The use of computational intelligence in intrusion detection systems: A review

Wu, Shelly Xiaonan; Banzhaf, Wolfgang

doi:10.1016/j.asoc.2009.06.019

Cited by 561 publications

(278 citation statements)

References 189 publications

Supporting

Mentioning

248

Contrasting

Unclassified

Order By: Relevance

“…Tsai et al (2009) reported there have been 30 major IDS studies used KDDCup 1999 datasets in their research. According to Wu and Banzhaf (2010), KDDCup 1999 dataset is the largest publicly available and sophisticated benchmarks for researchers to evaluate intrusion detection algorithms or machine learning algorithms. Figure 2 shows data used in the experiment.…”

Section: Methodsmentioning

confidence: 99%

“…This model was then utilized to predict network behavior during detection stage (Yang et al, 2005). However, it is important to note that intrusions usually polymorph and continuously evolve (Wu and Banzhaf, 2010). Therefore, it resulted in poor performance.…”

Section: Adaptive Intrusion Detection Systemmentioning

confidence: 99%

“…Normal traffic patterns are changing due to changes in work practices and nature of intrusions usually polymorph and continuously evolve (Wu and Banzhaf, 2010). Therefore, intrusion detectors must undergo frequent retraining to incorporate new normal traffic samples into the training data for classifying novel attacks and changes from existing normal behavior (Zhang and Shen, 2004).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Design of Adaptive IDS with Regulated Retraining Approach

Zainal

Maarof

Shamsuddin

et al. 2012

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract.Computer networks are becoming more insecure and vulnerable to intrusions and attacks as they are increasingly accessible to users globally. To minimize possibility of intrusions and attacks, various intrusion detection models have been proposed. However, the existing procedures suffer high false alarm, not adequately adaptive, low accuracy and rigid. The detection performance deteriorates when behavior of traffic is changing and new attacks continually emerge. Therefore, the need to update the reference model for any given anomaly-based intrusion detection is necessary to keep up with these changes. Severe changes should be addressed immediately before the performance is compromised. Available updating approaches include dynamic, periodic and regulated. Unfortunately, none considers severity of changes to trigger the updating. This paper proposed an adaptive IDS model using regulated retraining approach based on severity of changes in network traffic. Therefore, retraining can be done as and when necessary. Changes are denoted by ambiguous decisions and assumed to reflect insufficient knowledge of classifiers to make decision. Results show that the proposed approach is able to improve detection accuracy and reduce false alarm.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Adaptive Intrusion Detection Systemmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design of Adaptive IDS with Regulated Retraining Approach

Zainal

Maarof

Shamsuddin

et al. 2012

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…Sensors may thus feed the system with bad (bogus) information, or fail to report something that has actually happened. We distinguish both cases from the usual false positives and false negatives [8], as they clearly have an intentional nature. These two cases are widely explained in Section 2.2.…”

Section: Monitoring Systemmentioning

confidence: 99%

“…In this sense, many research works in IDS-based solutions make use of the concept of time window, where events are gathered in a given period of time of, for example, two seconds [8].…”

Section: Behavioural Sensor Modellingmentioning

confidence: 99%

Trustworthy placements: Improving quality and resilience in collaborative attack detection

et al. 2014

View full text Add to dashboard Cite

In distributed and collaborative attack detection systems decisions are made on the basis of the events reported by many sensors, e.g., Intrusion Detection Systems placed across various network locations. In some cases such events originate at locations over which we have little control, for example because they belong to an organisation that shares information with us. Blindly accepting such reports as real encompasses several risks, as sensors might be dishonest, unreliable or simply compromised. In these situations trust plays an important role in deciding whether alerts should be believed or not. In this work we present an approach to maximise the quality of the information gathered in such systems and the resilience against dishonest behaviours. We introduce the notion of trust diversity amongst sensors and argue that detection configurations with such a property perform much better in many respects. Using reputation as a proxy for trust, we introduce an adaptive scheme to dynamically reconfigure the network of detection sensors. Experiments confirm an overall increase both in detection quality and resilience against compromise and misbehaviour.

show abstract

An intrusion detection system based on combining probability predictions of a tree of classifiers

Ahmim

Derdour

Ferrag

2018

Int J Communication

View full text Add to dashboard Cite

Intrusion detection system (IDS) represents an unavoidable tool to secure our network. It is considered as a second defense line against the different form of attacks. The principal limits of the current IDSs are their inability to combine the detection of the new form of attacks with high detection rate and low false alarm rate. In this paper, we propose an intrusion detection system based on the combination of the probability predictions of a tree of classifiers. Specifically, our model is composed of 2 layers. The first one is a tree of classifiers. The second layer is a classifier that combines the probability predictions of the tree.The built tree contains 4 levels where each node of this tree represents a classifier. The first node classifies the connections in 2 clusters: Denial of Service attacks and Cluster 2. Then, the second node classifies the connections of the Cluster 2 in Probing attacks and Cluster 3. The third node classifies the connections of the Cluster 3 in Remote-to-Local attacks and Cluster 4. Finally, the last node classifies the connections of the Cluster 4 in User-to-Root attacks and Normal connections. The second layer contains the last classifier that combines the probability predictions of the first layer and take the final decision. The experiments on KDD'99 and NSL-KDD show that our model gives a low false alarm rate and the highest detection rate. Furthermore, our model is more precise than the recent intrusion detection system models with accuracy equal to 96.27% for KDD'99 and 89.75% for NSL-KDD. KEYWORDScomputer security, data mining, hybrid IDS, hierarchical IDS, intrusion detection system, IDS, network security Int J Commun Syst. 2018;31:e3547.wileyonlinelibrary.com/journal/dac

show abstract

The use of computational intelligence in intrusion detection systems: A review

Cited by 561 publications

References 189 publications

Design of Adaptive IDS with Regulated Retraining Approach

Design of Adaptive IDS with Regulated Retraining Approach

Trustworthy placements: Improving quality and resilience in collaborative attack detection

An intrusion detection system based on combining probability predictions of a tree of classifiers

Contact Info

Product

Resources

About