Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System

Serinelli, Benedetto Marco; Collen, Anastasija; Nijdam, Niels Alexander

doi:10.1016/j.procs.2020.07.080

Cited by 23 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table 12 exhibit the results of the comparison time taken in second, for the proposed methods (DEM3sel and DEMdif) with previous IDSs based on data mining such as (Serinelli et al [32]; and Pattewar and Sonawane [33]). These works were used NSL-KDD dataset.…”

Section: Resultsmentioning

confidence: 99%

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

2021

View full text Add to dashboard Cite

and supported by the National University of Malaysia for conducting experiments and publishing papers.ABSTRACT Deoxyribonucleic acid (DNA) can be used to discover the presence of diseases in the human body. Similarly, its functionality can be leveraged in an intrusion detection system (IDS) to detect attacks against computer systems and network traffic. Various approaches have been proposed for using DNA sequences in IDSs. The most popular is the DNA sequence matching method, which is also used in biology. A technique that uses the DNA sequence in an IDS has previously been proposed to generate a normal signature sequence with an alignment threshold value. However, its detection rate is very low. Therefore, this paper considers the two main factors that affect the detection accuracy via the DNA sequence, DNA encoding and the short tandem repeat (STR) (i.e., the DNA keys and their positions). It then proposes two DNA encoding methods, named DEM3sel, and DEMdif, which differ in terms of the length of the DNA sequence and the network traffic representation. DEM3sel uses three characters to represent all 41 network attributes but uses a single fixed character to distinguish between nominal and numerical attributes. DEMdif uses different characters to represent all the network attributes based on the attribute values and uses a single fixed character to distinguish between nominal and numerical attributes. In all these methods, the Teiresias algorithm is used to extract the short tandem repeat (STR), which includes both the keys and their positions in the network traffic, while the Knuth-Morris-Pratt algorithm is used as a matching process to determine whether the network traffic is normal or an attack. An experiment is conducted to assess the proposed methods' performance on two standard datasets: KDDCup 99 and NSL-KDD. The experiment is run 30 times for each DNA encoding method. The results show that DEM3sel obtains the best result compared with DEMdif, where the detection rate, false alarm rate, and accuracy of detection are 99.58%, 35.53%, and 92.74% respectively. The results also show that using more keys and their positions improves the false alarm rate and the accuracy of DEM3sel by up to 26.48% and 1.75%, respectively. Moreover, the performance of the proposed method DEM3sel is comparable to or better than state-of-the-art algorithms. Thus, it can be concluded that the proposed DNA sequence method is suitable for use in an IDS.

show abstract

Section: Resultsmentioning

confidence: 99%

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

2021

View full text Add to dashboard Cite

show abstract

“…The proposed approach uses DBN to reduce PNN network training and testing time by translating raw data into low-dimensional data. Spinelli et al [16] suggested a behaviour-based Network Intrusion Detection System Near-to-real time (ANIDINR), a detailed methodology to predict zero-day attacks. However, the proposed scheme generates an incorrect response when the attacker produces an attack profile close to the normal.…”

Section: Literature Reviewmentioning

confidence: 99%

E2IDS: An Enhanced Intelligent Intrusion Detection System Based On Decision Tree Algorithm

Bouke

Abdullah

ALshatebi

et al. 2022

J. Appl. Artif. Intell.

View full text Add to dashboard Cite

Due to the increased usage of the Internet of Things and heterogeneous distributed devices, the development of effective and reliable intrusion detection systems (IDS) has become more critical. The massive volume of data with various dimensions and security features, on the other hand, can influence detection accuracy and raise the computation complexity of these systems. Fortunately, Artificial Intelligence (AI) has recently attracted a lot of attention, and it is now a principal component of these systems. This work presents an enhanced intelligent intrusion detection model (E2IDS) to detect state of the art known cyberattacks. The model design is Decision Tree (DT) algorithm-based, with an approach to data balancing since the data set used is highly unbalanced and one more approach for feature selection. Furthermore, accuracy, recall and F-score are selected as the performance evaluation metrics. The experimental results show that our E2IDS not only overcomes the benchmark work but also reduces the complexity of the computing process.

show abstract

“…IDS is a type of security software that observes network traffic and gives warnings once an unusual behavior is discovered [8]. Generally, there are two kinds of IDS: host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS) [9]. HIDS, known as a passive component, focuses on a single machine [10].…”

Section: Introductionmentioning

confidence: 99%

“…HIDS, known as a passive component, focuses on a single machine [10]. On the other hand, NIDS, known as an active component, is used to analyze network packets as well as to monitor and safeguard a system from network risks [9]. The focus of this research was on NIDS, since the proposed IDS analyzes the flow of data among computers, such as network traffic, detects unusual behavior, and defends nodes from complex assaults.…”

Section: Introductionmentioning

confidence: 99%

Mitigation of Black-Box Attacks on Intrusion Detection Systems-Based ML

et al. 2022

View full text Add to dashboard Cite

Intrusion detection systems (IDS) are a very vital part of network security, as they can be used to protect the network from illegal intrusions and communications. To detect malicious network traffic, several IDS based on machine learning (ML) methods have been developed in the literature. Machine learning models, on the other hand, have recently been proved to be effective, since they are vulnerable to adversarial perturbations, which allows the opponent to crash the system while performing network queries. This motivated us to present a defensive model that uses adversarial training based on generative adversarial networks (GANs) as a defense strategy to offer better protection for the system against adversarial perturbations. The experiment was carried out using random forest as a classifier. In addition, both principal component analysis (PCA) and recursive features elimination (Rfe) techniques were leveraged as a feature selection to diminish the dimensionality of the dataset, and this led to enhancing the performance of the model significantly. The proposal was tested on a realistic and recent public network dataset: CSE-CICIDS2018. The simulation results showed that GAN-based adversarial training enhanced the resilience of the IDS model and mitigated the severity of the black-box attack.

show abstract

Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System

Cited by 23 publications

References 11 publications

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

DNA Encoding and STR Extraction for Anomaly Intrusion Detection Systems

E2IDS: An Enhanced Intelligent Intrusion Detection System Based On Decision Tree Algorithm

Mitigation of Black-Box Attacks on Intrusion Detection Systems-Based ML

Contact Info

Product

Resources

About