a 3-dimention space. This allows the model to extract highly discriminative features using a small number of layers. On the second branch, we used long and short-term memory network in parallel. The efficacy of the proposed deep model has been evaluated using three benchmark internet of things intrusion detection datasets, namely ToN-IoT, UNSW-NB15, and IoTID20 datasets. The experimental results demonstrated that the proposed binary chimpanzee optimization approach reduces about 60% of features, and the effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low false positive rate, which are measured as 99.54%, 99.56%, and 0.024 in the ToN-IoT and 99.79%, 99.78%, and 0.0032 in UNSW-NB15 and 100%, 100%, and zero in IoTID20 datasets, respectively.

show abstract

“…Yet, these new paradigms are at the same time solution and problem from the security perspective. Like this, adopting SDN and NFVs introduce new vulnerabilities and security requirements, being the availability one of the most relevant [114,116,120,126].…”

Section: Sdnmentioning

confidence: 99%

“…A number of works tackle these new security issues related to the SDN, some of them aiming to enhance the detection techniques or following a security monitoring approach [116,120,121,123,124,[126][127][128]132]. In addition, Santos da Silva et al manifest the need of human intervention during the monitoring cycle [120].…”

Section: Sdnmentioning

confidence: 99%

Present and Future of Network Security Monitoring

2021

View full text Add to dashboard Cite

Network Security Monitoring (NSM) is a popular term to refer to the detection of security incidents by monitoring the network events. An NSM system is central for the security of current networks, given the escalation in sophistication of cyberwarfare. In this paper, we review the state-of-the-art in NSM, and derive a new taxonomy of the functionalities and modules in an NSM system. This taxonomy is useful to assess current NSM deployments and tools for both researchers and practitioners. We organize a list of popular tools according to this new taxonomy, and identify challenges in the application of NSM in modern network deployments, like Software Defined Network (SDN) and Internet of Things (IoT).

show abstract

Security anomaly detection in software‐defined networking based on a prediction technique

Cited by 19 publications

References 61 publications

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

A novel feature selection algorithm for IoT networks intrusion detection system based on parallel CNN-LSTM model

Present and Future of Network Security Monitoring

Contact Info

Product

Resources

About